Package org.springframework.security.web.authentication.session

Strategy interface and implementations for handling session-related behaviour for a newly authenticated user.

See: Description

Interface Summary

Interface	Description
SessionAuthenticationStrategy	Allows pluggable support for HttpSession-related behaviour when an authentication occurs.

Class Summary

Class	Description
ConcurrentSessionControlStrategy	Strategy which handles concurrent session-control, in addition to the functionality provided by the base class.
NullAuthenticatedSessionStrategy
SessionFixationProtectionStrategy	The default implementation of SessionAuthenticationStrategy.

Exception Summary

Exception	Description
SessionAuthenticationException	Thrown by an SessionAuthenticationStrategy to indicate that an authentication object is not valid for the current session, typically because the same user has exceeded the number of sessions they are allowed to have concurrently.

Package org.springframework.security.web.authentication.session Description

Strategy interface and implementations for handling session-related behaviour for a newly authenticated user.

Comes with support for:

• Protection against session-fixation attacks
• Controlling the number of sessions an authenticated user can have open