Package org.springframework.security.web.session

Class SimpleRedirectInvalidSessionStrategy

java.lang.Object

org.springframework.security.web.session.SimpleRedirectInvalidSessionStrategy

All Implemented Interfaces:

InvalidSessionStrategy

public final class SimpleRedirectInvalidSessionStrategy
extends Object
implements InvalidSessionStrategy

Performs a redirect to a fixed URL when an invalid requested session is detected by the SessionManagementFilter.

Constructor Summary

Constructors

Constructor	Description
SimpleRedirectInvalidSessionStrategy(String invalidSessionUrl)

Method Summary

Modifier and Type	Method	Description
void	onInvalidSessionDetected(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
void	setCreateNewSession(boolean createNewSession)	Determines whether a new session should be created before redirecting (to avoid possible looping issues where the same session ID is sent with the redirected request).

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SimpleRedirectInvalidSessionStrategy

public SimpleRedirectInvalidSessionStrategy(String invalidSessionUrl)

Method Details

onInvalidSessionDetected

public void onInvalidSessionDetected(jakarta.servlet.http.HttpServletRequest request,
 jakarta.servlet.http.HttpServletResponse response)
                              throws IOException

Specified by:

onInvalidSessionDetected in interface InvalidSessionStrategy

Throws:

IOException

setCreateNewSession

public void setCreateNewSession(boolean createNewSession)

Determines whether a new session should be created before redirecting (to avoid possible looping issues where the same session ID is sent with the redirected request). Alternatively, ensure that the configured URL does not pass through the SessionManagementFilter.

Parameters:

createNewSession - defaults to true.