public final class SessionManagementConfigurer.SessionFixationConfigurer extends Object
| Constructor and Description |
|---|
SessionManagementConfigurer.SessionFixationConfigurer() |
| Modifier and Type | Method and Description |
|---|---|
SessionManagementConfigurer<H> |
changeSessionId()
Specifies that the Servlet container-provided session fixation
protection should be used.
|
SessionManagementConfigurer<H> |
migrateSession()
Specifies that a new session should be created and the session
attributes from the original
HttpSession should be
retained. |
SessionManagementConfigurer<H> |
newSession()
Specifies that a new session should be created, but the session
attributes from the original
HttpSession should not be
retained. |
SessionManagementConfigurer<H> |
none()
Specifies that no session fixation protection should be enabled.
|
public SessionManagementConfigurer.SessionFixationConfigurer()
public SessionManagementConfigurer<H> newSession()
HttpSession should not be
retained.SessionManagementConfigurer for further customizationspublic SessionManagementConfigurer<H> migrateSession()
HttpSession should be
retained.SessionManagementConfigurer for further customizationspublic SessionManagementConfigurer<H> changeSessionId()
HttpServletRequest#changeSessionId() is
called to change the session ID and retain all session attributes.
Using this option in a Servlet 3.0 or older container results in an
IllegalStateException.SessionManagementConfigurer for further
customizationsIllegalStateException - if the container is not Servlet 3.1 or
newer.public SessionManagementConfigurer<H> none()
SessionManagementConfigurer for further
customizations