minor fix

2016-04-04 13:41:57 +02:00 · 2016-04-04 13:41:57 +02:00 · d64c9e47f4
parent 12c7f4e1f3
commit d64c9e47f4
1 changed files with 7 additions and 1 deletions
--- a/spring-security-mvc-session/src/main/java/org/baeldung/spring/SecSecurityConfig.java
+++ b/spring-security-mvc-session/src/main/java/org/baeldung/spring/SecSecurityConfig.java
@ -7,6 +7,7 @@ import org.springframework.security.config.annotation.authentication.builders.Au
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.session.HttpSessionEventPublisher;

@ -49,7 +50,12 @@ public class SecSecurityConfig extends WebSecurityConfigurerAdapter {
        .and()
        .rememberMe().key("uniqueAndSecret").tokenValiditySeconds(86400)
        .and()
-        .sessionManagement().invalidSessionUrl("/invalidSession.html").maximumSessions(2).expiredUrl("/sessionExpired.html");
+        .sessionManagement()
+        .sessionFixation().migrateSession()
+        .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
+        .invalidSessionUrl("/invalidSession.html")
+        .maximumSessions(2)
+        .expiredUrl("/sessionExpired.html");

        // @formatter:on
    }