public final class SessionManagementConfigurer.SessionFixationConfigurer
extends java.lang.Object
Constructor and Description |
---|
SessionFixationConfigurer() |
Modifier and Type | Method and Description |
---|---|
SessionManagementConfigurer<H> |
changeSessionId()
Specifies that the Servlet container-provided session fixation protection
should be used.
|
SessionManagementConfigurer<H> |
migrateSession()
Specifies that a new session should be created and the session attributes from
the original
HttpSession should be retained. |
SessionManagementConfigurer<H> |
newSession()
Specifies that a new session should be created, but the session attributes from
the original
HttpSession should not be retained. |
SessionManagementConfigurer<H> |
none()
Specifies that no session fixation protection should be enabled.
|
public SessionManagementConfigurer<H> newSession()
HttpSession
should not be retained.SessionManagementConfigurer
for further customizationspublic SessionManagementConfigurer<H> migrateSession()
HttpSession
should be retained.SessionManagementConfigurer
for further customizationspublic SessionManagementConfigurer<H> changeSessionId()
HttpServletRequest#changeSessionId()
is called to change the session ID
and retain all session attributes. Using this option in a Servlet 3.0 or older
container results in an IllegalStateException
.SessionManagementConfigurer
for further customizationsjava.lang.IllegalStateException
- if the container is not Servlet 3.1 or newer.public SessionManagementConfigurer<H> none()
SessionManagementConfigurer
for further customizations