Class ChangeSessionIdAuthenticationStrategy
java.lang.Object
org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy
org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy
- All Implemented Interfaces:
org.springframework.beans.factory.Aware,org.springframework.context.ApplicationEventPublisherAware,SessionAuthenticationStrategy
public final class ChangeSessionIdAuthenticationStrategy
extends AbstractSessionFixationProtectionStrategy
Uses
HttpServletRequest.changeSessionId() to protect against session fixation
attacks. This is the default implementation.- Since:
- 3.2
-
Nested Class Summary
Nested classes/interfaces inherited from class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy
AbstractSessionFixationProtectionStrategy.NullEventPublisher -
Field Summary
Fields inherited from class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy
logger -
Constructor Summary
Constructors -
Method Summary
Methods inherited from class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy
onAuthentication, onSessionChange, setAlwaysCreateSession, setApplicationEventPublisher
-
Constructor Details
-
ChangeSessionIdAuthenticationStrategy
public ChangeSessionIdAuthenticationStrategy()
-