From d64c9e47f40bf4913af1088a448b24b959baa38d Mon Sep 17 00:00:00 2001
From: DOHA <dohae243@gmail.com>
Date: Mon, 4 Apr 2016 13:41:57 +0200
Subject: [PATCH] minor fix

---
 .../main/java/org/baeldung/spring/SecSecurityConfig.java  | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/spring-security-mvc-session/src/main/java/org/baeldung/spring/SecSecurityConfig.java b/spring-security-mvc-session/src/main/java/org/baeldung/spring/SecSecurityConfig.java
index c62b795e01..deeea78e4e 100644
--- a/spring-security-mvc-session/src/main/java/org/baeldung/spring/SecSecurityConfig.java
+++ b/spring-security-mvc-session/src/main/java/org/baeldung/spring/SecSecurityConfig.java
@@ -7,6 +7,7 @@ import org.springframework.security.config.annotation.authentication.builders.Au
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.session.HttpSessionEventPublisher;
 
@@ -49,7 +50,12 @@ public class SecSecurityConfig extends WebSecurityConfigurerAdapter {
         .and()
         .rememberMe().key("uniqueAndSecret").tokenValiditySeconds(86400)
         .and()
-        .sessionManagement().invalidSessionUrl("/invalidSession.html").maximumSessions(2).expiredUrl("/sessionExpired.html");
+        .sessionManagement()
+        .sessionFixation().migrateSession()
+        .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
+        .invalidSessionUrl("/invalidSession.html")
+        .maximumSessions(2)
+        .expiredUrl("/sessionExpired.html");
 
         // @formatter:on
     }