Package org.springframework.security.web.session

Class RequestedUrlRedirectInvalidSessionStrategy

java.lang.Object

org.springframework.security.web.session.RequestedUrlRedirectInvalidSessionStrategy

All Implemented Interfaces:

InvalidSessionStrategy

public final class RequestedUrlRedirectInvalidSessionStrategy
extends Object
implements InvalidSessionStrategy

Performs a redirect to the original request URL when an invalid requested session is detected by the SessionManagementFilter.

Constructor Summary

Constructors

Constructor	Description
RequestedUrlRedirectInvalidSessionStrategy()

Method Summary

Modifier and Type	Method	Description
void	onInvalidSessionDetected(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
void	setCreateNewSession(boolean createNewSession)	Determines whether a new session should be created before redirecting (to avoid possible looping issues where the same session ID is sent with the redirected request).

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

RequestedUrlRedirectInvalidSessionStrategy

public RequestedUrlRedirectInvalidSessionStrategy()

Method Details

onInvalidSessionDetected

public void onInvalidSessionDetected(jakarta.servlet.http.HttpServletRequest request,
 jakarta.servlet.http.HttpServletResponse response)
                              throws IOException

Specified by:

onInvalidSessionDetected in interface InvalidSessionStrategy

Throws:

IOException

setCreateNewSession

public void setCreateNewSession(boolean createNewSession)

Determines whether a new session should be created before redirecting (to avoid possible looping issues where the same session ID is sent with the redirected request). Alternatively, ensure that the configured URL does not pass through the SessionManagementFilter.

Parameters:

createNewSession - defaults to true.