SessionAuthenticationStrategy (spring-security-docs 5.7.1 API)

All Known Implementing Classes:

AbstractSessionFixationProtectionStrategy, ChangeSessionIdAuthenticationStrategy, CompositeSessionAuthenticationStrategy, ConcurrentSessionControlAuthenticationStrategy, CsrfAuthenticationStrategy, NullAuthenticatedSessionStrategy, RegisterSessionAuthenticationStrategy, SessionFixationProtectionStrategy
```
public interface SessionAuthenticationStrategy
```
Allows pluggable support for HttpSession-related behaviour when an authentication occurs.
Typical use would be to make sure a session exists or to change the session Id to guard against session-fixation attacks.

Since:

Method Summary

All Methods Instance Methods Abstract Methods
Modifier and Type	Method	Description
`void`	`onAuthentication(Authentication authentication, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)`	Performs Http session-related functionality when a new authentication occurs.

- Method Detail
  - onAuthentication
```
void onAuthentication(Authentication authentication,
                      javax.servlet.http.HttpServletRequest request,
                      javax.servlet.http.HttpServletResponse response)
               throws SessionAuthenticationException
```
    Performs Http session-related functionality when a new authentication occurs.
    
    Throws:
    
    SessionAuthenticationException - if it is decided that the authentication is not allowed for the session. This will typically be because the user has too many sessions open at once.