public final class SessionManagementConfigurer.SessionFixationConfigurer extends Object
Constructor and Description |
---|
SessionManagementConfigurer.SessionFixationConfigurer() |
Modifier and Type | Method and Description |
---|---|
SessionManagementConfigurer<H> |
changeSessionId()
Specifies that the Servlet container-provided session fixation
protection should be used.
|
SessionManagementConfigurer<H> |
migrateSession()
Specifies that a new session should be created and the session
attributes from the original
HttpSession should be
retained. |
SessionManagementConfigurer<H> |
newSession()
Specifies that a new session should be created, but the session
attributes from the original
HttpSession should not be
retained. |
SessionManagementConfigurer<H> |
none()
Specifies that no session fixation protection should be enabled.
|
public SessionManagementConfigurer.SessionFixationConfigurer()
public SessionManagementConfigurer<H> newSession()
HttpSession
should not be
retained.SessionManagementConfigurer
for further customizationspublic SessionManagementConfigurer<H> migrateSession()
HttpSession
should be
retained.SessionManagementConfigurer
for further customizationspublic SessionManagementConfigurer<H> changeSessionId()
HttpServletRequest#changeSessionId()
is
called to change the session ID and retain all session attributes.
Using this option in a Servlet 3.0 or older container results in an
IllegalStateException
.SessionManagementConfigurer
for further
customizationsIllegalStateException
- if the container is not Servlet 3.1 or
newer.public SessionManagementConfigurer<H> none()
SessionManagementConfigurer
for further
customizations