mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-05-31 09:12:14 +00:00
d89ace26ab
Session fixation protection, whether by clean new session or migrated session, now publishes an event when a session is migrated or its ID is changed. This enables application developers to keep track of the session ID of a particular authentication from the time the authentication is successful until the time of logout. Previously this was not possible since session migration changed the session ID and there was no way to reliably detect that. Revised changes per Rob Winch's suggestions.