Package org.springframework.security.web.session

Session management filters, HttpSession events and publisher classes.

Interface Summary

Interface	Description
InvalidSessionStrategy	Determines the behaviour of the SessionManagementFilter when an invalid session Id is submitted and detected in the SessionManagementFilter.
SessionInformationExpiredStrategy	Determines the behaviour of the ConcurrentSessionFilter when an expired session is detected in the ConcurrentSessionFilter.

Class Summary

Class	Description
ConcurrentSessionFilter	Filter required by concurrent session handling package.
DisableEncodeUrlFilter	Disables encoding URLs using the HttpServletResponse to prevent including the session id in URLs which is not considered URL because the session id can be leaked in things like HTTP access logs.
ForceEagerSessionCreationFilter	Eagerly creates HttpSession if it does not already exist.
HttpSessionCreatedEvent	Published by the HttpSessionEventPublisher when an HttpSession is created by the container
HttpSessionDestroyedEvent	Published by the HttpSessionEventPublisher when a HttpSession is removed from the container
HttpSessionEventPublisher	Declared in web.xml as
HttpSessionIdChangedEvent	Published by the HttpSessionEventPublisher when an HttpSession ID is changed.
InvalidSessionAccessDeniedHandler	An adapter of InvalidSessionStrategy to AccessDeniedHandler
RequestedUrlRedirectInvalidSessionStrategy	Performs a redirect to the original request URL when an invalid requested session is detected by the SessionManagementFilter.
SessionInformationExpiredEvent	An event for when a SessionInformation is expired.
SessionManagementFilter	Detects that a user has been authenticated since the start of the request and, if they have, calls the configured SessionAuthenticationStrategy to perform any session-related activity such as activating session-fixation protection mechanisms or checking for multiple concurrent logins.
SimpleRedirectInvalidSessionStrategy	Performs a redirect to a fixed URL when an invalid requested session is detected by the SessionManagementFilter.
SimpleRedirectSessionInformationExpiredStrategy	Performs a redirect to a fixed URL when an expired session is detected by the ConcurrentSessionFilter.