This is primarily used for concurrent session support.
Sessions have three states: active, expired, and destroyed. A session can that is invalidated by session.invalidate()
or via Servlet Container management is considered "destroyed". An "expired" session, on the other hand, is a session that Spring Security wants to end because it was selected for removal for some reason (generally as it was the least recently used session and the maximum sessions for the user were reached). An "expired" session is removed as soon as possible by a Filter
.
@author Ben Alex
|
|