Package org.springframework.security.web.authentication.session
package org.springframework.security.web.authentication.session
Strategy interface and implementations for handling session-related behaviour for a
 newly authenticated user.
 
Comes with support for:
- Protection against session-fixation attacks
- Controlling the number of sessions an authenticated user can have open
- 
ClassDescriptionA base class for performing session fixation protection.UsesHttpServletRequest.changeSessionId()to protect against session fixation attacks.ASessionAuthenticationStrategythat accepts multipleSessionAuthenticationStrategyimplementations to delegate to.Strategy which handles concurrent session-control.Strategy used to register a user with theSessionRegistryafter successfulAuthentication.Thrown by anSessionAuthenticationStrategyorServerSessionAuthenticationStrategyto indicate that an authentication object is not valid for the current session, typically because the same user has exceeded the number of sessions they are allowed to have concurrently.Allows pluggable support for HttpSession-related behaviour when an authentication occurs.Indicates a session ID was changed for the purposes of session fixation protection.UsesHttpServletRequest.invalidate()to protect against session fixation attacks.Represents the maximum number of sessions allowed.