Class SessionManagementConfigurer.SessionFixationConfigurer
- java.lang.Object
-
- org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.SessionFixationConfigurer
-
- Enclosing class:
- SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
public final class SessionManagementConfigurer.SessionFixationConfigurer extends java.lang.Object
Allows configuring SessionFixation protection
-
-
Constructor Summary
Constructors Constructor Description SessionFixationConfigurer()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description SessionManagementConfigurer<H>
changeSessionId()
Specifies that the Servlet container-provided session fixation protection should be used.SessionManagementConfigurer<H>
migrateSession()
Specifies that a new session should be created and the session attributes from the originalHttpSession
should be retained.SessionManagementConfigurer<H>
newSession()
Specifies that a new session should be created, but the session attributes from the originalHttpSession
should not be retained.SessionManagementConfigurer<H>
none()
Specifies that no session fixation protection should be enabled.
-
-
-
Method Detail
-
newSession
public SessionManagementConfigurer<H> newSession()
Specifies that a new session should be created, but the session attributes from the originalHttpSession
should not be retained.- Returns:
- the
SessionManagementConfigurer
for further customizations
-
migrateSession
public SessionManagementConfigurer<H> migrateSession()
Specifies that a new session should be created and the session attributes from the originalHttpSession
should be retained.- Returns:
- the
SessionManagementConfigurer
for further customizations
-
changeSessionId
public SessionManagementConfigurer<H> changeSessionId()
Specifies that the Servlet container-provided session fixation protection should be used. When a session authenticates, the Servlet methodHttpServletRequest#changeSessionId()
is called to change the session ID and retain all session attributes.- Returns:
- the
SessionManagementConfigurer
for further customizations
-
none
public SessionManagementConfigurer<H> none()
Specifies that no session fixation protection should be enabled. This may be useful when utilizing other mechanisms for protecting against session fixation. For example, if application container session fixation protection is already in use. Otherwise, this option is not recommended.- Returns:
- the
SessionManagementConfigurer
for further customizations
-
-