Package org.springframework.security.web.session
package org.springframework.security.web.session
Session management filters,
HttpSession
events and publisher classes.-
ClassDescriptionFilter required by concurrent session handling package.Disables encoding URLs using the
HttpServletResponse
to prevent including the session id in URLs which is not considered URL because the session id can be leaked in things like HTTP access logs.Eagerly createsHttpSession
if it does not already exist.Published by theHttpSessionEventPublisher
when anHttpSession
is created by the containerPublished by theHttpSessionEventPublisher
when a HttpSession is removed from the containerDeclared in web.xml asPublished by theHttpSessionEventPublisher
when anHttpSession
ID is changed.An adapter ofInvalidSessionStrategy
toAccessDeniedHandler
Determines the behaviour of theSessionManagementFilter
when an invalid session Id is submitted and detected in theSessionManagementFilter
.Performs a redirect to the original request URL when an invalid requested session is detected by theSessionManagementFilter
.An event for when aSessionInformation
is expired.Determines the behaviour of theConcurrentSessionFilter
when an expired session is detected in theConcurrentSessionFilter
.Detects that a user has been authenticated since the start of the request and, if they have, calls the configuredSessionAuthenticationStrategy
to perform any session-related activity such as activating session-fixation protection mechanisms or checking for multiple concurrent logins.Performs a redirect to a fixed URL when an invalid requested session is detected by theSessionManagementFilter
.Performs a redirect to a fixed URL when an expired session is detected by theConcurrentSessionFilter
.AReactiveSessionRegistry
implementation that uses aWebSessionStore
to invalidate aWebSession
when theReactiveSessionInformation
is invalidated.