HttpSession
events and publisher classes.
InvalidSessionStrategy | Determines the behaviour of the SessionManagementFilter when an invalid session Id is submitted and
detected in the SessionManagementFilter . |
ConcurrentSessionFilter | Filter required by concurrent session handling package. |
HttpSessionCreatedEvent | Published by the HttpSessionEventPublisher when an HttpSession is created by the container |
HttpSessionDestroyedEvent | Published by the HttpSessionEventPublisher when a HttpSession is created in the container |
HttpSessionEventPublisher | Declared in web.xml as
<listener> <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class> </listener>Publishes HttpSessionApplicationEvent s to the Spring Root WebApplicationContext. |
SessionManagementFilter | Detects that a user has been authenticated since the start of the request and, if they have, calls the
configured SessionAuthenticationStrategy to perform any session-related activity such as
activating session-fixation protection mechanisms or checking for multiple concurrent logins. |
SimpleRedirectInvalidSessionStrategy | Performs a redirect to a fixed URL when an invalid requested session is detected by the SessionManagementFilter . |