14 Session Management

This chapter discusses Spring Security’s session management functionality. It starts off with an example of how Spring Security defends against session fixation. We will then discuss how concurrency control can be leveraged to restrict access to software licensed on a per-user basis. We will also see how session management can be leveraged for administrative functions. Last, we will explore how HttpSession is used in Spring Security and how we can manage sessions:

The following is a list of topics that will be covered in this chapter:

Session management/session fixation
Concurrency control
Managing logged-in users
How HttpSession is used in Spring Security and how to control creation
How to use the DebugFilter class to ...

Get Spring Security - Fourth Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Spring Security - Fourth Edition by Badr Nasslahsen

14

Session Management

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly