diff --git a/spring-security-login-and-registration/src/main/java/org/baeldung/security/CustomAuthenticationFailureHandler.java b/spring-security-login-and-registration/src/main/java/org/baeldung/security/CustomAuthenticationFailureHandler.java
index 8ae1ccf8bc..e8d995e781 100644
--- a/spring-security-login-and-registration/src/main/java/org/baeldung/security/CustomAuthenticationFailureHandler.java
+++ b/spring-security-login-and-registration/src/main/java/org/baeldung/security/CustomAuthenticationFailureHandler.java
@@ -10,6 +10,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.MessageSource;
 import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.WebAttributes;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
 import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.LocaleResolver;
@@ -31,14 +32,16 @@ public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationF
 
         final Locale locale = localeResolver.resolveLocale(request);
 
+        String errorMessage = messages.getMessage("message.badCredentials", null, locale);
+
         if (exception.getMessage().equalsIgnoreCase("User is disabled")) {
-            request.getSession().setAttribute("SPRING_SECURITY_LAST_EXCEPTION", messages.getMessage("auth.message.disabled", null, locale));
+            errorMessage = messages.getMessage("auth.message.disabled", null, locale);
         } else if (exception.getMessage().equalsIgnoreCase("User account has expired")) {
-            request.getSession().setAttribute("SPRING_SECURITY_LAST_EXCEPTION", messages.getMessage("auth.message.expired", null, locale));
+            errorMessage = messages.getMessage("auth.message.expired", null, locale);
         } else if (exception.getMessage().equalsIgnoreCase("blocked")) {
-            request.getSession().setAttribute("SPRING_SECURITY_LAST_EXCEPTION", messages.getMessage("auth.message.blocked", null, locale));
-        } else {
-            request.getSession().setAttribute("SPRING_SECURITY_LAST_EXCEPTION", messages.getMessage("message.badCredentials", null, locale));
+            errorMessage = messages.getMessage("auth.message.blocked", null, locale);
         }
+
+        request.getSession().setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, errorMessage);
     }
 }
\ No newline at end of file