//it from the httpSession
if (authSession.isClosed()) {
close(authSession);
httpSession.removeAttribute(
serverSideConstants.getSessionCookieName());
throw new AuthSessionExpiredException();
}
String authSessionId = cookieHandlerProvider.get().getValue(
serverSideConstants.getSessionCookieName());