org.springframework.security.web.authentication.session

Class ChangeSessionIdAuthenticationStrategy

java.lang.Object

org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy

org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy

All Implemented Interfaces:

org.springframework.beans.factory.Aware, org.springframework.context.ApplicationEventPublisherAware, SessionAuthenticationStrategy

public final class ChangeSessionIdAuthenticationStrategy
extends AbstractSessionFixationProtectionStrategy

Uses HttpServletRequest.changeSessionId() to protect against session fixation attacks. This is the default implementation.

Since:

3.2

Nested Class Summary

Nested classes/interfaces inherited from class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy

AbstractSessionFixationProtectionStrategy.NullEventPublisher

Field Summary

Fields inherited from class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy

logger

Constructor Summary

Constructors

Constructor and Description
ChangeSessionIdAuthenticationStrategy()

Method Summary

Methods inherited from class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy

onAuthentication, onSessionChange, setAlwaysCreateSession, setApplicationEventPublisher

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ChangeSessionIdAuthenticationStrategy

public ChangeSessionIdAuthenticationStrategy()