Release 2.1.7.RELEASE

Resolves: #1443

Jenkinsfile

@@ -0,0 +1,155 @@
+properties([
+		buildDiscarder(logRotator(numToKeepStr: '10')),
+		pipelineTriggers([
+				cron('@daily')
+		]),
+])
+
+def SUCCESS = hudson.model.Result.SUCCESS.toString()
+currentBuild.result = SUCCESS
+
+try {
+	parallel check: {
+		stage('Check') {
+			timeout(time: 45, unit: 'MINUTES') {
+				node('ubuntu1804') {
+					checkout scm
+					try {
+						withEnv(["JAVA_HOME=${tool 'jdk8'}"]) {
+							sh './gradlew clean check --no-daemon --refresh-dependencies --stacktrace'
+						}
+					}
+					catch (e) {
+						currentBuild.result = 'FAILED: check'
+						throw e
+					}
+					finally {
+						junit '**/build/test-results/*/*.xml'
+					}
+				}
+			}
+		}
+	},
+	jdk9: {
+		stage('JDK 9') {
+			timeout(time: 45, unit: 'MINUTES') {
+				node {
+					checkout scm
+					try {
+						withEnv(["JAVA_HOME=${tool 'jdk9'}"]) {
+							sh './gradlew clean test --no-daemon --refresh-dependencies --stacktrace'
+						}
+					}
+					catch (e) {
+						currentBuild.result = 'FAILED: jdk9'
+						throw e
+					}
+				}
+			}
+		}
+	},
+	jdk10: {
+		stage('JDK 10') {
+			timeout(time: 45, unit: 'MINUTES') {
+				node {
+					checkout scm
+					try {
+						withEnv(["JAVA_HOME=${tool 'jdk10'}"]) {
+							sh './gradlew clean test --no-daemon --refresh-dependencies --stacktrace'
+						}
+					}
+					catch (e) {
+						currentBuild.result = 'FAILED: jdk10'
+						throw e
+					}
+				}
+			}
+		}
+	},
+	jdk11: {
+		stage('JDK 11') {
+			timeout(time: 45, unit: 'MINUTES') {
+				node('ubuntu1804') {
+					checkout scm
+					try {
+						withEnv(["JAVA_HOME=${tool 'jdk11'}"]) {
+							sh './gradlew clean test integrationTest --no-daemon --refresh-dependencies --stacktrace'
+						}
+					}
+					catch (e) {
+						currentBuild.result = 'FAILED: jdk11'
+						throw e
+					}
+				}
+			}
+		}
+	}
+
+	if (currentBuild.result == 'SUCCESS') {
+		parallel artifacts: {
+			stage('Deploy Artifacts') {
+				node {
+					checkout scm
+					try {
+						withCredentials([file(credentialsId: 'spring-signing-secring.gpg', variable: 'SIGNING_KEYRING_FILE')]) {
+							withCredentials([string(credentialsId: 'spring-gpg-passphrase', variable: 'SIGNING_PASSWORD')]) {
+								withCredentials([usernamePassword(credentialsId: 'oss-token', passwordVariable: 'OSSRH_PASSWORD', usernameVariable: 'OSSRH_USERNAME')]) {
+									withCredentials([usernamePassword(credentialsId: '02bd1690-b54f-4c9f-819d-a77cb7a9822c', usernameVariable: 'ARTIFACTORY_USERNAME', passwordVariable: 'ARTIFACTORY_PASSWORD')]) {
+										withEnv(["JAVA_HOME=${tool 'jdk8'}"]) {
+											sh './gradlew deployArtifacts finalizeDeployArtifacts --no-daemon --refresh-dependencies --stacktrace -Psigning.secretKeyRingFile=$SIGNING_KEYRING_FILE -Psigning.keyId=$SPRING_SIGNING_KEYID -Psigning.password=$SIGNING_PASSWORD -PossrhUsername=$OSSRH_USERNAME -PossrhPassword=$OSSRH_PASSWORD -PartifactoryUsername=$ARTIFACTORY_USERNAME -PartifactoryPassword=$ARTIFACTORY_PASSWORD'
+										}
+									}
+								}
+							}
+						}
+					}
+					catch (e) {
+						currentBuild.result = 'FAILED: artifacts'
+						throw e
+					}
+				}
+			}
+		},
+		docs: {
+			stage('Deploy Docs') {
+				node {
+					checkout scm
+					try {
+						withCredentials([file(credentialsId: 'docs.spring.io-jenkins_private_ssh_key', variable: 'DEPLOY_SSH_KEY')]) {
+							withEnv(["JAVA_HOME=${tool 'jdk8'}"]) {
+								sh './gradlew deployDocs --no-daemon --refresh-dependencies --stacktrace -PdeployDocsSshKeyPath=$DEPLOY_SSH_KEY -PdeployDocsSshUsername=$SPRING_DOCS_USERNAME'
+							}
+						}
+					}
+					catch (e) {
+						currentBuild.result = 'FAILED: docs'
+						throw e
+					}
+				}
+			}
+		}
+	}
+}
+finally {
+	def buildStatus = currentBuild.result
+	def buildNotSuccess = !SUCCESS.equals(buildStatus)
+	def lastBuildNotSuccess = !SUCCESS.equals(currentBuild.previousBuild?.result)
+
+	if (buildNotSuccess || lastBuildNotSuccess) {
+		stage('Notify') {
+			node {
+				final def RECIPIENTS = [[$class: 'DevelopersRecipientProvider'], [$class: 'RequesterRecipientProvider']]
+
+				def subject = "${buildStatus}: Build ${env.JOB_NAME} ${env.BUILD_NUMBER} status is now ${buildStatus}"
+				def details = "The build status changed to ${buildStatus}. For details see ${env.BUILD_URL}"
+
+				emailext(
+						subject: subject,
+						body: details,
+						recipientProviders: RECIPIENTS,
+						to: "$SPRING_SESSION_TEAM_EMAILS"
+				)
+			}
+		}
+	}
+}

README.adoc

@@ -1,9 +1,3 @@
-[NOTE]
-======
-This branch of Spring Session has reached its https://github.com/spring-projects/spring-boot/wiki/Supported-Versions[End of Life], meaning that there are no further maintenance releases or security patches planned.
-Please migrate to a supported branch as soon as possible.
-======
-
 = Spring Session
 
 image:https://travis-ci.org/spring-projects/spring-session.svg?branch=master["Build Status", link="https://travis-ci.org/spring-projects/spring-session"] image:https://badges.gitter.im/spring-projects/spring-session.svg[link="https://gitter.im/spring-projects/spring-session?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge"]

build.gradle

@@ -1,18 +1,30 @@
 buildscript {
+	ext {
+		releaseBuild = version.endsWith('RELEASE')
+		snapshotBuild = version.endsWith('SNAPSHOT')
+		milestoneBuild = !(releaseBuild || snapshotBuild)
+
+		springBootVersion = '2.1.5.RELEASE'
+	}
+
+	repositories {
+		gradlePluginPortal()
+		maven { url 'https://repo.spring.io/plugins-release/' }
+	}
+
 	dependencies {
 		classpath 'io.spring.gradle:spring-build-conventions:0.0.25.RELEASE'
 		classpath "org.springframework.boot:spring-boot-gradle-plugin:$springBootVersion"
 	}
-	repositories {
-		gradlePluginPortal()
-		maven { url 'https://repo.spring.io/plugins-release' }
-	}
 }
+
 apply plugin: 'io.spring.convention.root'
 
 group = 'org.springframework.session'
 description = 'Spring Session'
 
-ext.releaseBuild = version.endsWith('RELEASE')
-ext.snapshotBuild = version.endsWith('SNAPSHOT')
-ext.milestoneBuild = !(releaseBuild || snapshotBuild)
+subprojects {
+	plugins.withType(JavaPlugin) {
+		sourceCompatibility = JavaVersion.VERSION_1_8
+	}
+}

docs/src/docs/asciidoc/guides/boot-findbyusername.adoc

@@ -4,137 +4,141 @@ Rob Winch
 
 This guide describes how to use Spring Session to find sessions by username.
 
-NOTE: The completed guide can be found in the <<findbyusername-sample, findbyusername application>>.
+NOTE: You can find the completed guide in the <<findbyusername-sample, findbyusername application>>.
 
 
 [[findbyusername-assumptions]]
 == Assumptions
 
-The guide assumes you have already added Spring Session using the built in Redis configuration support to your application.
+The guide assumes you have already added Spring Session to your application by using the built-in Redis configuration support.
 The guide also assumes you have already applied Spring Security to your application.
-However, we the guide will be somewhat general purpose and can be applied to any technology with minimal changes we will discuss.
+However, we the guide is somewhat general purpose and can be applied to any technology with minimal changes, which we discuss later in the guide.
 
-[NOTE]
-====
-If you need to learn how to add Spring Session to your project, please refer to the listing of link:../#samples[samples and guides]
-====
+NOTE: If you need to learn how to add Spring Session to your project, see the listing of link:../#samples[samples and guides]
 
 == About the Sample
 
-Our sample is using this feature to invalidate the users session that might have been compromised.
+Our sample uses this feature to invalidate the users session that might have been compromised.
 Consider the following scenario:
 
-* User goes to library and authenticates to the application
-* User goes home and realizes they forgot to log out
-* User can log in and terminate the session from the library using clues like the location, created time, last accessed time, etc.
+* User goes to library and authenticates to the application.
+* User goes home and realizes they forgot to log out.
+* User can log in and terminate the session from the library using clues like the location, created time, last accessed time, and so on.
 
-Wouldn't it be nice if we could allow the user to invalidate the session at the library from any device they authenticate with?
+Would it not be nice if we could let the user invalidate the session at the library from any device with which they authenticate?
 This sample demonstrates how this is possible.
 
 [[findbyindexnamesessionrepository]]
-== FindByIndexNameSessionRepository
+== Using `FindByIndexNameSessionRepository`
 
-In order to look up a user by their username, you must first choose a `SessionRepository` that implements link:../#api-findbyindexnamesessionrepository[FindByIndexNameSessionRepository].
-Our sample application assumes that the Redis support is already setup, so we are ready to go.
+To look up a user by their username, you must first choose a `SessionRepository` that implements link:../#api-findbyindexnamesessionrepository[`FindByIndexNameSessionRepository`].
+Our sample application assumes that the Redis support is already set up, so we are ready to go.
 
-== Mapping the username
+== Mapping the User Name
 
-`FindByIndexNameSessionRepository` can only find a session by the username, if the developer instructs Spring Session what user is associated with the `Session`.
-This is done by ensuring that the session attribute with the name `FindByUsernameSessionRepository.PRINCIPAL_NAME_INDEX_NAME` is populated with the username.
+`FindByIndexNameSessionRepository` can find a session only by the user name if the developer instructs Spring Session what user is associated with the `Session`.
+You can do so by ensuring that the session attribute with the name `FindByUsernameSessionRepository.PRINCIPAL_NAME_INDEX_NAME` is populated with the username.
 
-Generally, speaking this can be done with the following code immediately after the user authenticates:
+Generally speaking, you can do so with the following code immediately after the user authenticates:
 
+====
 [source,java,indent=0]
 ----
 include::{docs-test-dir}docs/FindByIndexNameSessionRepositoryTests.java[tags=set-username]
 ----
+====
 
-== Mapping the username with Spring Security
+== Mapping the User Name with Spring Security
 
-Since we are using Spring Security, the user name is automatically indexed for us.
-This means we will not have to perform any steps to ensure the user name is indexed.
+Since we use Spring Security, the user name is automatically indexed for us.
+This means we need not perform any steps to ensure the user name is indexed.
 
-== Adding Additional Data to Session
+== Adding Additional Data to the Session
 
-It may be nice to associate additional information (i.e. IP Address, the browser, location, etc) to the session.
-This makes it easier for the user to know which session they are looking at.
+It may be nice to associate additional information (such as the IP Address, the browser, location, and other details) to the session.
+Doing so makes it easier for the user to know which session they are looking at.
 
-To do this simply determine which session attribute you want to use and what information you wish to provide.
+To do so, determine which session attribute you want to use and what information you wish to provide.
 Then create a Java bean that is added as a session attribute.
-For example, our sample application includes the location and access type of the session
+For example, our sample application includes the location and access type of the session, as the following listing shows:
 
+====
 [source,java,indent=0]
 ----
 include::{samples-dir}boot/findbyusername/src/main/java/sample/session/SessionDetails.java[tags=class]
 ----
+====
 
-We then inject that information into the session on each HTTP request using a `SessionDetailsFilter`.
-For example:
+We then inject that information into the session on each HTTP request using a `SessionDetailsFilter`, as the following example shows:
 
+====
 [source,java,indent=0]
 ----
 include::{samples-dir}boot/findbyusername/src/main/java/sample/session/SessionDetailsFilter.java[tags=dofilterinternal]
 ----
+====
 
 We obtain the information we want and then set the `SessionDetails` as an attribute in the `Session`.
-When we retrieve the `Session` by username, we can then use the session to access our `SessionDetails` just like any other session attribute.
+When we retrieve the `Session` by user name, we can then use the session to access our `SessionDetails` as we would any other session attribute.
 
-[NOTE]
-====
-You might be wondering at this point why Spring Session does not provide `SessionDetails` functionality out of the box.
-The reason, is twofold.
-The first is that it is very trivial for applications to implement this themselves.
-The second reason is that the information that is populated in the session (and how frequently that information is updated) is highly application dependent.
-====
+NOTE: You might wonder why Spring Session does not provide `SessionDetails` functionality out of the box.
+We have two reasons.
+The first reason is that it is very trivial for applications to implement this themselves.
+The second reason is that the information that is populated in the session (and how frequently that information is updated) is highly application-dependent.
 
 == Finding sessions for a specific user
 
 We can now find all the sessions for a specific user.
+The following example shows how to do so:
 
+====
 [source,java,indent=0]
 ----
 include::{samples-dir}boot/findbyusername/src/main/java/sample/mvc/IndexController.java[tags=findbyusername]
 ----
+====
 
 In our instance, we find all sessions for the currently logged in user.
-However, this could easily be modified for an administrator to use a form to specify which user to look up.
+However, you can modify this for an administrator to use a form to specify which user to look up.
 
 [[findbyusername-sample]]
-== findbyusername Sample Application
+== `findbyusername` Sample Application
 
-=== Running the findbyusername Sample Application
+This section describes how to use the `findbyusername` sample application.
+
+=== Running the `findbyusername` Sample Application
 
 You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
 
-[NOTE]
 ====
-For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
-Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
-Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
-====
-
 ----
 $ ./gradlew :spring-session-sample-boot-findbyusername:bootRun
 ----
+====
+
+NOTE: For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
+Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
+Another option is to use https://www.docker.com/[Docker] to run Redis on localhost.
+See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
 
 You should now be able to access the application at http://localhost:8080/
 
 === Exploring the security Sample Application
 
-Try using the application. Enter the following to log in:
+You can now try using the application. Enter the following to log in:
 
-* **Username** _user_
-* **Password** _password_
+* *Username* _user_
+* *Password* _password_
 
-Now click the **Login** button.
+Now click the *Login* button.
 You should now see a message indicating your are logged in with the user entered previously.
 You should also see a listing of active sessions for the currently logged in user.
 
-Let's emulate the flow we discussed in the <<About the Sample>> section
+You can emulate the flow we discussed in the <<About the Sample>> section by doing the following:
 
 * Open a new incognito window and navigate to  http://localhost:8080/
 * Enter the following to log in:
-** **Username** _user_
-** **Password** _password_
-* Terminate your original session
-* Refresh the original window and see you are logged out
+** *Username* _user_
+** *Password* _password_
+* Terminate your original session.
+* Refresh the original window and see that you are logged out.

docs/src/docs/asciidoc/guides/boot-jdbc.adoc

@@ -2,15 +2,17 @@
 Rob Winch, Vedran Pavić
 :toc:
 
-This guide describes how to use Spring Session to transparently leverage a relational database to back a web application's `HttpSession` when using Spring Boot.
+This guide describes how to use Spring Session to transparently leverage a relational database to back a web application's `HttpSession` when you use Spring Boot.
 
-NOTE: The completed guide can be found in the <<httpsession-jdbc-boot-sample, httpsession-jdbc-boot sample application>>.
+NOTE: You can find the completed guide in the <<httpsession-jdbc-boot-sample, httpsession-jdbc-boot sample application>>.
 
 == Updating Dependencies
-Before you use Spring Session, you must ensure to update your dependencies.
-We assume you are working with a working Spring Boot web application.
-If you are using Maven, ensure to add the following dependencies:
 
+Before you use Spring Session, you must update your dependencies.
+We assume you are working with a working Spring Boot web application.
+If you use Maven, you must add the following dependencies:
+
+====
 .pom.xml
 [source,xml]
 [subs="verbatim,attributes"]
@@ -24,8 +26,9 @@ If you are using Maven, ensure to add the following dependencies:
 	</dependency>
 </dependencies>
 ----
+====
 
-Spring Boot provides dependency management for Spring Session modules, so there's no need to explicitly declare dependency version.
+Spring Boot provides dependency management for Spring Session modules, so you need not explicitly declare the dependency version.
 
 // tag::config[]
 
@@ -33,95 +36,106 @@ Spring Boot provides dependency management for Spring Session modules, so there'
 == Spring Boot Configuration
 
 After adding the required dependencies, we can create our Spring Boot configuration.
-Thanks to first-class auto configuration support, setting up Spring Session backed by a relational database is as simple as adding a single configuration property to your `application.properties`:
+Thanks to first-class auto configuration support, setting up Spring Session backed by a relational database is as simple as adding a single configuration property to your `application.properties`.
+The following listing shows how to do so:
 
+====
 .src/main/resources/application.properties
 ----
 spring.session.store-type=jdbc # Session store type.
 ----
+====
 
-Under the hood, Spring Boot will apply configuration that is equivalent to manually adding `@EnableJdbcHttpSession` annotation.
-This creates a Spring Bean with the name of `springSessionRepositoryFilter` that implements Filter.
-The filter is what is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
+Under the hood, Spring Boot applies configuration that is equivalent to manually adding the `@EnableJdbcHttpSession` annotation.
+This creates a Spring bean with the name of `springSessionRepositoryFilter`. That bean implements `Filter`.
+The filter is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
 
-Further customization is possible using `application.properties`:
+You can further customize by using `application.properties`.
+The following listing shows how to do so:
 
+====
 .src/main/resources/application.properties
 ----
-server.servlet.session.timeout= # Session timeout. If a duration suffix is not specified, seconds will be used.
+server.servlet.session.timeout= # Session timeout. If a duration suffix is not specified, seconds are used.
 spring.session.jdbc.initialize-schema=embedded # Database schema initialization mode.
 spring.session.jdbc.schema=classpath:org/springframework/session/jdbc/schema-@@platform@@.sql # Path to the SQL file to use to initialize the database schema.
 spring.session.jdbc.table-name=SPRING_SESSION # Name of the database table used to store sessions.
 ----
+====
 
-For more information, refer to https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-session[Spring Session] portion of the Spring Boot documentation.
+For more information, see the https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-session[Spring Session] portion of the Spring Boot documentation.
 
 [[httpsession-jdbc-boot-configuration]]
-== Configuring the DataSource
+== Configuring the `DataSource`
 
-Spring Boot automatically creates a `DataSource` that connects Spring Session to an embedded instance of H2 database.
-In a production environment you need to ensure to update your configuration to point to your relational database.
-For example, you can include the following in your *application.properties*
+Spring Boot automatically creates a `DataSource` that connects Spring Session to an embedded instance of an H2 database.
+In a production environment, you need to update your configuration to point to your relational database.
+For example, you can include the following in your application.properties:
 
+====
 .src/main/resources/application.properties
 ----
 spring.datasource.url= # JDBC URL of the database.
 spring.datasource.username= # Login username of the database.
 spring.datasource.password= # Login password of the database.
 ----
+====
 
-For more information, refer to https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-configure-datasource[Configure a DataSource] portion of the Spring Boot documentation.
+For more information, see the https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-configure-datasource[Configure a DataSource] portion of the Spring Boot documentation.
 
 [[httpsession-jdbc-boot-servlet-configuration]]
 == Servlet Container Initialization
 
-Our <<httpsession-jdbc-boot-spring-configuration,Spring Boot Configuration>> created a Spring Bean named `springSessionRepositoryFilter` that implements `Filter`.
+Our <<httpsession-jdbc-boot-spring-configuration,Spring Boot Configuration>> created a Spring bean named `springSessionRepositoryFilter` that implements `Filter`.
 The `springSessionRepositoryFilter` bean is responsible for replacing the `HttpSession` with a custom implementation that is backed by Spring Session.
 
 In order for our `Filter` to do its magic, Spring needs to load our `Config` class.
-Last we need to ensure that our Servlet Container (i.e. Tomcat) uses our `springSessionRepositoryFilter` for every request.
+Last, we need to ensure that our Servlet Container (that is, Tomcat) uses our `springSessionRepositoryFilter` for every request.
 Fortunately, Spring Boot takes care of both of these steps for us.
 
 // end::config[]
 
 [[httpsession-jdbc-boot-sample]]
-== httpsession-jdbc-boot Sample Application
+== `httpsession-jdbc-boot` Sample Application
 
-The httpsession-jdbc-boot Sample Application demonstrates how to use Spring Session to transparently leverage H2 database to back a web application's `HttpSession` when using Spring Boot.
+The httpsession-jdbc-boot Sample Application demonstrates how to use Spring Session to transparently leverage an H2 database to back a web application's `HttpSession` when you use Spring Boot.
 
 [[httpsession-jdbc-boot-running]]
-=== Running the httpsession-jdbc-boot Sample Application
+=== Running the `httpsession-jdbc-boot` Sample Application
 
 You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
 
+====
 ----
 $ ./gradlew :spring-session-sample-boot-jdbc:bootRun
 ----
+====
 
 You should now be able to access the application at http://localhost:8080/
 
 [[httpsession-jdbc-boot-explore]]
-=== Exploring the security Sample Application
+=== Exploring the Security Sample Application
 
-Try using the application. Enter the following to log in:
+You can now try using the application.
+To do so, enter the following to log in:
 
-* **Username** _user_
-* **Password** _password_
+* *Username* _user_
+* *Password* _password_
 
-Now click the **Login** button.
-You should now see a message indicating your are logged in with the user entered previously.
-The user's information is stored in H2 database rather than Tomcat's `HttpSession` implementation.
+Now click the *Login* button.
+You should now see a message indicating that your are logged in with the user entered previously.
+The user's information is stored in the H2 database rather than Tomcat's `HttpSession` implementation.
 
 [[httpsession-jdbc-boot-how]]
-=== How does it work?
+=== How Does It Work?
 
-Instead of using Tomcat's `HttpSession`, we are actually persisting the values in H2 database.
+Instead of using Tomcat's `HttpSession`, we persist the values in the H2 database.
 Spring Session replaces the `HttpSession` with an implementation that is backed by a relational database.
-When Spring Security's `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession` it is then persisted into H2 database.
+When Spring Security's `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession`, it is then persisted into the H2 database.
 
-When a new `HttpSession` is created, Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
-Go ahead and view the cookies (click for help with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
+When a new `HttpSession` is created, Spring Session creates a cookie named `SESSION` in your browser. That cookie contains the ID of your session.
+You can view the cookies (with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
 
-If you like, you can easily remove the session using H2 web console available at: http://localhost:8080/h2-console/ (use `jdbc:h2:mem:testdb` for JDBC URL)
+You can remove the session by using the H2 web console available at: http://localhost:8080/h2-console/ (use `jdbc:h2:mem:testdb` for JDBC URL).
 
-Now visit the application at http://localhost:8080/ and observe that we are no longer authenticated.
+Now you can visit the application at http://localhost:8080/ and see that we are no longer authenticated.

docs/src/docs/asciidoc/guides/boot-redis.adoc

@@ -2,15 +2,17 @@
 Rob Winch, Vedran Pavić
 :toc:
 
-This guide describes how to use Spring Session to transparently leverage Redis to back a web application's `HttpSession` when using Spring Boot.
+This guide describes how to use Spring Session to transparently leverage Redis to back a web application's `HttpSession` when you use Spring Boot.
 
-NOTE: The completed guide can be found in the <<boot-sample, boot sample application>>.
+NOTE: You can find the completed guide in the <<boot-sample, boot sample application>>.
 
 == Updating Dependencies
-Before you use Spring Session, you must ensure to update your dependencies.
-We assume you are working with a working Spring Boot web application.
-If you are using Maven, ensure to add the following dependencies:
 
+Before you use Spring Session, you must ensure your dependencies.
+We assume you are working with a working Spring Boot web application.
+If you are using Maven, you must add the following dependencies:
+
+====
 .pom.xml
 [source,xml]
 [subs="verbatim,attributes"]
@@ -24,114 +26,131 @@ If you are using Maven, ensure to add the following dependencies:
 	</dependency>
 </dependencies>
 ----
+====
 
-Spring Boot provides dependency management for Spring Session modules, so there's no need to explicitly declare dependency version.
+Spring Boot provides dependency management for Spring Session modules, so you need not explicitly declare dependency version.
 
 [[boot-spring-configuration]]
 == Spring Boot Configuration
 
 After adding the required dependencies, we can create our Spring Boot configuration.
-Thanks to first-class auto configuration support, setting up Spring Session backed by Redis is as simple as adding a single configuration property to your `application.properties`:
+Thanks to first-class auto configuration support, setting up Spring Session backed by Redis is as simple as adding a single configuration property to your `application.properties`, as the following listing shows:
 
+====
 .src/main/resources/application.properties
 ----
 spring.session.store-type=redis # Session store type.
 ----
+====
 
-Under the hood, Spring Boot will apply configuration that is equivalent to manually adding `@EnableRedisHttpSession` annotation.
-This creates a Spring Bean with the name of `springSessionRepositoryFilter` that implements Filter.
-The filter is what is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
+Under the hood, Spring Boot applies configuration that is equivalent to manually adding `@EnableRedisHttpSession` annotation.
+This creates a Spring bean with the name of `springSessionRepositoryFilter` that implements `Filter`.
+The filter is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
 
-Further customization is possible using `application.properties`:
+Further customization is possible by using `application.properties`, as the following listing shows:
 
+====
 .src/main/resources/application.properties
 ----
-server.servlet.session.timeout= # Session timeout. If a duration suffix is not specified, seconds will be used.
+server.servlet.session.timeout= # Session timeout. If a duration suffix is not specified, seconds is used.
 spring.session.redis.flush-mode=on-save # Sessions flush mode.
 spring.session.redis.namespace=spring:session # Namespace for keys used to store sessions.
 ----
+====
 
-For more information, refer to https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-session[Spring Session] portion of the Spring Boot documentation.
+For more information, see the https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-session[Spring Session] portion of the Spring Boot documentation.
 
 [[boot-redis-configuration]]
 == Configuring the Redis Connection
 
 Spring Boot automatically creates a `RedisConnectionFactory` that connects Spring Session to a Redis Server on localhost on port 6379 (default port).
-In a production environment you need to ensure to update your configuration to point to your Redis server.
-For example, you can include the following in your *application.properties*
+In a production environment, you need to update your configuration to point to your Redis server.
+For example, you can include the following in your application.properties:
 
+====
 .src/main/resources/application.properties
 ----
 spring.redis.host=localhost # Redis server host.
 spring.redis.password= # Login password of the redis server.
 spring.redis.port=6379 # Redis server port.
 ----
+====
 
-For more information, refer to https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-connecting-to-redis[Connecting to Redis] portion of the Spring Boot documentation.
+For more information, see the https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-connecting-to-redis[Connecting to Redis] portion of the Spring Boot documentation.
 
 [[boot-servlet-configuration]]
 == Servlet Container Initialization
 
-Our <<boot-spring-configuration,Spring Boot Configuration>> created a Spring Bean named `springSessionRepositoryFilter` that implements `Filter`.
+Our <<boot-spring-configuration,Spring Boot Configuration>> created a Spring bean named `springSessionRepositoryFilter` that implements `Filter`.
 The `springSessionRepositoryFilter` bean is responsible for replacing the `HttpSession` with a custom implementation that is backed by Spring Session.
 
 In order for our `Filter` to do its magic, Spring needs to load our `Config` class.
-Last we need to ensure that our Servlet Container (i.e. Tomcat) uses our `springSessionRepositoryFilter` for every request.
+Last, we need to ensure that our servlet container (that is, Tomcat) uses our `springSessionRepositoryFilter` for every request.
 Fortunately, Spring Boot takes care of both of these steps for us.
 
 [[boot-sample]]
 == Boot Sample Application
 
-The Boot Sample Application demonstrates how to use Spring Session to transparently leverage Redis to back a web application's `HttpSession` when using Spring Boot.
+The Boot Sample Application demonstrates how to use Spring Session to transparently leverage Redis to back a web application's `HttpSession` when you use Spring Boot.
 
 [[boot-running]]
 === Running the Boot Sample Application
 
 You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
 
-[NOTE]
 ====
-For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
-Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
-Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
-====
-
 ----
 $ ./gradlew :spring-session-sample-boot-redis:bootRun
 ----
+====
+
+NOTE: For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
+Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
+Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
 
 You should now be able to access the application at http://localhost:8080/
 
 [[boot-explore]]
-=== Exploring the security Sample Application
+=== Exploring the `security` Sample Application
 
-Try using the application. Enter the following to log in:
+Now you can try using the application. Enter the following to log in:
 
-* **Username** _user_
-* **Password** _password_
+* *Username* _user_
+* *Password* _password_
 
-Now click the **Login** button.
+Now click the *Login* button.
 You should now see a message indicating your are logged in with the user entered previously.
 The user's information is stored in Redis rather than Tomcat's `HttpSession` implementation.
 
 [[boot-how]]
-=== How does it work?
+=== How Does It Work?
 
-Instead of using Tomcat's `HttpSession`, we are actually persisting the values in Redis.
+Instead of using Tomcat's `HttpSession`, we persist the values in Redis.
 Spring Session replaces the `HttpSession` with an implementation that is backed by Redis.
-When Spring Security's `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession` it is then persisted into Redis.
+When Spring Security's `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession`, it is then persisted into Redis.
 
-When a new `HttpSession` is created, Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
-Go ahead and view the cookies (click for help with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
+When a new `HttpSession` is created, Spring Session creates a cookie named `SESSION` in your browser.
+That cookie contains the ID of your session.
+You can view the cookies (with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
 
-If you like, you can easily remove the session using redis-cli. For example, on a Linux based system you can type:
+You can remove the session by using redis-cli.
+For example, on a Linux based system you can type the following:
 
+====
+----
 	$ redis-cli keys '*' | xargs redis-cli del
+----
+====
 
 TIP: The Redis documentation has instructions for https://redis.io/topics/quickstart[installing redis-cli].
 
-Alternatively, you can also delete the explicit key. Enter the following into your terminal ensuring to replace `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your SESSION cookie:
+Alternatively, you can also delete the explicit key.
+To do so, enter the following into your terminal, being sure to replace `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your `SESSION` cookie:
 
+====
+----
 	$ redis-cli del spring:session:sessions:7e8383a4-082c-4ffe-a4bc-c40fd3363c5e
+----
+=====
 
-Now visit the application at http://localhost:8080/ and observe that we are no longer authenticated.
+Now you can visit the application at http://localhost:8080/ and observe that we are no longer authenticated.

docs/src/docs/asciidoc/guides/boot-websocket.adoc

@@ -7,9 +7,8 @@ This guide describes how to use Spring Session to ensure that WebSocket messages
 
 // tag::disclaimer[]
 
-NOTE: Spring Session's WebSocket support only works with Spring's WebSocket support.
-Specifically it does not work with using https://www.jcp.org/en/jsr/detail?id=356[JSR-356] directly.
-This is due to the fact that JSR-356 does not have a mechanism for intercepting incoming WebSocket messages.
+NOTE: Spring Session's WebSocket support works only with Spring's WebSocket support.
+Specifically,it does not work with using https://www.jcp.org/en/jsr/detail?id=356[JSR-356] directly, because JSR-356 does not have a mechanism for intercepting incoming WebSocket messages.
 
 // end::disclaimer[]
 
@@ -17,24 +16,27 @@ This is due to the fact that JSR-356 does not have a mechanism for intercepting
 
 The first step is to integrate Spring Session with the HttpSession. These steps are already outlined in the link:httpsession.html[HttpSession Guide].
 
-Please make sure you have already integrated Spring Session with the HttpSession before proceeding.
+Please make sure you have already integrated Spring Session with HttpSession before proceeding.
 
 // tag::config[]
 
 [[websocket-spring-configuration]]
 == Spring Configuration
 
-In a typical Spring WebSocket application users would implement `WebSocketMessageBrokerConfigurer`.
+In a typical Spring WebSocket application, you would implement `WebSocketMessageBrokerConfigurer`.
 For example, the configuration might look something like the following:
 
+====
 [source,java]
 ----
 include::{websocketdoc-test-dir}WebSocketConfig.java[tags=class]
 ----
+====
 
-We can easily update our configuration to use Spring Session's WebSocket support.
-For example:
+We can update our configuration to use Spring Session's WebSocket support.
+The following example shows how to do so:
 
+====
 .src/main/java/samples/config/WebSocketConfig.java
 [source,java]
 ----
@@ -43,8 +45,9 @@ include::{samples-dir}boot/websocket/src/main/java/sample/config/WebSocketConfig
 
 To hook in the Spring Session support we only need to change two things:
 
-<1> Instead of implementing `WebSocketMessageBrokerConfigurer` we extend `AbstractSessionWebSocketMessageBrokerConfigurer`
+<1> Instead of implementing `WebSocketMessageBrokerConfigurer`, we extend `AbstractSessionWebSocketMessageBrokerConfigurer`
 <2> We rename the `registerStompEndpoints` method to `configureStompEndpoints`
+====
 
 What does `AbstractSessionWebSocketMessageBrokerConfigurer` do behind the scenes?
 
@@ -52,87 +55,89 @@ What does `AbstractSessionWebSocketMessageBrokerConfigurer` do behind the scenes
 This ensures a custom `SessionConnectEvent` is fired that contains the `WebSocketSession`.
 The `WebSocketSession` is necessary to terminate any WebSocket connections that are still open when a Spring Session is terminated.
 * `SessionRepositoryMessageInterceptor` is added as a `HandshakeInterceptor` to every `StompWebSocketEndpointRegistration`.
-This ensures that the Session is added to the WebSocket properties to enable updating the last accessed time.
+This ensures that the `Session` is added to the WebSocket properties to enable updating the last accessed time.
 * `SessionRepositoryMessageInterceptor` is added as a `ChannelInterceptor` to our inbound `ChannelRegistration`.
 This ensures that every time an inbound message is received, that the last accessed time of our Spring Session is updated.
-* `WebSocketRegistryListener` is created as a Spring Bean.
-This ensures that we have a mapping of all of the Session id to the corresponding WebSocket connections.
+* `WebSocketRegistryListener` is created as a Spring bean.
+This ensures that we have a mapping of all of the `Session` IDs to the corresponding WebSocket connections.
 By maintaining this mapping, we can close all the WebSocket connections when a Spring Session (HttpSession) is terminated.
 
 
 // end::config[]
 
 [[websocket-sample]]
-== websocket Sample Application
+== `websocket` Sample Application
 
-The websocket sample application demonstrates how to use Spring Session with WebSockets.
+The `websocket` sample application demonstrates how to use Spring Session with WebSockets.
 
-=== Running the websocket Sample Application
+=== Running the `websocket` Sample Application
 
 You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
 
-[TIP]
 ====
-For the purposes of testing session expiration, you may want to change the session expiration to be 1 minute (default is 30 minutes) by adding the following configuration property starting before the application:
+----
+$ ./gradlew :spring-session-sample-boot-websocket:bootRun
+----
+====
 
+[TIP]
+=====
+For the purposes of testing session expiration, you may want to change the session expiration to be 1 minute (the default is 30 minutes) by adding the following configuration property before starting the application:
+
+====
 .src/main/resources/application.properties
 ----
 server.servlet.session.timeout=1m # Session timeout. If a duration suffix is not specified, seconds will be used.
 ----
 ====
+=====
 
-[NOTE]
-====
-For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
+NOTE: For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
 Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
-Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
-====
-
-----
-$ ./gradlew :spring-session-sample-boot-websocket:bootRun
-----
+Another option is to use https://www.docker.com/[Docker] to run Redis on localhost.
+See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
 
 You should now be able to access the application at http://localhost:8080/
 
-=== Exploring the websocket Sample Application
+=== Exploring the `websocket` Sample Application
 
-Try using the application. Authenticate with the following information:
+Now you can try using the application. Authenticate with the following information:
 
-* **Username** _rob_
-* **Password** _password_
+* *Username* _rob_
+* *Password* _password_
 
-Now click the **Login** button. You should now be authenticated as the user **rob**.
+Now click the *Login* button. You should now be authenticated as the user **rob**.
 
 Open an incognito window and access http://localhost:8080/
 
-You will be prompted with a log in form. Authenticate with the following information:
+You are prompted with a login form. Authenticate with the following information:
 
-* **Username** _luke_
-* **Password** _password_
+* *Username* _luke_
+* *Password* _password_
 
-Now send a message from *rob* to *luke*. The message should appear.
+Now send a message from rob to luke. The message should appear.
 
-Wait for two minutes and try sending a message from *rob* to *luke* again.
-You will see that the message is no longer sent.
+Wait for two minutes and try sending a message from rob to luke again.
+You can see that the message is no longer sent.
 
 [NOTE]
 .Why two minutes?
 ====
-Spring Session will expire in 60 seconds, but the notification from Redis is not guaranteed to happen within 60 seconds.
+Spring Session expires in 60 seconds, but the notification from Redis is not guaranteed to happen within 60 seconds.
 To ensure the socket is closed in a reasonable amount of time, Spring Session runs a background task every minute at 00 seconds that forcibly cleans up any expired sessions.
-This means you will need to wait at most two minutes before the WebSocket connection is terminated.
+This means you need to wait at most two minutes before the WebSocket connection is terminated.
 ====
 
-Try accessing http://localhost:8080/
-You will be prompted to authenticate again.
+You can now try accessing http://localhost:8080/
+You are prompted to authenticate again.
 This demonstrates that the session properly expires.
 
-Now repeat the same exercise, but instead of waiting two minutes send a message from *each* of the users every 30 seconds.
-You will see that the messages continue to be sent.
+Now repeat the same exercise, but instead of waiting two minutes, send a message from each of the users every 30 seconds.
+You can see that the messages continue to be sent.
 Try accessing http://localhost:8080/
-You will not be prompted to authenticate again.
+You are not prompted to authenticate again.
 This demonstrates the session is kept alive.
 
 NOTE: Only messages sent from a user keep the session alive.
 This is because only messages coming from a user imply user activity.
-Messages received do not imply activity and thus do not renew the session expiration.
+Received messages do not imply activity and, thus, do not renew the session expiration.

docs/src/docs/asciidoc/guides/grails3.adoc

@@ -2,17 +2,19 @@
 Eric Helgeson
 :toc:
 
-This guide describes how to use Spring Session to transparently leverage Redis to back a web application's `HttpSession` when using Grails 3.1
+This guide describes how to use Spring Session to transparently leverage Redis to back a web application's `HttpSession` when you use Grails 3.1
 
-NOTE: Grails 3.1 is based off spring boot 1.3 so much of the advanced configuration and options can be found in the boot docs as well.
+NOTE: Grails 3.1 is based off spring boot 1.3, so much of the advanced configuration and options can be found in the Boot docs as well.
 
-NOTE: The completed guide can be found in the <<grails3-sample, Grails 3 sample application>>.
+NOTE: You can find the completed guid in the <<grails3-sample, Grails 3 sample application>>.
 
 == Updating Dependencies
-Before you use Spring Session, you must ensure to update your dependencies.
-We assume you are working with a working Grails 3.1 web profile.
-Add the following dependencies:
 
+Before you use Spring Session, you must update your dependencies.
+We assume you are working with a working Grails 3.1 web profile.
+You must add the following dependencies:
+
+====
 .build.gradle
 [source,groovy]
 [subs="verbatim,attributes"]
@@ -22,11 +24,13 @@ dependencies {
     compile 'org.springframework.session:spring-session:{spring-session-version}'
 }
 ----
+====
 
 ifeval::["{version-snapshot}" == "true"]
-Since We are using a SNAPSHOT version, we need to ensure to add the Spring Snapshot Maven Repository.
-Ensure you have the following in your pom.xml:
+Since we use a SNAPSHOT version, we need to ensure to add the Spring Snapshot Maven Repository.
+You must have the following in your build.gradle:
 
+====
 .build.gradle
 [source,groovy]
 ----
@@ -36,12 +40,14 @@ repositories {
     }
 }
 ----
+====
 endif::[]
 
 ifeval::["{version-milestone}" == "true"]
-Since We are using a Milestone version, we need to ensure to add the Spring Milestone Maven Repository.
-Ensure you have the following in your pom.xml:
+Since we use a Milestone version, we need to add the Spring Milestone Maven Repository.
+You must have the following in your build.gradle:
 
+====
 .build.gradle
 [source,groovy]
 ----
@@ -51,6 +57,7 @@ repositories {
     }
 }
 ----
+====
 endif::[]
 
 [[grails3-redis-configuration]]
@@ -58,8 +65,9 @@ endif::[]
 
 Spring Boot automatically creates a `RedisConnectionFactory` that connects Spring Session to a Redis Server on localhost on port 6379 (default port).
 In a production environment you need to ensure to update your configuration to point to your Redis server.
-For example, you can include the following in your *application.yml*
+For example, you can include the following in your application.yml:
 
+====
 .grails-app/conf/application.yml
 [source,yml]
 ----
@@ -69,8 +77,9 @@ spring:
     password: secret
     port: 6397
 ----
+====
 
-For more information, refer to https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-connecting-to-redis[Connecting to Redis] portion of the Spring Boot documentation.
+For more information, see the https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-connecting-to-redis[Connecting to Redis] portion of the Spring Boot documentation.
 
 [[grails3-sample]]
 == Grails 3 Sample Application
@@ -82,52 +91,61 @@ The Grails 3 Sample Application demonstrates how to use Spring Session to transp
 
 You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
 
-[NOTE]
-====
-For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
-Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
-Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
-====
-
 ----
 $ ./gradlew :spring-session-sample-misc-grails3:bootRun
 ----
 
+NOTE:For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
+Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
+Another option is to use https://www.docker.com/[Docker] to run Redis on localhost.
+See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
+
 You should now be able to access the application at http://localhost:8080/test/index
 
 [[grails3-explore]]
-=== Exploring the security Sample Application
+=== Exploring the `security` Sample Application
 
-Try using the application. Enter the following to log in:
+You can now try using the application. Enter the following to log in:
 
-* **Username** _user_
-* **Password** _password_
+* *Username* _user_
+* *Password* _password_
 
-Now click the **Login** button.
-You should now see a message indicating your are logged in with the user entered previously.
+Now click the *Login* button.
+You should now see a message indicating that your are logged in with the user entered previously.
 The user's information is stored in Redis rather than Tomcat's `HttpSession` implementation.
 
 [[grails3-how]]
-=== How does it work?
+=== How Does It Work?
 
-Instead of using Tomcat's `HttpSession`, we are actually persisting the values in Redis.
+Instead of using Tomcat's `HttpSession`, we persist the values in Redis.
 Spring Session replaces the `HttpSession` with an implementation that is backed by Redis.
-When Spring Security's `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession` it is then persisted into Redis.
+When Spring Security's `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession`, it is then persisted into Redis.
 
-When a new `HttpSession` is created, Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
-Go ahead and view the cookies (click for help with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
+When a new `HttpSession` is created, Spring Session creates a cookie named `SESSION` in your browser.
+That cookie contains the ID of your session.
+You can view the cookies (with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
 
-If you like, you can easily remove the session using redis-cli. For example, on a Linux based system you can type:
+You can remove the session by using redis-cli.
+For example, on a Linux based system you can type the following:
 
+====
+----
 	$ redis-cli keys '*' | xargs redis-cli del
+----
+====
 
 TIP: The Redis documentation has instructions for https://redis.io/topics/quickstart[installing redis-cli].
 
-Alternatively, you can also delete the explicit key. Enter the following into your terminal ensuring to replace `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your SESSION cookie:
+Alternatively, you can also delete the explicit key.
+To do so, enter the following into your terminal, being sure to replace `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your `SESSION` cookie:
 
+====
+----
 	$ redis-cli del spring:session:sessions:7e8383a4-082c-4ffe-a4bc-c40fd3363c5e
+----
+====
 
-Now visit the application at http://localhost:8080/test/index and observe that we are no longer authenticated.
+Now you can visit the application at http://localhost:8080/test/index and see that we are no longer authenticated.
 
-NOTE: Spring Session will not work with grails flash scope without additional work. +
-See this answer for an explanation: https://stackoverflow.com/a/43311427
+NOTE: Spring Session does not work with Grails flash scope without additional work.
+See https://stackoverflow.com/a/43311427  for an explanation.

docs/src/docs/asciidoc/guides/java-custom-cookie.adoc

@@ -3,100 +3,95 @@ Rob Winch
 :toc:
 
 This guide describes how to configure Spring Session to use custom cookies with Java Configuration.
-The guide assumes you have already link:./httpsession.html[setup Spring Session in your project].
+The guide assumes you have already link:./httpsession.html[set up Spring Session in your project].
 
-NOTE: The completed guide can be found in the <<custom-cookie-sample, Custom Cookie sample application>>.
+NOTE: You can find the completed guide in the <<custom-cookie-sample, Custom Cookie sample application>>.
 
 [[custom-cookie-spring-configuration]]
 == Spring Java Configuration
 
-Once you have setup Spring Session you can easily customize how the session cookie is written by exposing a `CookieSerializer` as a Spring Bean.
-Out of the box, Spring Session comes with `DefaultCookieSerializer`.
-Simply exposing the `DefaultCookieSerializer` as a Spring Bean will augment the existing configuration when using configurations like `@EnableRedisHttpSession`.
-You can find an example of customizing Spring Session's cookie below:
+Once you have set up Spring Session, you can customize how the session cookie is written by exposing a `CookieSerializer` as a Spring bean.
+Spring Session comes with `DefaultCookieSerializer`.
+Exposing the `DefaultCookieSerializer` as a Spring bean augments the existing configuration when you use configurations like `@EnableRedisHttpSession`.
+The following example shows how to customize Spring Session's cookie:
 
+====
 [source,java]
 ----
 include::{samples-dir}javaconfig/custom-cookie/src/main/java/sample/Config.java[tags=cookie-serializer]
 ----
 
-<1> We customize the name of the cookie to be JSESSIONID
-<2> We customize the path of the cookie to be "/" (rather than the default of the context root)
-<3> We customize the domain name pattern (a regular expression) to be `^.+?\\.(\\w+\\.[a-z]+)$`
+<1> We customize the name of the cookie to be `JSESSIONID`.
+<2> We customize the path of the cookie to be `/` (rather than the default of the context root).
+<3> We customize the domain name pattern (a regular expression) to be `^.+?\\.(\\w+\\.[a-z]+)$`.
 This allows sharing a session across domains and applications.
-If the regular expression does not match, no domain is set and the existing domain will be used.
-If the regular expression matches, the first https://docs.oracle.com/javase/tutorial/essential/regex/groups.html[grouping] will be used as the domain.
-This means that a request to https://child.example.com will set the domain to example.com.
-However, a request to http://localhost:8080/ or https://192.168.1.100:8080/ will leave the cookie unset and thus still work in development without any changes necessary for production.
+If the regular expression does not match, no domain is set and the existing domain is used.
+If the regular expression matches, the first https://docs.oracle.com/javase/tutorial/essential/regex/groups.html[grouping] is used as the domain.
+This means that a request to https://child.example.com sets the domain to `example.com`.
+However, a request to http://localhost:8080/ or https://192.168.1.100:8080/ leaves the cookie unset and, thus, still works in development without any changes being necessary for production.
+====
 
-[WARNING]
-====
-It is important to note that users should only match on valid domain characters since the domain name is reflected in the response.
-This is prevent a malicious user from performing attacks like https://en.wikipedia.org/wiki/HTTP_response_splitting[HTTP Response Splitting].
-====
+WARNING: You should only match on valid domain characters, since the domain name is reflected in the response.
+Doing so prevents a malicious user from performing such attacks as https://en.wikipedia.org/wiki/HTTP_response_splitting[HTTP Response Splitting].
 
 [[custom-cookie-options]]
 == Configuration Options
 
-The configuration options available are:
+The following configuration options are available:
 
-* `cookieName` - the name of the cookie to use
-Default "SESSION"
-* `useSecureCookie` - specify if a secure cookie be used
-Default use value of `HttpServletRequest.isSecure()` at the time of creation.
-* `cookiePath` - the path of the cookie
-Default is context root
-* `cookieMaxAge` - specifies the max age of the cookie to be set at the time the session is created.
-Default is -1 which indicates the cookie will be removed when the browser is closed.
-* `jvmRoute` - specifies a suffix to be appended to the session id and included in the cookie.
+* `cookieName`: The name of the cookie to use.
+Default: `SESSION`.
+* `useSecureCookie`: Specifies whether a secure cookie should be used.
+Default: Use the value of `HttpServletRequest.isSecure()` at the time of creation.
+* `cookiePath`: The path of the cookie.
+Default: The context root.
+* `cookieMaxAge`: Specifies the max age of the cookie to be set at the time the session is created.
+Default: `-1`, which indicates the cookie should be removed when the browser is closed.
+* `jvmRoute`: Specifies a suffix to be appended to the session ID and included in the cookie.
 Used to identify which JVM to route to for session affinity.
-With some implementations (i.e. Redis) this provides no performance benefit.
-However, this can help with tracing logs of a particular user.
-* `domainName` - allows specifying a specific domain name to be used for the cookie.
-This option is simple to understand, but will likely require a different configuration between development and production environments.
-See domainNamePattern as an alternative.
-* `domainNamePattern` - a case insensitive pattern used to extract the domain name from the `HttpServletRequest#getServerName()`.
-The pattern should provide a single grouping used to extract the value of the cookie domain.
-If the regular expression does not match, no domain is set and the existing domain will be used.
-If the regular expression matches, the first https://docs.oracle.com/javase/tutorial/essential/regex/groups.html[grouping] will be used as the domain.
+With some implementations (that is, Redis) this option provides no performance benefit.
+However, it can help with tracing logs of a particular user.
+* `domainName`: Allows specifying a specific domain name to be used for the cookie.
+This option is simple to understand but often requires a different configuration between development and production environments.
+See `domainNamePattern` as an alternative.
+* `domainNamePattern`: A case-insensitive pattern used to extract the domain name from the `HttpServletRequest#getServerName()`.
+The pattern should provide a single grouping that is used to extract the value of the cookie domain.
+If the regular expression does not match, no domain is set and the existing domain is used.
+If the regular expression matches, the first https://docs.oracle.com/javase/tutorial/essential/regex/groups.html[grouping] is used as the domain.
 
-[WARNING]
-====
-It is important to note that users should only match on valid domain characters since the domain name is reflected in the response.
-This is prevent a malicious user from performing attacks like https://en.wikipedia.org/wiki/HTTP_response_splitting[HTTP Response Splitting].
-====
+WARNING: You should only match on valid domain characters, since the domain name is reflected in the response.
+Doing so prevents a malicious user from performing such attacks as https://en.wikipedia.org/wiki/HTTP_response_splitting[HTTP Response Splitting].
 
 
 [[custom-cookie-sample]]
-== custom-cookie Sample Application
+== `custom-cookie` Sample Application
 
+This section describes how to work with the `custom-cookie` sample application.
 
-
-=== Running the custom-cookie Sample Application
+=== Running the `custom-cookie` Sample Application
 
 You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
 
-[NOTE]
 ====
-For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
-Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
-Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
-====
-
 ----
 $ ./gradlew :spring-session-sample-javaconfig-custom-cookie:tomcatRun
 ----
+====
+
+NOTE: For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
+Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
+Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
 
 You should now be able to access the application at http://localhost:8080/
 
-=== Exploring the custom-cookie Sample Application
+=== Exploring the `custom-cookie` Sample Application
 
-Try using the application. Fill out the form with the following information:
+Now you can use the application. Fill out the form with the following information:
 
-* **Attribute Name:** _username_
-* **Attribute Value:** _rob_
+* *Attribute Name:* _username_
+* *Attribute Value:* _rob_
 
-Now click the **Set Attribute** button.
+Now click the *Set Attribute* button.
 You should now see the values displayed in the table.
 
-If you look at the cookies for the application, you can see the cookie is saved to the custom name of JSESSIONID
+If you look at the cookies for the application, you can see the cookie is saved to the custom name of `JSESSIONID`.

docs/src/docs/asciidoc/guides/java-hazelcast.adoc

@@ -2,15 +2,17 @@
 Tommy Ludwig; Rob Winch
 :toc:
 
-This guide describes how to use Spring Session along with Spring Security using Hazelcast as your data store.
-It assumes you have already applied Spring Security to your application.
+This guide describes how to use Spring Session along with Spring Security when you use Hazelcast as your data store.
+It assumes that you have already applied Spring Security to your application.
 
-NOTE: The completed guide can be found in the <<hazelcast-spring-security-sample, Hazelcast Spring Security sample application>>.
+NOTE: You cand find the completed guide in the <<hazelcast-spring-security-sample, Hazelcast Spring Security sample application>>.
 
 == Updating Dependencies
-Before you use Spring Session, you must ensure to update your dependencies.
-If you are using Maven, ensure to add the following dependencies:
 
+Before you use Spring Session, you must update your dependencies.
+If you use Maven, you must add the following dependencies:
+
+====
 .pom.xml
 [source,xml]
 [subs="verbatim,attributes"]
@@ -30,11 +32,13 @@ If you are using Maven, ensure to add the following dependencies:
 	</dependency>
 </dependencies>
 ----
+====
 
 ifeval::["{version-snapshot}" == "true"]
-Since We are using a SNAPSHOT version, we need to ensure to add the Spring Snapshot Maven Repository.
-Ensure you have the following in your pom.xml:
+Since we are using a SNAPSHOT version, we need to add the Spring Snapshot Maven Repository.
+You must have the following in your pom.xml:
 
+====
 .pom.xml
 [source,xml]
 ----
@@ -48,12 +52,14 @@ Ensure you have the following in your pom.xml:
 	</repository>
 </repositories>
 ----
+====
 endif::[]
 
 ifeval::["{version-milestone}" == "true"]
-Since We are using a Milestone version, we need to ensure to add the Spring Milestone Maven Repository.
-Ensure you have the following in your pom.xml:
+Since we are using a Milestone version, we need to add the Spring Milestone Maven Repository.
+You must have the following in your pom.xml:
 
+====
 .pom.xml
 [source,xml]
 ----
@@ -62,6 +68,7 @@ Ensure you have the following in your pom.xml:
 <url>https://repo.spring.io/libs-milestone</url>
 </repository>
 ----
+====
 endif::[]
 
 // tag::config[]
@@ -70,126 +77,146 @@ endif::[]
 == Spring Configuration
 
 After adding the required dependencies, we can create our Spring configuration.
-The Spring configuration is responsible for creating a Servlet Filter that replaces the `HttpSession` implementation with an implementation backed by Spring Session.
-Add the following Spring Configuration:
+The Spring configuration is responsible for creating a servlet filter that replaces the `HttpSession` implementation with an implementation backed by Spring Session.
+To do so, add the following Spring Configuration:
 
+====
 [source,java]
 ----
 include::{docs-test-dir}docs/http/HazelcastHttpSessionConfig.java[tags=config]
 ----
 
-<1> The `@EnableHazelcastHttpSession` annotation creates a Spring Bean with the name of `springSessionRepositoryFilter` that implements Filter.
-The filter is what is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
-In this instance Spring Session is backed by Hazelcast.
-<2> In order to support retrieval of sessions by principal name index, appropriate `ValueExtractor` needs to be registered.
+<1> The `@EnableHazelcastHttpSession` annotation creates a Spring bean named `springSessionRepositoryFilter` that implements `Filter`.
+The filter is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
+In this instance, Spring Session is backed by Hazelcast.
+<2> In order to support retrieval of sessions by principal name index, an appropriate `ValueExtractor` needs to be registered.
 Spring Session provides `PrincipalNameExtractor` for this purpose.
 <3> We create a `HazelcastInstance` that connects Spring Session to Hazelcast.
-By default, an embedded instance of Hazelcast is started and connected to by the application.
-For more information on configuring Hazelcast, refer to the https://docs.hazelcast.org/docs/{hazelcast-version}/manual/html-single/index.html#hazelcast-configuration[reference documentation].
+By default, the application starts and connects to an embedded instance of Hazelcast.
+For more information on configuring Hazelcast, see the https://docs.hazelcast.org/docs/{hazelcast-version}/manual/html-single/index.html#hazelcast-configuration[reference documentation].
+====
 
 == Servlet Container Initialization
 
-Our <<security-spring-configuration,Spring Configuration>> created a Spring Bean named `springSessionRepositoryFilter` that implements `Filter`.
+Our <<security-spring-configuration,Spring Configuration>> created a Spring bean named `springSessionRepositoryFilter` that implements `Filter`.
 The `springSessionRepositoryFilter` bean is responsible for replacing the `HttpSession` with a custom implementation that is backed by Spring Session.
 
 In order for our `Filter` to do its magic, Spring needs to load our `SessionConfig` class.
-Since our application is already loading Spring configuration using our `SecurityInitializer` class, we can simply add our `SessionConfig` class to it.
+Since our application is already loading Spring configuration by using our `SecurityInitializer` class, we can add our `SessionConfig` class to it.
+The following listing shows how to do so:
 
+====
 .src/main/java/sample/SecurityInitializer.java
 [source,java]
 ----
 include::{samples-dir}javaconfig/hazelcast/src/main/java/sample/SecurityInitializer.java[tags=class]
 ----
+====
 
-Last we need to ensure that our Servlet Container (i.e. Tomcat) uses our `springSessionRepositoryFilter` for every request.
+Last, we need to ensure that our Servlet Container (that is, Tomcat) uses our `springSessionRepositoryFilter` for every request.
 It is extremely important that Spring Session's `springSessionRepositoryFilter` is invoked before Spring Security's `springSecurityFilterChain`.
-This ensures that the `HttpSession` that Spring Security uses is backed by Spring Session.
-Fortunately, Spring Session provides a utility class named `AbstractHttpSessionApplicationInitializer` that makes this extremely easy.
-You can find an example below:
+Doing so ensures that the `HttpSession` that Spring Security uses is backed by Spring Session.
+Fortunately, Spring Session provides a utility class named `AbstractHttpSessionApplicationInitializer` that makes this doing so easy.
+The following example shows how to do so:
 
+====
 .src/main/java/sample/Initializer.java
 [source,java]
 ----
 include::{samples-dir}javaconfig/hazelcast/src/main/java/sample/Initializer.java[tags=class]
 ----
+====
 
-NOTE: The name of our class (Initializer) does not matter. What is important is that we extend `AbstractHttpSessionApplicationInitializer`.
+NOTE: The name of our class (`Initializer`) does not matter. What is important is that we extend `AbstractHttpSessionApplicationInitializer`.
 
-By extending `AbstractHttpSessionApplicationInitializer` we ensure that the Spring Bean by the name `springSessionRepositoryFilter` is registered with our Servlet Container for every request before Spring Security's `springSecurityFilterChain`.
+By extending `AbstractHttpSessionApplicationInitializer`, we ensure that the Spring Bean named `springSessionRepositoryFilter` is registered with our servlet container for every request before Spring Security's `springSecurityFilterChain`.
 
 // end::config[]
 
 [[hazelcast-spring-security-sample]]
 == Hazelcast Spring Security Sample Application
 
+This section describes how to work with the Hazelcast Spring Security sample application.
+
 === Running the Sample Application
 
 You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
 
-[NOTE]
 ====
-Hazelcast will run in embedded mode with your application by default, but if you want to connect
-to a stand alone instance instead, you can configure it by following the instructions in the
-https://docs.hazelcast.org/docs/{hazelcast-version}/manual/html-single/index.html#hazelcast-configuration[reference documentation].
-====
-
 ----
 $ ./gradlew :spring-session-sample-javaconfig-hazelcast:tomcatRun
 ----
+====
+
+NOTE: By default, Hazelcast runs in embedded mode with your application.
+However, if you want to connect to a standalone instance instead, you can configure it by following the instructions in the https://docs.hazelcast.org/docs/{hazelcast-version}/manual/html-single/index.html#hazelcast-configuration[reference documentation].
 
 You should now be able to access the application at http://localhost:8080/
 
-=== Exploring the security Sample Application
+=== Exploring the Security Sample Application
 
-Try using the application. Enter the following to log in:
+You can now try using the application.
+To do so, enter the following to log in:
 
-* **Username** _user_
-* **Password** _password_
+* *Username* _user_
+* *Password* _password_
 
-Now click the **Login** button.
-You should now see a message indicating your are logged in with the user entered previously.
+Now click the *Login* button.
+You should now see a message indicating that your are logged in with the user entered previously.
 The user's information is stored in Hazelcast rather than Tomcat's `HttpSession` implementation.
 
-=== How does it work?
+=== How Does It Work?
 
-Instead of using Tomcat's `HttpSession`, we are actually persisting the values in Hazelcast.
+Instead of using Tomcat's `HttpSession`, we persist the values in Hazelcast.
 Spring Session replaces the `HttpSession` with an implementation that is backed by a `Map` in Hazelcast.
-When Spring Security's `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession` it is then persisted into Hazelcast.
+When Spring Security's `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession`, it is then persisted into Hazelcast.
 
-When a new `HttpSession` is created, Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
-Go ahead and view the cookies (click for help with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
+When a new `HttpSession` is created, Spring Session creates a cookie named `SESSION` in your browser. That cookie contains the ID of your session.
+You can view the cookies (with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
 
-=== Interact with the data store
+=== Interacting with the Data Store
 
-If you like, you can remove the session using https://docs.hazelcast.org/docs/{hazelcast-version}/manual/html-single/index.html#hazelcast-java-client[a Java client],
+You can remove the session by using https://docs.hazelcast.org/docs/{hazelcast-version}/manual/html-single/index.html#hazelcast-java-client[a Java client],
 https://docs.hazelcast.org/docs/{hazelcast-version}/manual/html-single/index.html#other-client-implementations[one of the other clients], or the
 https://docs.hazelcast.org/docs/{hazelcast-version}/manual/html-single/index.html#management-center[management center].
 
-==== Using the console
+==== Using the Console
 
-For example, using the management center console after connecting to your Hazelcast node:
+For example, to remove the session by using the management center console after connecting to your Hazelcast node, run the following commands:
 
+====
+----
 	default> ns spring:session:sessions
 	spring:session:sessions> m.clear
+----
+====
 
 TIP: The Hazelcast documentation has instructions for https://docs.hazelcast.org/docs/{hazelcast-version}/manual/html-single/index.html#executing-console-commands[the console].
 
-Alternatively, you can also delete the explicit key. Enter the following into the console ensuring to replace `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your SESSION cookie:
+Alternatively, you can also delete the explicit key. Enter the following into the console, being sure to replace `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your `SESSION` cookie:
 
+====
+----
 	spring:session:sessions> m.remove 7e8383a4-082c-4ffe-a4bc-c40fd3363c5e
+----
+====
 
 Now visit the application at http://localhost:8080/ and observe that we are no longer authenticated.
 
 ==== Using the REST API
 
-As described in the other clients section of the documentation, there is a 
+As described in the section of the documentation that cover other clients, there is a
 https://docs.hazelcast.org/docs/{hazelcast-version}/manual/html-single/index.html#rest-client[REST API]
 provided by the Hazelcast node(s).
 
-For example, you could delete an individual key as follows (replacing `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your SESSION cookie):
+For example, you could delete an individual key as follows (being sure to replace `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your SESSION cookie):
 
+====
+----
 	$ curl -v -X DELETE http://localhost:xxxxx/hazelcast/rest/maps/spring:session:sessions/7e8383a4-082c-4ffe-a4bc-c40fd3363c5e
+----
+====
 
-TIP: The port number of the Hazelcast node will be printed to the console on startup. Replace `xxxxx` above with the port number.
+TIP: The port number of the Hazelcast node is printed to the console on startup. Replace `xxxxx` with the port number.
 
-Now observe that you are no longer authenticated with this session.
+Now you can see that you are no longer authenticated with this session.

docs/src/docs/asciidoc/guides/java-jdbc.adoc

@@ -4,12 +4,14 @@ Rob Winch, Vedran Pavić
 
 This guide describes how to use Spring Session to transparently leverage a relational database to back a web application's `HttpSession` with Java Configuration.
 
-NOTE: The completed guide can be found in the <<httpsession-jdbc-sample, httpsession-jdbc sample application>>.
+NOTE: You can find the completed guide in the <<httpsession-jdbc-sample, httpsession-jdbc sample application>>.
 
 == Updating Dependencies
-Before you use Spring Session, you must ensure to update your dependencies.
-If you are using Maven, ensure to add the following dependencies:
 
+Before you use Spring Session, you must update your dependencies.
+If you use Maven, you must add the following dependencies:
+
+====
 .pom.xml
 [source,xml]
 [subs="verbatim,attributes"]
@@ -30,11 +32,13 @@ If you are using Maven, ensure to add the following dependencies:
 	</dependency>
 </dependencies>
 ----
+====
 
 ifeval::["{version-snapshot}" == "true"]
 Since we are using a SNAPSHOT version, we need to ensure to add the Spring Snapshot Maven Repository.
-Ensure you have the following in your pom.xml:
+You must have the following in your pom.xml:
 
+====
 .pom.xml
 [source,xml]
 ----
@@ -48,12 +52,14 @@ Ensure you have the following in your pom.xml:
 	</repository>
 </repositories>
 ----
+====
 endif::[]
 
 ifeval::["{version-milestone}" == "true"]
-Since We are using a Milestone version, we need to ensure to add the Spring Milestone Maven Repository.
-Ensure you have the following in your pom.xml:
+Since we are using a Milestone version, we need to add the Spring Milestone Maven Repository.
+You must have the following in your pom.xml:
 
+====
 .pom.xml
 [source,xml]
 ----
@@ -62,6 +68,7 @@ Ensure you have the following in your pom.xml:
 	<url>https://repo.spring.io/libs-milestone</url>
 </repository>
 ----
+====
 endif::[]
 
 // tag::config[]
@@ -71,82 +78,95 @@ endif::[]
 
 After adding the required dependencies, we can create our Spring configuration.
 The Spring configuration is responsible for creating a Servlet Filter that replaces the `HttpSession` implementation with an implementation backed by Spring Session.
-Add the following Spring Configuration:
+To do so, add the following Spring Configuration:
 
+====
 [source,java]
 ----
 include::{samples-dir}javaconfig/jdbc/src/main/java/sample/Config.java[tags=class]
 ----
 
-<1> The `@EnableJdbcHttpSession` annotation creates a Spring Bean with the name of `springSessionRepositoryFilter` that implements Filter.
-The filter is what is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
-In this instance Spring Session is backed by a relational database.
-<2> We create a `dataSource` that connects Spring Session to an embedded instance of H2 database.
-We configure the H2 database to create database tables using the SQL script which is included in Spring Session.
+<1> The `@EnableJdbcHttpSession` annotation creates a Spring Bean with the name of `springSessionRepositoryFilter`.
+That bean implements `Filter`.
+The filter is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
+In this instance, Spring Session is backed by a relational database.
+<2> We create a `dataSource` that connects Spring Session to an embedded instance of an H2 database.
+We configure the H2 database to create database tables by using the SQL script that is included in Spring Session.
 <3> We create a `transactionManager` that manages transactions for previously configured `dataSource`.
+====
 
-For additional information on how to configure data access related concerns, please refer to the https://docs.spring.io/spring/docs/{spring-framework-version}/spring-framework-reference/data-access.html[Spring Framework Reference Documentation].
+For additional information on how to configure data access related concerns, see the https://docs.spring.io/spring/docs/{spring-framework-version}/spring-framework-reference/data-access.html[Spring Framework Reference Documentation].
 
 == Java Servlet Container Initialization
 
-Our <<httpsession-spring-configuration,Spring Configuration>> created a Spring Bean named `springSessionRepositoryFilter` that implements `Filter`.
+Our <<httpsession-spring-configuration,Spring Configuration>> created a Spring bean named `springSessionRepositoryFilter` that implements `Filter`.
 The `springSessionRepositoryFilter` bean is responsible for replacing the `HttpSession` with a custom implementation that is backed by Spring Session.
 
 In order for our `Filter` to do its magic, Spring needs to load our `Config` class.
-Last we need to ensure that our Servlet Container (i.e. Tomcat) uses our `springSessionRepositoryFilter` for every request.
-Fortunately, Spring Session provides a utility class named `AbstractHttpSessionApplicationInitializer` both of these steps extremely easy.
-You can find an example below:
+Last, we need to ensure that our Servlet Container (that is, Tomcat) uses our `springSessionRepositoryFilter` for every request.
+Fortunately, Spring Session provides a utility class named `AbstractHttpSessionApplicationInitializer` to make both of these steps easy.
+The following example shows how to do so:
 
+====
 .src/main/java/sample/Initializer.java
 [source,java]
 ----
 include::{samples-dir}javaconfig/jdbc/src/main/java/sample/Initializer.java[tags=class]
 ----
 
-NOTE: The name of our class (Initializer) does not matter. What is important is that we extend `AbstractHttpSessionApplicationInitializer`.
+NOTE: The name of our class (Initializer) does not matter.
+What is important is that we extend `AbstractHttpSessionApplicationInitializer`.
 
 <1> The first step is to extend `AbstractHttpSessionApplicationInitializer`.
-This ensures that the Spring Bean by the name `springSessionRepositoryFilter` is registered with our Servlet Container for every request.
-<2> `AbstractHttpSessionApplicationInitializer` also provides a mechanism to easily ensure Spring loads our `Config`.
+Doing so ensures that the Spring bean named `springSessionRepositoryFilter` is registered with our Servlet Container for every request.
+<2> `AbstractHttpSessionApplicationInitializer` also provides a mechanism to ensure Spring loads our `Config`.
+====
 
 // end::config[]
 
 [[httpsession-jdbc-sample]]
-== httpsession-jdbc Sample Application
+== `httpsession-jdbc` Sample Application
 
-=== Running the httpsession-jdbc Sample Application
+This section describes how to work with the `httpsession-jdbc` Sample Application.
+
+=== Running the `httpsession-jdbc` Sample Application
 
 You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
 
+====
 ----
 $ ./gradlew :spring-session-sample-javaconfig-jdbc:tomcatRun
 ----
+====
 
 You should now be able to access the application at http://localhost:8080/
 
-=== Exploring the httpsession-jdbc Sample Application
+=== Exploring the `httpsession-jdbc` Sample Application
 
-Try using the application. Fill out the form with the following information:
+Now you can try using the application. To do so, fill out the form with the following information:
 
-* **Attribute Name:** _username_
-* **Attribute Value:** _rob_
+* *Attribute Name:* _username_
+* *Attribute Value:* _rob_
 
-Now click the **Set Attribute** button. You should now see the values displayed in the table.
+Now click the *Set Attribute* button. You should now see the values displayed in the table.
 
-=== How does it work?
+=== How Does It Work?
 
-We interact with the standard `HttpSession` in the `SessionServlet` shown below:
+We interact with the standard `HttpSession` in the `SessionServlet` shown in the following listing:
 
+====
 .src/main/java/sample/SessionServlet.java
 [source,java]
 ----
 include::{samples-dir}javaconfig/jdbc/src/main/java/sample/SessionServlet.java[tags=class]
 ----
+====
 
-Instead of using Tomcat's `HttpSession`, we are actually persisting the values in H2 database.
-Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
-Go ahead and view the cookies (click for help with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
+Instead of using Tomcat's `HttpSession`, we persist the values in H2 database.
+Spring Session creates a cookie named `SESSION` in your browser.
+That cookie contains the ID of your session.
+You can view the cookies (with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
 
-If you like, you can easily remove the session using H2 web console available at: http://localhost:8080/h2-console/ (use `jdbc:h2:mem:testdb` for JDBC URL)
+If you like, you can remove the session by using the H2 web console available at: http://localhost:8080/h2-console/ (use `jdbc:h2:mem:testdb` for JDBC URL).
 
-Now visit the application at http://localhost:8080/ and observe that the attribute we added is no longer displayed.
+Now you can visit the application at http://localhost:8080/ and see that the attribute we added is no longer displayed.

docs/src/docs/asciidoc/guides/java-redis.adoc

@@ -1,15 +1,17 @@
 = Spring Session - HttpSession (Quick Start)
 Rob Winch
 :toc:
+:version-snapshot: true
 
 This guide describes how to use Spring Session to transparently leverage Redis to back a web application's `HttpSession` with Java Configuration.
 
-NOTE: The completed guide can be found in the <<httpsession-sample, httpsession sample application>>.
+NOTE: You can find the completed guide in the <<httpsession-sample, httpsession sample application>>.
 
 == Updating Dependencies
-Before you use Spring Session, you must ensure to update your dependencies.
-If you are using Maven, ensure to add the following dependencies:
+Before you use Spring Session, you must update your dependencies.
+If you are using Maven, you must add the following dependencies:
 
+====
 .pom.xml
 [source,xml]
 [subs="verbatim,attributes"]
@@ -35,11 +37,13 @@ If you are using Maven, ensure to add the following dependencies:
 	</dependency>
 </dependencies>
 ----
+====
 
 ifeval::["{version-snapshot}" == "true"]
 Since we are using a SNAPSHOT version, we need to ensure to add the Spring Snapshot Maven Repository.
-Ensure you have the following in your pom.xml:
+You must have the following in your pom.xml:
 
+====
 .pom.xml
 [source,xml]
 ----
@@ -53,12 +57,14 @@ Ensure you have the following in your pom.xml:
 	</repository>
 </repositories>
 ----
+====
 endif::[]
 
 ifeval::["{version-milestone}" == "true"]
-Since We are using a Milestone version, we need to ensure to add the Spring Milestone Maven Repository.
-Ensure you have the following in your pom.xml:
+Since we are using a Milestone version, we need to ensure to add the Spring Milestone Maven Repository.
+You must have the following in your pom.xml:
 
+====
 .pom.xml
 [source,xml]
 ----
@@ -67,6 +73,7 @@ Ensure you have the following in your pom.xml:
 	<url>https://repo.spring.io/libs-milestone</url>
 </repository>
 ----
+====
 endif::[]
 
 // tag::config[]
@@ -75,20 +82,22 @@ endif::[]
 == Spring Java Configuration
 
 After adding the required dependencies, we can create our Spring configuration.
-The Spring configuration is responsible for creating a Servlet Filter that replaces the `HttpSession` implementation with an implementation backed by Spring Session.
-Add the following Spring Configuration:
+The Spring configuration is responsible for creating a servlet filter that replaces the `HttpSession` implementation with an implementation backed by Spring Session.
+To do so, add the following Spring Configuration:
 
+====
 [source,java]
 ----
 include::{samples-dir}javaconfig/redis/src/main/java/sample/Config.java[tags=class]
 ----
 
-<1> The `@EnableRedisHttpSession` annotation creates a Spring Bean with the name of `springSessionRepositoryFilter` that implements Filter.
-The filter is what is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
-In this instance Spring Session is backed by Redis.
+<1> The `@EnableRedisHttpSession` annotation creates a Spring Bean with the name of `springSessionRepositoryFilter` that implements `Filter`.
+The filter is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
+In this instance, Spring Session is backed by Redis.
 <2> We create a `RedisConnectionFactory` that connects Spring Session to the Redis Server.
-We configure the connection to connect to localhost on the default port (6379)
-For more information on configuring Spring Data Redis, refer to the https://docs.spring.io/spring-data/data-redis/docs/{spring-data-redis-version}/reference/html/[reference documentation].
+We configure the connection to connect to localhost on the default port (6379).
+For more information on configuring Spring Data Redis, see the https://docs.spring.io/spring-data/data-redis/docs/{spring-data-redis-version}/reference/html/[reference documentation].
+====
 
 == Java Servlet Container Initialization
 
@@ -96,22 +105,24 @@ Our <<httpsession-spring-configuration,Spring Configuration>> created a Spring B
 The `springSessionRepositoryFilter` bean is responsible for replacing the `HttpSession` with a custom implementation that is backed by Spring Session.
 
 In order for our `Filter` to do its magic, Spring needs to load our `Config` class.
-Last we need to ensure that our Servlet Container (i.e. Tomcat) uses our `springSessionRepositoryFilter` for every request.
-Fortunately, Spring Session provides a utility class named `AbstractHttpSessionApplicationInitializer` both of these steps extremely easy.
-You can find an example below:
+Last, we need to ensure that our Servlet Container (that is, Tomcat) uses our `springSessionRepositoryFilter` for every request.
+Fortunately, Spring Session provides a utility class named `AbstractHttpSessionApplicationInitializer` to make both of these steps easy.
+The following shows an example:
 
+====
 .src/main/java/sample/Initializer.java
 [source,java]
 ----
 include::{samples-dir}javaconfig/redis/src/main/java/sample/Initializer.java[tags=class]
 ----
 
-NOTE: The name of our class (Initializer) does not matter. What is important is that we extend `AbstractHttpSessionApplicationInitializer`.
+
+NOTE: The name of our class (`Initializer`) does not matter. What is important is that we extend `AbstractHttpSessionApplicationInitializer`.
 
 <1> The first step is to extend `AbstractHttpSessionApplicationInitializer`.
-This ensures that the Spring Bean by the name `springSessionRepositoryFilter` is registered with our Servlet Container for every request.
-<2> `AbstractHttpSessionApplicationInitializer` also provides a mechanism to easily ensure Spring loads our `Config`.
-
+Doing so ensures that the Spring Bean by the name of `springSessionRepositoryFilter` is registered with our Servlet Container for every request.
+<2> `AbstractHttpSessionApplicationInitializer` also provides a mechanism to ensure Spring loads our `Config`.
+====
 // end::config[]
 
 [[httpsession-sample]]
@@ -119,54 +130,66 @@ This ensures that the Spring Bean by the name `springSessionRepositoryFilter` is
 
 
 
-=== Running the httpsession Sample Application
+=== Running the `httpsession` Sample Application
 
 You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
 
-[NOTE]
 ====
-For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
-Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
-Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
-====
-
 ----
 $ ./gradlew :spring-session-sample-javaconfig-redis:tomcatRun
 ----
+====
+
+NOTE: For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
+Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
+Another option is to use https://www.docker.com/[Docker] to run Redis on localhost.
+See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
 
 You should now be able to access the application at http://localhost:8080/
 
-=== Exploring the httpsession Sample Application
+=== Exploring the `httpsession` Sample Application
 
-Try using the application. Fill out the form with the following information:
+Now you can try to use the application. To do so, fill out the form with the following information:
 
-* **Attribute Name:** _username_
-* **Attribute Value:** _rob_
+* *Attribute Name:* _username_
+* *Attribute Value:* _rob_
 
-Now click the **Set Attribute** button. You should now see the values displayed in the table.
+Now click the *Set Attribute* button. You should now see the values displayed in the table.
 
-=== How does it work?
+=== How Does It Work?
 
-We interact with the standard `HttpSession` in the `SessionServlet` shown below:
+We interact with the standard `HttpSession` in the `SessionServlet` shown in the following listing:
 
+====
 .src/main/java/sample/SessionServlet.java
 [source,java]
 ----
 include::{samples-dir}javaconfig/redis/src/main/java/sample/SessionServlet.java[tags=class]
 ----
+====
 
-Instead of using Tomcat's `HttpSession`, we are actually persisting the values in Redis.
-Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
-Go ahead and view the cookies (click for help with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
+Instead of using Tomcat's `HttpSession`, we persist the values in Redis.
+Spring Session creates a cookie named `SESSION` in your browser.
+That cookie contains the ID of your session.
+You can view the cookies (with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
 
-If you like, you can easily remove the session using redis-cli. For example, on a Linux based system you can type:
+You can remove the session by using redis-cli.
+For example, on a Linux based system you can type the following:
 
+====
+----
 	$ redis-cli keys '*' | xargs redis-cli del
+----
+====
 
 TIP: The Redis documentation has instructions for https://redis.io/topics/quickstart[installing redis-cli].
 
-Alternatively, you can also delete the explicit key. Enter the following into your terminal ensuring to replace `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your SESSION cookie:
+Alternatively, you can also delete the explicit key. Enter the following into your terminal, being sure to replace `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your SESSION cookie:
 
+====
+----
 	$ redis-cli del spring:session:sessions:7e8383a4-082c-4ffe-a4bc-c40fd3363c5e
+----
+====
 
-Now visit the application at http://localhost:8080/ and observe that the attribute we added is no longer displayed.
+Now you can visit the application at http://localhost:8080/ and see that the attribute we added is no longer displayed.

docs/src/docs/asciidoc/guides/java-rest.adoc

@@ -2,14 +2,16 @@
 Rob Winch
 :toc:
 
-This guide describes how to use Spring Session to transparently leverage Redis to back a web application's `HttpSession` when using REST endpoints.
+This guide describes how to use Spring Session to transparently leverage Redis to back a web application's `HttpSession` when you use REST endpoints.
 
-NOTE: The completed guide can be found in the <<rest-sample, rest sample application>>.
+NOTE: You can find the completed guide in the <<rest-sample, rest sample application>>.
 
 == Updating Dependencies
-Before you use Spring Session, you must ensure to update your dependencies.
-If you are using Maven, ensure to add the following dependencies:
 
+Before you use Spring Session, you must update your dependencies.
+If you use Maven, you must add the following dependencies:
+
+====
 .pom.xml
 [source,xml]
 [subs="verbatim,attributes"]
@@ -35,11 +37,13 @@ If you are using Maven, ensure to add the following dependencies:
 	</dependency>
 </dependencies>
 ----
+====
 
 ifeval::["{version-snapshot}" == "true"]
-Since We are using a SNAPSHOT version, we need to ensure to add the Spring Snapshot Maven Repository.
-Ensure you have the following in your pom.xml:
+Since we are using a SNAPSHOT version, we need to ensure to add the Spring Snapshot Maven Repository.
+You must have the following in your pom.xml:
 
+====
 .pom.xml
 [source,xml]
 ----
@@ -53,12 +57,14 @@ Ensure you have the following in your pom.xml:
 	</repository>
 </repositories>
 ----
+====
 endif::[]
 
 ifeval::["{version-milestone}" == "true"]
-Since We are using a Milestone version, we need to ensure to add the Spring Milestone Maven Repository.
-Ensure you have the following in your pom.xml:
+Since we are using a Milestone version, we need to add the Spring Milestone Maven Repository.
+You msut have the following in your pom.xml:
 
+====
 .pom.xml
 [source,xml]
 ----
@@ -67,6 +73,7 @@ Ensure you have the following in your pom.xml:
 	<url>https://repo.spring.io/libs-milestone</url>
 </repository>
 ----
+====
 endif::[]
 
 // tag::config[]
@@ -75,83 +82,103 @@ endif::[]
 == Spring Configuration
 
 After adding the required dependencies, we can create our Spring configuration.
-The Spring configuration is responsible for creating a Servlet Filter that replaces the `HttpSession` implementation with an implementation backed by Spring Session.
-Add the following Spring Configuration:
+The Spring configuration is responsible for creating a servlet filter that replaces the `HttpSession` implementation with an implementation backed by Spring Session.
+To do so, add the following Spring Configuration:
 
+====
 [source,java]
 ----
 include::{samples-dir}javaconfig/rest/src/main/java/sample/HttpSessionConfig.java[tags=class]
 ----
 
-<1> The `@EnableRedisHttpSession` annotation creates a Spring Bean with the name of `springSessionRepositoryFilter` that implements `Filter`.
-The filter is what is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
-In this instance Spring Session is backed by Redis.
+<1> The `@EnableRedisHttpSession` annotation creates a Spring bean named `springSessionRepositoryFilter` that implements `Filter`.
+The filter is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
+In this instance, Spring Session is backed by Redis.
 <2> We create a `RedisConnectionFactory` that connects Spring Session to the Redis Server.
-We configure the connection to connect to localhost on the default port (6379)
-For more information on configuring Spring Data Redis, refer to the https://docs.spring.io/spring-data/data-redis/docs/{spring-data-redis-version}/reference/html/[reference documentation].
+We configure the connection to connect to localhost on the default port (6379).
+For more information on configuring Spring Data Redis, see the https://docs.spring.io/spring-data/data-redis/docs/{spring-data-redis-version}/reference/html/[reference documentation].
 <3> We customize Spring Session's HttpSession integration to use HTTP headers to convey the current session information instead of cookies.
+====
 
 == Servlet Container Initialization
 
 Our <<rest-spring-configuration,Spring Configuration>> created a Spring Bean named `springSessionRepositoryFilter` that implements `Filter`.
 The `springSessionRepositoryFilter` bean is responsible for replacing the `HttpSession` with a custom implementation that is backed by Spring Session.
 
-In order for our `Filter` to do its magic, Spring needs to load our `Config` class. We provide the configuration in our Spring `MvcInitializer` as shown below:
+In order for our `Filter` to do its magic, Spring needs to load our `Config` class.
+We provide the configuration in our Spring `MvcInitializer`, as the following example shows:
 
+====
 .src/main/java/sample/mvc/MvcInitializer.java
 [source,java,indent=0]
 ----
 include::{samples-dir}javaconfig/rest/src/main/java/sample/mvc/MvcInitializer.java[tags=config]
 ----
+====
 
-Last we need to ensure that our Servlet Container (i.e. Tomcat) uses our `springSessionRepositoryFilter` for every request.
-Fortunately, Spring Session provides a utility class named `AbstractHttpSessionApplicationInitializer` that makes this extremely easy. Simply extend the class with the default constructor as shown below:
+Last, we need to ensure that our Servlet Container (that is, Tomcat) uses our `springSessionRepositoryFilter` for every request.
+Fortunately, Spring Session provides a utility class named `AbstractHttpSessionApplicationInitializer` that makes doing so easy. To do so, extend the class with the default constructor, as the following example shows:
 
+====
 .src/main/java/sample/Initializer.java
 [source,java]
 ----
 include::{samples-dir}javaconfig/rest/src/main/java/sample/Initializer.java[tags=class]
 ----
+====
 
-NOTE: The name of our class (Initializer) does not matter. What is important is that we extend `AbstractHttpSessionApplicationInitializer`.
+NOTE: The name of our class (`Initializer`) does not matter. What is important is that we extend `AbstractHttpSessionApplicationInitializer`.
 
 // end::config[]
 
 [[rest-sample]]
-== rest Sample Application
+== `rest` Sample Application
 
-=== Running the rest Sample Application
+This section describes how to use the `rest` sample application.
+
+=== Running the `rest` Sample Application
 
 You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
 
-[NOTE]
-====
-For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
+NOTE: For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
 Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
-Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
-====
+Another option is to use https://www.docker.com/[Docker] to run Redis on localhost.
+See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
 
+====
 ----
 $ ./gradlew :spring-session-sample-javaconfig-rest:tomcatRun
 ----
+====
 
 You should now be able to access the application at http://localhost:8080/
 
-=== Exploring the rest Sample Application
+=== Exploring the `rest` Sample Application
 
-Try using the application. Use your favorite REST client to request http://localhost:8080/
+You can now try to use the application. To do so, use your favorite REST client to request http://localhost:8080/
 
+====
+----
 	$ curl -v http://localhost:8080/
+----
+====
 
-Observe that we are prompted for basic authentication. Provide the following information for the username and password:
+Note that you are prompted for basic authentication. Provide the following information for the username and password:
 
-* **Username** *user*
-* **Password** *password*
+* *Username* _user-
+* *Password* _password_
 
+Then run the following command:
+
+====
+----
 $ curl -v http://localhost:8080/ -u user:password
+----
+====
 
-In the output you will notice the following:
+In the output, you should notice the following:
 
+====
 ----
 HTTP/1.1 200 OK
 ...
@@ -159,44 +186,62 @@ X-Auth-Token: 0dc1f6e1-c7f1-41ac-8ce2-32b6b3e57aa3
 
 {"username":"user"}
 ----
+====
 
-Specifically, we notice the following things about our response:
+Specifically, you should notice the following things about our response:
 
-* The HTTP Status is now a 200
-* We have a header with the name of *X-Auth-Token* which contains a new session id
-* The current username is displayed
+* The HTTP Status is now a 200.
+* We have a header a the name of `X-Auth-Token` and that contains a new session ID.
+* The current username is displayed.
 
-We can now use the *X-Auth-Token* to make another request without providing the username and password again. For example, the following outputs the username just as before:
+We can now use the `X-Auth-Token` to make another request without providing the username and password again. For example, the following command outputs the username, as before:
 
+====
+----
 	$ curl -v http://localhost:8080/ -H "X-Auth-Token: 0dc1f6e1-c7f1-41ac-8ce2-32b6b3e57aa3"
+----
+====
 
-The only difference is that the session id is not provided in the response headers because we are reusing an existing session.
+The only difference is that the session ID is not provided in the response headers because we are reusing an existing session.
 
-If we invalidate the session, then the X-Auth-Token is displayed in the response with an empty value. For example, the following will invalidate our session:
+If we invalidate the session, the `X-Auth-Token` is displayed in the response with an empty value. For example, the following command invalidates our session:
 
+====
+----
 	$ curl -v http://localhost:8080/logout -H "X-Auth-Token: 0dc1f6e1-c7f1-41ac-8ce2-32b6b3e57aa3"
+----
+====
 
-You will see in the output that the X-Auth-Token provides an empty String indicating that the previous session was invalidated.
+You can see in the output that the `X-Auth-Token` provides an empty `String` indicating that the previous session was invalidated:
 
+====
 ----
 HTTP/1.1 204 No Content
 ...
 X-Auth-Token:
 ----
+====
 
-=== How does it work?
+=== How Does It Work?
 
 Spring Security interacts with the standard `HttpSession` in `SecurityContextPersistenceFilter`.
 
 Instead of using Tomcat's `HttpSession`, Spring Security is now persisting the values in Redis.
-Spring Session creates a header named X-Auth-Token in your browser that contains the id of your session.
+Spring Session creates a header named `X-Auth-Token` in your browser.
+That header contains the ID of your session.
 
-If you like, you can easily see that the session is created in Redis. First create a session using the following:
+If you like, you can easily see that the session is created in Redis.
+To do so, create a session by using the following command:
 
+====
+----
 $ curl -v http://localhost:8080/ -u user:password
+----
+====
 
-In the output you will notice the following:
+In the output, you should notice the following:
 
+===
 ----
 HTTP/1.1 200 OK
 ...
@@ -204,17 +249,32 @@ X-Auth-Token: 7e8383a4-082c-4ffe-a4bc-c40fd3363c5e
 
 {"username":"user"}
 ----
+====
 
-Now remove the session using redis-cli. For example, on a Linux based system you can type:
+Now you can remove the session by using redis-cli.
+For example, on a Linux based system, you can type:
 
+====
+----
 	$ redis-cli keys '*' | xargs redis-cli del
+----
+====
 
 TIP: The Redis documentation has instructions for https://redis.io/topics/quickstart[installing redis-cli].
 
-Alternatively, you can also delete the explicit key. Enter the following into your terminal ensuring to replace `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your SESSION cookie:
+Alternatively, you can also delete the explicit key.
+To do so, enter the following into your terminal, being sure to replace `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your `SESSION` cookie:
 
+====
+----
 	$ redis-cli del spring:session:sessions:7e8383a4-082c-4ffe-a4bc-c40fd3363c5e
+----
+====
 
-We can now use the *X-Auth-Token* to make another request with the session we deleted and observe we are prompted for a authentication. For example, the following returns an HTTP 401:
+We can now use the `X-Auth-Token` to make another request with the session we deleted and observe we that are prompted for authentication. For example, the following returns an HTTP 401:
 
+====
+----
 	$ curl -v http://localhost:8080/ -H "X-Auth-Token: 0dc1f6e1-c7f1-41ac-8ce2-32b6b3e57aa3"
+----
+====

docs/src/docs/asciidoc/guides/java-security.adoc

@@ -5,12 +5,13 @@ Rob Winch
 This guide describes how to use Spring Session along with Spring Security.
 It assumes you have already applied Spring Security to your application.
 
-NOTE: The completed guide can be found in the <<security-sample, security sample application>>.
+NOTE: You can find the completed guide in the <<security-sample, security sample application>>.
 
 == Updating Dependencies
-Before you use Spring Session, you must ensure to update your dependencies.
-If you are using Maven, ensure to add the following dependencies:
+Before you use Spring Session, you must update your dependencies.
+If you use Maven, you must add the following dependencies:
 
+====
 .pom.xml
 [source,xml]
 [subs="verbatim,attributes"]
@@ -36,11 +37,13 @@ If you are using Maven, ensure to add the following dependencies:
 	</dependency>
 </dependencies>
 ----
+====
 
 ifeval::["{version-snapshot}" == "true"]
-Since We are using a SNAPSHOT version, we need to ensure to add the Spring Snapshot Maven Repository.
-Ensure you have the following in your pom.xml:
+Since we are using a SNAPSHOT version, we need to add the Spring Snapshot Maven Repository.
+You must have the following in your pom.xml:
 
+====
 .pom.xml
 [source,xml]
 ----
@@ -54,12 +57,14 @@ Ensure you have the following in your pom.xml:
 	</repository>
 </repositories>
 ----
+====
 endif::[]
 
 ifeval::["{version-milestone}" == "true"]
-Since We are using a Milestone version, we need to ensure to add the Spring Milestone Maven Repository.
-Ensure you have the following in your pom.xml:
+Since we are using a Milestone version, we need to add the Spring Milestone Maven Repository.
+You must have the following in your pom.xml:
 
+====
 .pom.xml
 [source,xml]
 ----
@@ -68,107 +73,121 @@ Ensure you have the following in your pom.xml:
 <url>https://repo.spring.io/libs-milestone</url>
 </repository>
 ----
+====
 endif::[]
 
 [[security-spring-configuration]]
 == Spring Configuration
 
 After adding the required dependencies, we can create our Spring configuration.
-The Spring configuration is responsible for creating a Servlet Filter that replaces the `HttpSession` implementation with an implementation backed by Spring Session.
-Add the following Spring Configuration:
+The Spring configuration is responsible for creating a servlet filter that replaces the `HttpSession` implementation with an implementation backed by Spring Session.
+To do so, add the following Spring Configuration:
 
+====
 [source,java]
 ----
 include::{samples-dir}javaconfig/security/src/main/java/sample/Config.java[tags=class]
 ----
 
-<1> The `@EnableRedisHttpSession` annotation creates a Spring Bean with the name of `springSessionRepositoryFilter` that implements Filter.
-The filter is what is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
+<1> The `@EnableRedisHttpSession` annotation creates a Spring bean with the name of `springSessionRepositoryFilter` that implements `Filter`.
+The filter is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
 In this instance Spring Session is backed by Redis.
 <2> We create a `RedisConnectionFactory` that connects Spring Session to the Redis Server.
 We configure the connection to connect to localhost on the default port (6379)
-For more information on configuring Spring Data Redis, refer to the https://docs.spring.io/spring-data/data-redis/docs/{spring-data-redis-version}/reference/html/[reference documentation].
+For more information on configuring Spring Data Redis, see the https://docs.spring.io/spring-data/data-redis/docs/{spring-data-redis-version}/reference/html/[reference documentation].
+====
 
 == Servlet Container Initialization
 
-Our <<security-spring-configuration,Spring Configuration>> created a Spring Bean named `springSessionRepositoryFilter` that implements `Filter`.
+Our <<security-spring-configuration,Spring Configuration>> created a Spring bean named `springSessionRepositoryFilter` that implements `Filter`.
 The `springSessionRepositoryFilter` bean is responsible for replacing the `HttpSession` with a custom implementation that is backed by Spring Session.
 
 In order for our `Filter` to do its magic, Spring needs to load our `Config` class.
-Since our application is already loading Spring configuration using our `SecurityInitializer` class, we can simply add our Config class to it.
+Since our application is already loading Spring configuration by using our `SecurityInitializer` class, we can add our configuration class to it.
+The following example shows how to do so:
 
+====
 .src/main/java/sample/SecurityInitializer.java
 [source,java]
 ----
 include::{samples-dir}javaconfig/security/src/main/java/sample/SecurityInitializer.java[tags=class]
 ----
+====
 
-Last we need to ensure that our Servlet Container (i.e. Tomcat) uses our `springSessionRepositoryFilter` for every request.
+Last, we need to ensure that our Servlet Container (that is, Tomcat) uses our `springSessionRepositoryFilter` for every request.
 It is extremely important that Spring Session's `springSessionRepositoryFilter` is invoked before Spring Security's `springSecurityFilterChain`.
 This ensures that the `HttpSession` that Spring Security uses is backed by Spring Session.
-Fortunately, Spring Session provides a utility class named `AbstractHttpSessionApplicationInitializer` that makes this extremely easy.
-You can find an example below:
+Fortunately, Spring Session provides a utility class named `AbstractHttpSessionApplicationInitializer` that makes doing so easy.
+The following example shows how to do so:
 
+====
 .src/main/java/sample/Initializer.java
 [source,java]
 ----
 include::{samples-dir}javaconfig/security/src/main/java/sample/Initializer.java[tags=class]
 ----
+====
 
 NOTE: The name of our class (Initializer) does not matter. What is important is that we extend `AbstractHttpSessionApplicationInitializer`.
 
-By extending `AbstractHttpSessionApplicationInitializer` we ensure that the Spring Bean by the name `springSessionRepositoryFilter` is registered with our Servlet Container for every request before Spring Security's `springSecurityFilterChain` .
+By extending `AbstractHttpSessionApplicationInitializer`, we ensure that the Spring bean named `springSessionRepositoryFilter` is registered with our Servlet Container for every request before Spring Security's `springSecurityFilterChain` .
 
 [[security-sample]]
-== security Sample Application
+== `security` Sample Application
 
+This section describes how to work with the `security` sample application.
 
-
-=== Running the security Sample Application
+=== Running the `security` Sample Application
 
 You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
 
-[NOTE]
 ====
-For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
-Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
-Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
-====
-
 ----
 $ ./gradlew :spring-session-sample-javaconfig-security:tomcatRun
 ----
+====
+
+NOTE: For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
+Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
+Another option is to use https://www.docker.com/[Docker] to run Redis on localhost.
+See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
 
 You should now be able to access the application at http://localhost:8080/
 
-=== Exploring the security Sample Application
+=== Exploring the `security` Sample Application
 
-Try using the application. Enter the following to log in:
+Now you can use the application. Enter the following to log in:
 
-* **Username** _user_
-* **Password** _password_
+* *Username* _user_
+* *Password* _password_
 
-Now click the **Login** button.
+Now click the *Login* button.
 You should now see a message indicating your are logged in with the user entered previously.
 The user's information is stored in Redis rather than Tomcat's `HttpSession` implementation.
 
-=== How does it work?
+=== How Does It Work?
 
-Instead of using Tomcat's `HttpSession`, we are actually persisting the values in Redis.
+Instead of using Tomcat's `HttpSession`, we persist the values in Redis.
 Spring Session replaces the `HttpSession` with an implementation that is backed by Redis.
-When Spring Security's `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession` it is then persisted into Redis.
+When Spring Security's `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession`, it is then persisted into Redis.
 
-When a new `HttpSession` is created, Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
-Go ahead and view the cookies (click for help with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
+When a new `HttpSession` is created, Spring Session creates a cookie named `SESSION` in your browser.
+That cookie contains the ID of your session.
+You can view the cookies (with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
 
-If you like, you can easily remove the session using redis-cli. For example, on a Linux based system you can type:
+You can remove the session using redis-cli. For example, on a Linux-based system you can type the following command:
 
+====
+----
 	$ redis-cli keys '*' | xargs redis-cli del
+----
+====
 
 TIP: The Redis documentation has instructions for https://redis.io/topics/quickstart[installing redis-cli].
 
-Alternatively, you can also delete the explicit key. Enter the following into your terminal ensuring to replace `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your SESSION cookie:
+Alternatively, you can also delete the explicit key.
+Enter the following command into your terminal, being sure to replace `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your `SESSION` cookie:
 
 	$ redis-cli del spring:session:sessions:7e8383a4-082c-4ffe-a4bc-c40fd3363c5e
 
-Now visit the application at http://localhost:8080/ and observe that we are no longer authenticated.
+Now you can visit the application at http://localhost:8080/ and see that we are no longer authenticated.

docs/src/docs/asciidoc/guides/xml-jdbc.adoc

@@ -4,12 +4,14 @@ Rob Winch, Vedran Pavić
 
 This guide describes how to use Spring Session to transparently leverage a relational to back a web application's `HttpSession` with XML based configuration.
 
-NOTE: The completed guide can be found in the <<httpsession-jdbc-xml-sample, httpsession-jdbc-xml sample application>>.
+NOTE: You can find the completed guide in the <<httpsession-jdbc-xml-sample, httpsession-jdbc-xml sample application>>.
 
 == Updating Dependencies
-Before you use Spring Session, you must ensure to update your dependencies.
-If you are using Maven, ensure to add the following dependencies:
 
+Before you use Spring Session, you must update your dependencies.
+If you are using Maven, you must add the following dependencies:
+
+====
 .pom.xml
 [source,xml]
 [subs="verbatim,attributes"]
@@ -30,11 +32,13 @@ If you are using Maven, ensure to add the following dependencies:
 	</dependency>
 </dependencies>
 ----
+====
 
 ifeval::["{version-snapshot}" == "true"]
-Since we are using a SNAPSHOT version, we need to ensure to add the Spring Snapshot Maven Repository.
-Ensure you have the following in your pom.xml:
+Since we are using a SNAPSHOT version, we need to add the Spring Snapshot Maven Repository.
+You must have the following in your pom.xml:
 
+====
 .pom.xml
 [source,xml]
 ----
@@ -48,12 +52,14 @@ Ensure you have the following in your pom.xml:
 	</repository>
 </repositories>
 ----
+====
 endif::[]
 
 ifeval::["{version-milestone}" == "true"]
-Since We are using a Milestone version, we need to ensure to add the Spring Milestone Maven Repository.
-Ensure you have the following in your pom.xml:
+Since we are using a Milestone version, we need to add the Spring Milestone Maven Repository.
+You must have the following in your pom.xml:
 
+====
 .pom.xml
 [source,xml]
 ----
@@ -63,6 +69,7 @@ Ensure you have the following in your pom.xml:
 </repository>
 ----
 endif::[]
+====
 
 // tag::config[]
 
@@ -70,9 +77,10 @@ endif::[]
 == Spring XML Configuration
 
 After adding the required dependencies, we can create our Spring configuration.
-The Spring configuration is responsible for creating a Servlet Filter that replaces the `HttpSession` implementation with an implementation backed by Spring Session.
-Add the following Spring Configuration:
+The Spring configuration is responsible for creating a servlet filter that replaces the `HttpSession` implementation with an implementation backed by Spring Session.
+The following listing shows how to add the following Spring Configuration:
 
+====
 .src/main/webapp/WEB-INF/spring/session.xml
 [source,xml,indent=0]
 ----
@@ -80,83 +88,94 @@ include::{samples-dir}xml/jdbc/src/main/webapp/WEB-INF/spring/session.xml[tags=b
 ----
 
 <1> We use the combination of `<context:annotation-config/>` and `JdbcHttpSessionConfiguration` because Spring Session does not yet provide XML Namespace support (see https://github.com/spring-projects/spring-session/issues/104[gh-104]).
-This creates a Spring Bean with the name of `springSessionRepositoryFilter` that implements Filter.
-The filter is what is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
-In this instance Spring Session is backed by a relational database.
-<2> We create a `dataSource` that connects Spring Session to an embedded instance of H2 database.
-We configure the H2 database to create database tables using the SQL script which is included in Spring Session.
+This creates a Spring bean with the name of `springSessionRepositoryFilter`.
+That bean implements `Filter`.
+The filter is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
+In this instance, Spring Session is backed by a relational database.
+<2> We create a `dataSource` that connects Spring Session to an embedded instance of an H2 database.
+We configure the H2 database to create database tables by using the SQL script that is included in Spring Session.
 <3> We create a `transactionManager` that manages transactions for previously configured `dataSource`.
+====
 
-For additional information on how to configure data access related concerns, please refer to the https://docs.spring.io/spring/docs/{spring-framework-version}/spring-framework-reference/data-access.html[Spring Framework Reference Documentation].
+For additional information on how to configure data access-related concerns, see the https://docs.spring.io/spring/docs/{spring-framework-version}/spring-framework-reference/data-access.html[Spring Framework Reference Documentation].
 
 == XML Servlet Container Initialization
 
-Our <<httpsession-xml-spring-configuration,Spring Configuration>> created a Spring Bean named `springSessionRepositoryFilter` that implements `Filter`.
+Our <<httpsession-xml-spring-configuration,Spring Configuration>> created a Spring bean named `springSessionRepositoryFilter` that implements `Filter`.
 The `springSessionRepositoryFilter` bean is responsible for replacing the `HttpSession` with a custom implementation that is backed by Spring Session.
 
 In order for our `Filter` to do its magic, we need to instruct Spring to load our `session.xml` configuration.
-We do this with the following configuration:
-
+We do so with the following configuration:
 
+====
 .src/main/webapp/WEB-INF/web.xml
 [source,xml,indent=0]
 ----
 include::{samples-dir}xml/jdbc/src/main/webapp/WEB-INF/web.xml[tags=context-param]
 include::{samples-dir}xml/jdbc/src/main/webapp/WEB-INF/web.xml[tags=listeners]
 ----
+====
 
-The https://docs.spring.io/spring/docs/{spring-framework-version}/spring-framework-reference/core.html#context-create[ContextLoaderListener] reads the contextConfigLocation and picks up our session.xml configuration.
+The https://docs.spring.io/spring/docs/{spring-framework-version}/spring-framework-reference/core.html#context-create[`ContextLoaderListener`] reads the `contextConfigLocation` and picks up our session.xml configuration.
 
-Last we need to ensure that our Servlet Container (i.e. Tomcat) uses our `springSessionRepositoryFilter` for every request.
+Last, we need to ensure that our Servlet Container (that is, Tomcat) uses our `springSessionRepositoryFilter` for every request.
 The following snippet performs this last step for us:
 
+====
 .src/main/webapp/WEB-INF/web.xml
 [source,xml,indent=0]
 ----
 include::{samples-dir}xml/jdbc/src/main/webapp/WEB-INF/web.xml[tags=springSessionRepositoryFilter]
 ----
+====
 
-The https://docs.spring.io/spring-framework/docs/{spring-framework-version}/javadoc-api/org/springframework/web/filter/DelegatingFilterProxy.html[DelegatingFilterProxy] will look up a Bean by the name of `springSessionRepositoryFilter` and cast it to a `Filter`.
-For every request that `DelegatingFilterProxy` is invoked, the `springSessionRepositoryFilter` will be invoked.
+The https://docs.spring.io/spring-framework/docs/{spring-framework-version}/javadoc-api/org/springframework/web/filter/DelegatingFilterProxy.html[`DelegatingFilterProxy`] looks up a bean named `springSessionRepositoryFilter` and casts it to a `Filter`.
+For every request on which `DelegatingFilterProxy` is invoked, the `springSessionRepositoryFilter` is invoked.
 
 // end::config[]
 
 [[httpsession-jdbc-xml-sample]]
-== httpsession-jdbc-xml Sample Application
+== `httpsession-jdbc-xml` Sample Application
 
-=== Running the httpsession-jdbc-xml Sample Application
+This section describes how to work with the `httpsession-jdbc-xml` Sample Application.
+
+=== Running the `httpsession-jdbc-xml` Sample Application
 
 You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
 
+====
 ----
 $ ./gradlew :spring-session-sample-xml-jdbc:tomcatRun
 ----
+====
 
 You should now be able to access the application at http://localhost:8080/
 
-=== Exploring the httpsession-jdbc-xml Sample Application
+=== Exploring the `httpsession-jdbc-xml` Sample Application
 
-Try using the application. Fill out the form with the following information:
+Now you can try using the application. To do so, fill out the form with the following information:
 
-* **Attribute Name:** _username_
-* **Attribute Value:** _rob_
+* *Attribute Name:* _username_
+* *Attribute Value:* _rob_
 
-Now click the **Set Attribute** button. You should now see the values displayed in the table.
+Now click the *Set Attribute* button. You should now see the values displayed in the table.
 
-=== How does it work?
+=== How Does It Work?
 
-We interact with the standard `HttpSession` in the `SessionServlet` shown below:
+We interact with the standard `HttpSession` in the following `SessionServlet`:
 
+====
 .src/main/java/sample/SessionServlet.java
 [source,java]
 ----
 include::{samples-dir}xml/jdbc/src/main/java/sample/SessionServlet.java[tags=class]
 ----
+====
 
-Instead of using Tomcat's `HttpSession`, we are actually persisting the values in H2 database.
-Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
-Go ahead and view the cookies (click for help with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
+Instead of using Tomcat's `HttpSession`, we persist the values in the H2 database.
+Spring Session creates a cookie named `SESSION` in your browser. That cookie contains the ID of your session.
+You can view the cookies (with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
 
-If you like, you can easily remove the session using H2 web console available at: http://localhost:8080/h2-console/ (use `jdbc:h2:mem:testdb` for JDBC URL)
+You can remove the session by using H2 web console available at: http://localhost:8080/h2-console/ (use `jdbc:h2:mem:testdb` for JDBC URL)
 
-Now visit the application at http://localhost:8080/ and observe that the attribute we added is no longer displayed.
+Now you can visit the application at http://localhost:8080/ and observe that the attribute we added is no longer displayed.

docs/src/docs/asciidoc/guides/xml-redis.adoc

@@ -2,14 +2,15 @@
 Rob Winch
 :toc:
 
-This guide describes how to use Spring Session to transparently leverage Redis to back a web application's `HttpSession` with XML based configuration.
+This guide describes how to use Spring Session to transparently leverage Redis to back a web application's `HttpSession` with XML-based configuration.
 
-NOTE: The completed guide can be found in the <<httpsession-xml-sample, httpsession-xml sample application>>.
+NOTE: You can find the completed guide in the <<httpsession-xml-sample, httpsession-xml sample application>>.
 
 == Updating Dependencies
-Before you use Spring Session, you must ensure to update your dependencies.
-If you are using Maven, ensure to add the following dependencies:
+Before you use Spring Session, you must update your dependencies.
+If you use Maven, you must add the following dependencies:
 
+====
 .pom.xml
 [source,xml]
 [subs="verbatim,attributes"]
@@ -35,11 +36,13 @@ If you are using Maven, ensure to add the following dependencies:
 	</dependency>
 </dependencies>
 ----
+====
 
 ifeval::["{version-snapshot}" == "true"]
-Since we are using a SNAPSHOT version, we need to ensure to add the Spring Snapshot Maven Repository.
-Ensure you have the following in your pom.xml:
+Since we are using a SNAPSHOT version, we need to add the Spring Snapshot Maven Repository.
+You must have the following in your pom.xml:
 
+====
 .pom.xml
 [source,xml]
 ----
@@ -53,12 +56,14 @@ Ensure you have the following in your pom.xml:
 	</repository>
 </repositories>
 ----
+====
 endif::[]
 
 ifeval::["{version-milestone}" == "true"]
-Since We are using a Milestone version, we need to ensure to add the Spring Milestone Maven Repository.
-Ensure you have the following in your pom.xml:
+Since we are using a Milestone version, we need to add the Spring Milestone Maven Repository.
+You must have the following in your pom.xml:
 
+====
 .pom.xml
 [source,xml]
 ----
@@ -67,6 +72,7 @@ Ensure you have the following in your pom.xml:
 	<url>https://repo.spring.io/libs-milestone</url>
 </repository>
 ----
+====
 endif::[]
 
 // tag::config[]
@@ -75,9 +81,10 @@ endif::[]
 == Spring XML Configuration
 
 After adding the required dependencies, we can create our Spring configuration.
-The Spring configuration is responsible for creating a Servlet Filter that replaces the `HttpSession` implementation with an implementation backed by Spring Session.
-Add the following Spring Configuration:
+The Spring configuration is responsible for creating a servlet filter that replaces the `HttpSession` implementation with an implementation backed by Spring Session.
+To do so, add the following Spring Configuration:
 
+====
 .src/main/webapp/WEB-INF/spring/session.xml
 [source,xml,indent=0]
 ----
@@ -85,12 +92,13 @@ include::{samples-dir}xml/redis/src/main/webapp/WEB-INF/spring/session.xml[tags=
 ----
 
 <1> We use the combination of `<context:annotation-config/>` and `RedisHttpSessionConfiguration` because Spring Session does not yet provide XML Namespace support (see https://github.com/spring-projects/spring-session/issues/104[gh-104]).
-This creates a Spring Bean with the name of `springSessionRepositoryFilter` that implements Filter.
-The filter is what is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
-In this instance Spring Session is backed by Redis.
+This creates a Spring Bean with the name of `springSessionRepositoryFilter` that implements `Filter`.
+The filter is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
+In this instance, Spring Session is backed by Redis.
 <2> We create a `RedisConnectionFactory` that connects Spring Session to the Redis Server.
 We configure the connection to connect to localhost on the default port (6379)
-For more information on configuring Spring Data Redis, refer to the https://docs.spring.io/spring-data/data-redis/docs/{spring-data-redis-version}/reference/html/[reference documentation].
+For more information on configuring Spring Data Redis, see the https://docs.spring.io/spring-data/data-redis/docs/{spring-data-redis-version}/reference/html/[reference documentation].
+====
 
 == XML Servlet Container Initialization
 
@@ -98,83 +106,99 @@ Our <<httpsession-xml-spring-configuration,Spring Configuration>> created a Spri
 The `springSessionRepositoryFilter` bean is responsible for replacing the `HttpSession` with a custom implementation that is backed by Spring Session.
 
 In order for our `Filter` to do its magic, we need to instruct Spring to load our `session.xml` configuration.
-We do this with the following configuration:
-
+We can do so with the following configuration:
 
+====
 .src/main/webapp/WEB-INF/web.xml
 [source,xml,indent=0]
 ----
 include::{samples-dir}xml/redis/src/main/webapp/WEB-INF/web.xml[tags=context-param]
 include::{samples-dir}xml/redis/src/main/webapp/WEB-INF/web.xml[tags=listeners]
 ----
+====
 
-The https://docs.spring.io/spring/docs/{spring-framework-version}/spring-framework-reference/core.html#context-create[ContextLoaderListener] reads the contextConfigLocation and picks up our session.xml configuration.
+The https://docs.spring.io/spring/docs/{spring-framework-version}/spring-framework-reference/core.html#context-create[`ContextLoaderListener`] reads the contextConfigLocation and picks up our session.xml configuration.
 
-Last we need to ensure that our Servlet Container (i.e. Tomcat) uses our `springSessionRepositoryFilter` for every request.
+Last, we need to ensure that our Servlet Container (that is, Tomcat) uses our `springSessionRepositoryFilter` for every request.
 The following snippet performs this last step for us:
 
+====
 .src/main/webapp/WEB-INF/web.xml
 [source,xml,indent=0]
 ----
 include::{samples-dir}xml/redis/src/main/webapp/WEB-INF/web.xml[tags=springSessionRepositoryFilter]
 ----
+====
 
-The https://docs.spring.io/spring-framework/docs/{spring-framework-version}/javadoc-api/org/springframework/web/filter/DelegatingFilterProxy.html[DelegatingFilterProxy] will look up a Bean by the name of `springSessionRepositoryFilter` and cast it to a `Filter`.
-For every request that `DelegatingFilterProxy` is invoked, the `springSessionRepositoryFilter` will be invoked.
+The https://docs.spring.io/spring-framework/docs/{spring-framework-version}/javadoc-api/org/springframework/web/filter/DelegatingFilterProxy.html[`DelegatingFilterProxy`] looks up a Bean by the name of `springSessionRepositoryFilter` and cast it to a `Filter`.
+For every request that `DelegatingFilterProxy` is invoked, the `springSessionRepositoryFilter` is invoked.
 
 // end::config[]
 
 [[httpsession-xml-sample]]
-== httpsession-xml Sample Application
+== `httpsession-xml` Sample Application
 
-=== Running the httpsession-xml Sample Application
+This section describes how to work with the `httpsession-xml` sample application.
+
+=== Running the `httpsession-xml` Sample Application
 
 You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
 
-[NOTE]
-====
-For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
+NOTE: For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
 Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
 Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
-====
 
+====
 ----
 $ ./gradlew :spring-session-sample-xml-redis:tomcatRun
 ----
+====
 
 You should now be able to access the application at http://localhost:8080/
 
-=== Exploring the httpsession-xml Sample Application
+=== Exploring the `httpsession-xml` Sample Application
 
-Try using the application. Fill out the form with the following information:
+Now you can try using the application. Fill out the form with the following information:
 
-* **Attribute Name:** _username_
-* **Attribute Value:** _rob_
+* *Attribute Name:* _username_
+* *Attribute Value:* _rob_
 
-Now click the **Set Attribute** button. You should now see the values displayed in the table.
+Now click the *Set Attribute* button. You should now see the values displayed in the table.
 
-=== How does it work?
+=== How Does It Work?
 
-We interact with the standard `HttpSession` in the `SessionServlet` shown below:
+We interact with the standard `HttpSession` in the `SessionServlet` shown in the following listing:
 
+====
 .src/main/java/sample/SessionServlet.java
 [source,java]
 ----
 include::{samples-dir}xml/redis/src/main/java/sample/SessionServlet.java[tags=class]
 ----
+====
 
-Instead of using Tomcat's `HttpSession`, we are actually persisting the values in Redis.
-Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
-Go ahead and view the cookies (click for help with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
+Instead of using Tomcat's `HttpSession`, we persist the values in Redis.
+Spring Session creates a cookie named SESSION in your browser.
+That cookie contains the ID of your session.
+You can view the cookies (with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
 
-If you like, you can easily remove the session using redis-cli. For example, on a Linux based system you can type:
+You can remove the session using redis-cli.
+For example, on a Linux based system you can type the following:
 
+====
+----
 	$ redis-cli keys '*' | xargs redis-cli del
+----
+====
 
 TIP: The Redis documentation has instructions for https://redis.io/topics/quickstart[installing redis-cli].
 
-Alternatively, you can also delete the explicit key. Enter the following into your terminal ensuring to replace `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your SESSION cookie:
+Alternatively, you can also delete the explicit key. To do so, enter the following into your terminal, being sure to replace `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your SESSION cookie:
 
+====
+----
 	$ redis-cli del spring:session:sessions:7e8383a4-082c-4ffe-a4bc-c40fd3363c5e
+----
+====
 
-Now visit the application at http://localhost:8080/ and observe that the attribute we added is no longer displayed.
+Now you can visit the application at http://localhost:8080/ and see that the attribute we added is no longer displayed.

docs/src/test/java/docs/FindByIndexNameSessionRepositoryTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -52,9 +52,7 @@ public class FindByIndexNameSessionRepositoryTests {
 		// tag::findby-username[]
 		String username = "username";
 		Map<String, Session> sessionIdToSession = this.sessionRepository
-				.findByIndexNameAndIndexValue(
-						FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME,
-						username);
+				.findByPrincipalName(username);
 		// end::findby-username[]
 	}
 }

docs/src/test/java/docs/security/RememberMeSecurityConfigurationTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -43,6 +43,7 @@ import static org.springframework.security.test.web.servlet.setup.SecurityMockMv
 
 /**
  * @author rwinch
+ * @author Vedran Pavic
  */
 @RunWith(SpringRunner.class)
 @ContextConfiguration(classes = RememberMeSecurityConfiguration.class)
@@ -86,5 +87,6 @@ public class RememberMeSecurityConfigurationTests<T extends Session> {
 				.isEqualTo(Duration.ofDays(30));
 
 	}
+
 }
 // end::class[]

docs/src/test/java/docs/security/RememberMeSecurityConfigurationXmlTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -43,6 +43,7 @@ import static org.springframework.security.test.web.servlet.setup.SecurityMockMv
 
 /**
  * @author rwinch
+ * @author Vedran Pavic
  */
 @RunWith(SpringRunner.class)
 @ContextConfiguration
@@ -86,5 +87,6 @@ public class RememberMeSecurityConfigurationXmlTests<T extends Session> {
 				.isEqualTo(Duration.ofDays(30));
 
 	}
+
 }
 // end::class[]

gradle.properties

@@ -1,2 +1 @@
-springBootVersion=2.0.8.RELEASE
-version=2.0.11.BUILD-SNAPSHOT
+version=2.1.7.RELEASE

gradle/dependency-management.gradle

@@ -1,32 +1,33 @@
 dependencyManagement {
 	imports {
 		mavenBom 'com.fasterxml.jackson:jackson-bom:2.9.6'
-		mavenBom 'io.projectreactor:reactor-bom:Bismuth-SR1'
-		mavenBom 'org.springframework:spring-framework-bom:5.0.13.RELEASE'
-		mavenBom 'org.springframework.data:spring-data-releasetrain:Kay-SR14'
-		mavenBom 'org.springframework.security:spring-security-bom:5.0.12.RELEASE'
-		mavenBom 'org.testcontainers:testcontainers-bom:1.10.5'
+		mavenBom 'io.projectreactor:reactor-bom:Californium-SR9'
+		mavenBom 'org.springframework:spring-framework-bom:5.1.8.RELEASE'
+		mavenBom 'org.springframework.data:spring-data-releasetrain:Lovelace-SR9'
+		mavenBom 'org.springframework.security:spring-security-bom:5.1.5.RELEASE'
+		mavenBom 'org.testcontainers:testcontainers-bom:1.11.3'
 	}
 
 	dependencies {
-		dependencySet(group: 'com.hazelcast', version: '3.9.4') {
+		dependencySet(group: 'com.hazelcast', version: '3.11.4') {
 			entry 'hazelcast'
 			entry 'hazelcast-client'
 		}
 
-		dependency 'com.h2database:h2:1.4.197'
-		dependency 'com.microsoft.sqlserver:mssql-jdbc:7.0.0.jre8'
+		dependency 'com.h2database:h2:1.4.199'
+		dependency 'com.microsoft.sqlserver:mssql-jdbc:7.2.2.jre8'
+		dependency 'com.zaxxer:HikariCP:3.3.1'
 		dependency 'edu.umd.cs.mtc:multithreadedtc:1.01'
-		dependency 'io.lettuce:lettuce-core:5.1.3.RELEASE'
+		dependency 'io.lettuce:lettuce-core:5.1.7.RELEASE'
 		dependency 'javax.annotation:javax.annotation-api:1.3.2'
-		dependency 'javax.servlet:javax.servlet-api:3.1.0'
+		dependency 'javax.servlet:javax.servlet-api:4.0.1'
 		dependency 'junit:junit:4.12'
-		dependency 'mysql:mysql-connector-java:8.0.13'
+		dependency 'mysql:mysql-connector-java:8.0.16'
 		dependency 'org.apache.derby:derby:10.14.2.0'
-		dependency 'org.assertj:assertj-core:3.11.1'
-		dependency 'org.hsqldb:hsqldb:2.4.1'
-		dependency 'org.mariadb.jdbc:mariadb-java-client:2.3.0'
-		dependency 'org.mockito:mockito-core:2.23.4'
+		dependency 'org.assertj:assertj-core:3.12.2'
+		dependency 'org.hsqldb:hsqldb:2.5.0'
+		dependency 'org.mariadb.jdbc:mariadb-java-client:2.4.1'
+		dependency 'org.mockito:mockito-core:2.28.2'
 		dependency 'org.postgresql:postgresql:42.2.5'
 	}
 }

samples/boot/findbyusername/src/integration-test/java/sample/FindByUsernameTests.java

@@ -46,7 +46,7 @@ import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDr
 @SpringBootTest(webEnvironment = WebEnvironment.MOCK)
 public class FindByUsernameTests {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.12";
+	private static final String DOCKER_IMAGE = "redis:5.0.5";
 
 	@Autowired
 	private MockMvc mockMvc;

samples/boot/findbyusername/src/integration-test/resources/testcontainers.properties

@@ -0,0 +1 @@
+ryuk.container.timeout=120

samples/boot/findbyusername/src/main/java/sample/mvc/IndexController.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -44,10 +44,7 @@ public class IndexController {
 	@RequestMapping("/")
 	public String index(Principal principal, Model model) {
 		Collection<? extends Session> usersSessions = this.sessions
-				.findByIndexNameAndIndexValue(
-						FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME,
-						principal.getName())
-				.values();
+				.findByPrincipalName(principal.getName()).values();
 		model.addAttribute("sessions", usersSessions);
 		return "index";
 	}
@@ -56,9 +53,8 @@ public class IndexController {
 	@RequestMapping(value = "/sessions/{sessionIdToDelete}", method = RequestMethod.DELETE)
 	public String removeSession(Principal principal,
 			@PathVariable String sessionIdToDelete) {
-		Set<String> usersSessionIds = this.sessions.findByIndexNameAndIndexValue(
-				FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME,
-				principal.getName()).keySet();
+		Set<String> usersSessionIds = this.sessions
+				.findByPrincipalName(principal.getName()).keySet();
 		if (usersSessionIds.contains(sessionIdToDelete)) {
 			this.sessions.deleteById(sessionIdToDelete);
 		}

samples/boot/jdbc/src/integration-test/java/sample/BootTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -34,6 +34,7 @@ import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDr
 
 /**
  * @author Eddú Meléndez
+ * @author Vedran Pavic
  */
 @RunWith(SpringRunner.class)
 @AutoConfigureMockMvc

samples/boot/jdbc/src/integration-test/java/sample/pages/LoginPage.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -36,7 +36,7 @@ public class LoginPage extends BasePage {
 	}
 
 	public void assertAt() {
-		assertThat(getDriver().getTitle()).isEqualTo("Login Page");
+		assertThat(getDriver().getTitle()).isEqualTo("Please sign in");
 	}
 
 	public Form form() {
@@ -51,7 +51,7 @@ public class LoginPage extends BasePage {
 		@FindBy(name = "password")
 		private WebElement password;
 
-		@FindBy(name = "submit")
+		@FindBy(tagName = "button")
 		private WebElement button;
 
 		public Form(SearchContext context) {

samples/boot/redis-json/src/integration-test/java/sample/HttpRedisJsonTest.java

@@ -50,7 +50,7 @@ import static org.assertj.core.api.Assertions.assertThat;
 @AutoConfigureMockMvc
 public class HttpRedisJsonTest {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.12";
+	private static final String DOCKER_IMAGE = "redis:5.0.5";
 
 	@Autowired
 	private MockMvc mockMvc;

samples/boot/redis-json/src/integration-test/java/sample/RedisSerializerTest.java

@@ -39,7 +39,7 @@ import static org.assertj.core.api.Assertions.assertThat;
 @SpringBootTest
 public class RedisSerializerTest {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.12";
+	private static final String DOCKER_IMAGE = "redis:5.0.5";
 
 	@SpringSessionRedisOperations
 	private RedisTemplate<Object, Object> sessionRedisTemplate;

samples/boot/redis-json/src/integration-test/resources/testcontainers.properties

@@ -0,0 +1 @@
+ryuk.container.timeout=120

samples/boot/redis/src/integration-test/java/sample/BootTests.java

@@ -45,7 +45,7 @@ import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDr
 @SpringBootTest(webEnvironment = WebEnvironment.MOCK)
 public class BootTests {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.12";
+	private static final String DOCKER_IMAGE = "redis:5.0.5";
 
 	@Autowired
 	private MockMvc mockMvc;

samples/boot/redis/src/integration-test/java/sample/pages/LoginPage.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -36,7 +36,7 @@ public class LoginPage extends BasePage {
 	}
 
 	public void assertAt() {
-		assertThat(getDriver().getTitle()).isEqualTo("Login Page");
+		assertThat(getDriver().getTitle()).isEqualTo("Please sign in");
 	}
 
 	public Form form() {
@@ -51,7 +51,7 @@ public class LoginPage extends BasePage {
 		@FindBy(name = "password")
 		private WebElement password;
 
-		@FindBy(name = "submit")
+		@FindBy(tagName = "button")
 		private WebElement button;
 
 		public Form(SearchContext context) {

samples/boot/redis/src/integration-test/resources/testcontainers.properties

@@ -0,0 +1 @@
+ryuk.container.timeout=120

samples/boot/webflux/src/integration-test/java/sample/AttributeTests.java

@@ -47,7 +47,7 @@ import static org.assertj.core.api.Assertions.assertThat;
 @SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
 public class AttributeTests {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.12";
+	private static final String DOCKER_IMAGE = "redis:5.0.5";
 
 	@LocalServerPort
 	private int port;

samples/boot/webflux/src/integration-test/resources/testcontainers.properties

@@ -0,0 +1 @@
+ryuk.container.timeout=120

samples/boot/websocket/spring-session-sample-boot-websocket.gradle

@@ -23,5 +23,6 @@ dependencies {
 
 	testCompile "org.springframework.boot:spring-boot-starter-test"
 	testCompile "org.springframework.security:spring-security-test"
-	testCompile "org.testcontainers:testcontainers"
+
+	integrationTestCompile "org.testcontainers:testcontainers"
 }

samples/boot/websocket/src/integration-test/java/sample/ApplicationTests.java

@@ -42,7 +42,7 @@ import org.springframework.web.socket.sockjs.client.SockJsClient;
 import org.springframework.web.socket.sockjs.client.Transport;
 import org.springframework.web.socket.sockjs.client.WebSocketTransport;
 
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * @author Rob Winch
@@ -52,7 +52,7 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
 @SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
 public class ApplicationTests {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.12";
+	private static final String DOCKER_IMAGE = "redis:5.0.5";
 
 	@Value("${local.server.port}")
 	private String port;
@@ -70,8 +70,8 @@ public class ApplicationTests {
 		ListenableFuture<WebSocketSession> wsSession = sockJsClient.doHandshake(
 				this.webSocketHandler, "ws://localhost:" + this.port + "/sockjs");
 
-		assertThatThrownBy(() -> wsSession.get().sendMessage(new TextMessage("a")))
-				.isInstanceOf(ExecutionException.class);
+		assertThatExceptionOfType(ExecutionException.class)
+				.isThrownBy(() -> wsSession.get().sendMessage(new TextMessage("a")));
 	}
 
 	@TestConfiguration

samples/boot/websocket/src/integration-test/resources/testcontainers.properties

@@ -0,0 +1 @@
+ryuk.container.timeout=120

samples/gradle/dependency-management.gradle

@@ -5,7 +5,7 @@ dependencyManagement {
 		dependency 'javax.servlet.jsp.jstl:javax.servlet.jsp.jstl-api:1.2.1'
 		dependency 'javax.servlet.jsp:javax.servlet.jsp-api:2.3.2-b02'
 		dependency 'org.apache.taglibs:taglibs-standard-jstlel:1.2.5'
-		dependency 'org.seleniumhq.selenium:htmlunit-driver:2.29.3'
+		dependency 'org.seleniumhq.selenium:htmlunit-driver:2.32.0'
 		dependency 'org.slf4j:jcl-over-slf4j:1.7.25'
 		dependency 'org.slf4j:log4j-over-slf4j:1.7.25'
 		dependency 'org.webjars:bootstrap:2.3.2'

samples/javaconfig/custom-cookie/src/main/java/sample/EmbeddedRedisConfig.java

@@ -28,7 +28,7 @@ import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactor
 @Profile("embedded-redis")
 public class EmbeddedRedisConfig {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.12";
+	private static final String DOCKER_IMAGE = "redis:5.0.5";
 
 	@Bean
 	public GenericContainer redisContainer() {

samples/javaconfig/custom-cookie/src/main/resources/testcontainers.properties

@@ -0,0 +1 @@
+ryuk.container.timeout=120

samples/javaconfig/hazelcast/src/integration-test/java/sample/pages/LoginPage.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -36,7 +36,7 @@ public class LoginPage extends BasePage {
 	}
 
 	public void assertAt() {
-		assertThat(getDriver().getTitle()).isEqualTo("Login Page");
+		assertThat(getDriver().getTitle()).isEqualTo("Please sign in");
 	}
 
 	public Form form() {
@@ -51,7 +51,7 @@ public class LoginPage extends BasePage {
 		@FindBy(name = "password")
 		private WebElement password;
 
-		@FindBy(name = "submit")
+		@FindBy(tagName = "button")
 		private WebElement button;
 
 		public Form(SearchContext context) {

samples/javaconfig/redis/src/main/java/sample/EmbeddedRedisConfig.java

@@ -28,7 +28,7 @@ import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactor
 @Profile("embedded-redis")
 public class EmbeddedRedisConfig {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.12";
+	private static final String DOCKER_IMAGE = "redis:5.0.5";
 
 	@Bean
 	public GenericContainer redisContainer() {

samples/javaconfig/redis/src/main/resources/testcontainers.properties

@@ -0,0 +1 @@
+ryuk.container.timeout=120

samples/javaconfig/rest/spring-session-sample-javaconfig-rest.gradle

@@ -17,8 +17,6 @@ dependencies {
 	testCompile "org.springframework.security:spring-security-test"
 	testCompile "org.assertj:assertj-core"
 	testCompile "org.springframework:spring-test"
-
-	integrationTestCompile "org.testcontainers:testcontainers"
 }
 
 gretty {

samples/javaconfig/rest/src/integration-test/java/rest/RestMockMvcTests.java

@@ -54,7 +54,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 @WebAppConfiguration
 public class RestMockMvcTests {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.12";
+	private static final String DOCKER_IMAGE = "redis:5.0.5";
 
 	@Autowired
 	private SessionRepositoryFilter<? extends Session> sessionRepositoryFilter;

samples/javaconfig/rest/src/integration-test/java/sample/RestTests.java

@@ -32,7 +32,7 @@ import org.springframework.web.client.HttpClientErrorException;
 import org.springframework.web.client.RestTemplate;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * @author Pool Dolorier
@@ -57,9 +57,9 @@ public class RestTests {
 	public void unauthenticatedUserSentToLogInPage() {
 		HttpHeaders headers = new HttpHeaders();
 		headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
-		assertThatThrownBy(() -> getForUser(this.baseUrl + "/", headers, String.class))
-				.isInstanceOf(HttpClientErrorException.class)
-				.satisfies((e) -> assertThat(((HttpClientErrorException) e).getStatusCode())
+		assertThatExceptionOfType(HttpClientErrorException.class)
+				.isThrownBy(() -> getForUser(this.baseUrl + "/", headers, String.class))
+				.satisfies((e) -> assertThat(e.getStatusCode())
 						.isEqualTo(HttpStatus.UNAUTHORIZED));
 	}
 

samples/javaconfig/rest/src/main/java/sample/EmbeddedRedisConfig.java

@@ -28,7 +28,7 @@ import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactor
 @Profile("embedded-redis")
 public class EmbeddedRedisConfig {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.12";
+	private static final String DOCKER_IMAGE = "redis:5.0.5";
 
 	@Bean
 	public GenericContainer redisContainer() {

samples/javaconfig/rest/src/main/resources/testcontainers.properties

@@ -0,0 +1 @@
+ryuk.container.timeout=120

samples/javaconfig/security/src/integration-test/java/sample/pages/LoginPage.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -34,7 +34,7 @@ public class LoginPage extends BasePage {
 	@FindBy(name = "password")
 	private WebElement password;
 
-	@FindBy(css = "input[type='submit']")
+	@FindBy(tagName = "button")
 	private WebElement button;
 
 	public LoginPage(WebDriver driver) {
@@ -47,7 +47,7 @@ public class LoginPage extends BasePage {
 	}
 
 	public void assertAt() {
-		assertThat(getDriver().getTitle()).isEqualTo("Login Page");
+		assertThat(getDriver().getTitle()).isEqualTo("Please sign in");
 	}
 
 	public HomePage login(String user, String password) {

samples/javaconfig/security/src/main/java/sample/EmbeddedRedisConfig.java

@@ -28,7 +28,7 @@ import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactor
 @Profile("embedded-redis")
 public class EmbeddedRedisConfig {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.12";
+	private static final String DOCKER_IMAGE = "redis:5.0.5";
 
 	@Bean
 	public GenericContainer redisContainer() {

samples/javaconfig/security/src/main/resources/testcontainers.properties

@@ -0,0 +1 @@
+ryuk.container.timeout=120

samples/xml/redis/src/main/java/sample/EmbeddedRedisConfig.java

@@ -28,7 +28,7 @@ import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactor
 @Profile("embedded-redis")
 public class EmbeddedRedisConfig {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.12";
+	private static final String DOCKER_IMAGE = "redis:5.0.5";
 
 	@Bean
 	public GenericContainer redisContainer() {

samples/xml/redis/src/main/resources/testcontainers.properties

@@ -0,0 +1 @@
+ryuk.container.timeout=120

settings.gradle

@@ -2,12 +2,15 @@ rootProject.name = 'spring-session-build'
 
 FileTree buildFiles = fileTree(rootDir) {
 	include '**/*.gradle'
-	exclude '**/gradle', 'settings.gradle', 'buildSrc', '/build.gradle', '.*'
+	exclude 'build', '**/gradle', 'settings.gradle', 'buildSrc', '/build.gradle', '.*', 'out'
 	exclude '**/grails3'
+	gradle.startParameter.projectProperties.get('excludeProjects')?.split(',')?.each { excludeProject ->
+		exclude excludeProject
+	}
 }
 
 String rootDirPath = rootDir.absolutePath + File.separator
-buildFiles.each { File buildFile ->
+buildFiles.each { buildFile ->
 	if (buildFile.name == 'build.gradle') {
 		String buildFilePath = buildFile.parentFile.absolutePath
 		String projectPath = buildFilePath.replace(rootDirPath, '').replace(File.separator, ':')

spring-session-core/spring-session-core.gradle

@@ -6,6 +6,7 @@ dependencies {
 	compile "org.springframework:spring-jcl"
 
 	optional "io.projectreactor:reactor-core"
+	optional "javax.annotation:javax.annotation-api"
 	optional "javax.servlet:javax.servlet-api"
 	optional "org.springframework:spring-context"
 	optional "org.springframework:spring-jdbc"

spring-session-core/src/main/java/org/springframework/session/FindByIndexNameSessionRepository.java

@@ -19,27 +19,22 @@ package org.springframework.session;
 import java.util.Map;
 
 /**
- * Extends a basic {@link SessionRepository} to allow finding a session id by the
- * principal name. The principal name is defined by the {@link Session} attribute with the
- * name {@link FindByIndexNameSessionRepository#PRINCIPAL_NAME_INDEX_NAME}.
+ * Extends a basic {@link SessionRepository} to allow finding sessions by the specified
+ * index name and index value.
  *
  * @param <S> the type of Session being managed by this
  * {@link FindByIndexNameSessionRepository}
  * @author Rob Winch
+ * @author Vedran Pavic
  */
 public interface FindByIndexNameSessionRepository<S extends Session>
 		extends SessionRepository<S> {
 
 	/**
+	 * A session index that contains the current principal name (i.e. username).
 	 * <p>
-	 * A common session attribute that contains the current principal name (i.e.
-	 * username).
-	 * </p>
-	 *
-	 * <p>
-	 * It is the responsibility of the developer to ensure the attribute is populated
-	 * since Spring Session is not aware of the authentication mechanism being used.
-	 * </p>
+	 * It is the responsibility of the developer to ensure the index is populated since
+	 * Spring Session is not aware of the authentication mechanism being used.
 	 *
 	 * @since 1.1
 	 */
@@ -47,17 +42,34 @@ public interface FindByIndexNameSessionRepository<S extends Session>
 			.concat(".PRINCIPAL_NAME_INDEX_NAME");
 
 	/**
-	 * Find a Map of the session id to the {@link Session} of all sessions that contain
-	 * the session attribute with the name
-	 * {@link FindByIndexNameSessionRepository#PRINCIPAL_NAME_INDEX_NAME} and the value of
-	 * the specified principal name.
+	 * Find a {@link Map} of the session id to the {@link Session} of all sessions that
+	 * contain the specified index name index value.
 	 *
 	 * @param indexName the name of the index (i.e.
 	 * {@link FindByIndexNameSessionRepository#PRINCIPAL_NAME_INDEX_NAME})
 	 * @param indexValue the value of the index to search for.
-	 * @return a Map (never null) of the session id to the {@link Session} of all sessions
-	 * that contain the session specified index name and the value of the specified index
-	 * name. If no results are found, an empty Map is returned.
+	 * @return a {@code Map} (never {@code null}) of the session id to the {@code Session}
+	 * of all sessions that contain the specified index name and index value. If no
+	 * results are found, an empty {@code Map} is returned.
 	 */
 	Map<String, S> findByIndexNameAndIndexValue(String indexName, String indexValue);
+
+	/**
+	 * Find a {@link Map} of the session id to the {@link Session} of all sessions that
+	 * contain the index with the name
+	 * {@link FindByIndexNameSessionRepository#PRINCIPAL_NAME_INDEX_NAME} and the
+	 * specified principal name.
+	 *
+	 * @param principalName the principal name
+	 * @return a {@code Map} (never {@code null}) of the session id to the {@code Session}
+	 * of all sessions that contain the specified principal name. If no results are found,
+	 * an empty {@code Map} is returned.
+	 * @since 2.1.0
+	 */
+	default Map<String, S> findByPrincipalName(String principalName) {
+
+		return findByIndexNameAndIndexValue(PRINCIPAL_NAME_INDEX_NAME, principalName);
+
+	}
+
 }

spring-session-core/src/main/java/org/springframework/session/MapSession.java

@@ -53,7 +53,7 @@ public final class MapSession implements Session, Serializable {
 	public static final int DEFAULT_MAX_INACTIVE_INTERVAL_SECONDS = 1800;
 
 	private String id;
-	private String originalId;
+	private final String originalId;
 	private Map<String, Object> sessionAttrs = new HashMap<>();
 	private Instant creationTime = Instant.now();
 	private Instant lastAccessedTime = this.creationTime;
@@ -132,10 +132,6 @@ public final class MapSession implements Session, Serializable {
 		return this.originalId;
 	}
 
-	void setOriginalId(String originalId) {
-		this.originalId = originalId;
-	}
-
 	@Override
 	public String changeSessionId() {
 		String changedId = generateId();

spring-session-core/src/main/java/org/springframework/session/MapSessionRepository.java

@@ -73,7 +73,6 @@ public class MapSessionRepository implements SessionRepository<MapSession> {
 	public void save(MapSession session) {
 		if (!session.getId().equals(session.getOriginalId())) {
 			this.sessions.remove(session.getOriginalId());
-			session.setOriginalId(session.getId());
 		}
 		this.sessions.put(session.getId(), new MapSession(session));
 	}

spring-session-core/src/main/java/org/springframework/session/ReactiveMapSessionRepository.java

@@ -76,7 +76,6 @@ public class ReactiveMapSessionRepository implements ReactiveSessionRepository<M
 		return Mono.fromRunnable(() -> {
 			if (!session.getId().equals(session.getOriginalId())) {
 				this.sessions.remove(session.getOriginalId());
-				session.setOriginalId(session.getId());
 			}
 			this.sessions.put(session.getId(), new MapSession(session));
 		});

spring-session-core/src/main/java/org/springframework/session/security/SpringSessionBackedSessionRegistry.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -65,9 +65,8 @@ public class SpringSessionBackedSessionRegistry<S extends Session>
 	@Override
 	public List<SessionInformation> getAllSessions(Object principal,
 			boolean includeExpiredSessions) {
-		Collection<S> sessions = this.sessionRepository.findByIndexNameAndIndexValue(
-				FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME,
-				name(principal)).values();
+		Collection<S> sessions = this.sessionRepository
+				.findByPrincipalName(name(principal)).values();
 		List<SessionInformation> infos = new ArrayList<>();
 		for (S session : sessions) {
 			if (includeExpiredSessions || !Boolean.TRUE.equals(session

spring-session-core/src/main/java/org/springframework/session/web/http/DefaultCookieSerializer.java

@@ -16,8 +16,13 @@
 
 package org.springframework.session.web.http;
 
+import java.time.Instant;
+import java.time.OffsetDateTime;
+import java.time.ZoneOffset;
+import java.time.format.DateTimeFormatter;
 import java.util.ArrayList;
 import java.util.Base64;
+import java.util.BitSet;
 import java.util.List;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@@ -41,6 +46,22 @@ public class DefaultCookieSerializer implements CookieSerializer {
 
 	private static final Log logger = LogFactory.getLog(DefaultCookieSerializer.class);
 
+	private static final BitSet domainValid = new BitSet(128);
+
+	static {
+		for (char c = '0'; c <= '9'; c++) {
+			domainValid.set(c);
+		}
+		for (char c = 'a'; c <= 'z'; c++) {
+			domainValid.set(c);
+		}
+		for (char c = 'A'; c <= 'Z'; c++) {
+			domainValid.set(c);
+		}
+		domainValid.set('.');
+		domainValid.set('-');
+	}
+
 	private String cookieName = "SESSION";
 
 	private Boolean useSecureCookie;
@@ -61,6 +82,8 @@ public class DefaultCookieSerializer implements CookieSerializer {
 
 	private String rememberMeRequestAttribute;
 
+	private String sameSite = "Lax";
+
 	/*
 	 * (non-Javadoc)
 	 *
@@ -75,7 +98,8 @@ public class DefaultCookieSerializer implements CookieSerializer {
 			for (Cookie cookie : cookies) {
 				if (this.cookieName.equals(cookie.getName())) {
 					String sessionId = (this.useBase64Encoding
-							? base64Decode(cookie.getValue()) : cookie.getValue());
+							? base64Decode(cookie.getValue())
+							: cookie.getValue());
 					if (sessionId == null) {
 						continue;
 					}
@@ -101,38 +125,43 @@ public class DefaultCookieSerializer implements CookieSerializer {
 		HttpServletRequest request = cookieValue.getRequest();
 		HttpServletResponse response = cookieValue.getResponse();
 
-		String requestedCookieValue = cookieValue.getCookieValue();
-		String actualCookieValue = (this.jvmRoute != null)
-				? requestedCookieValue + this.jvmRoute
-				: requestedCookieValue;
-
-		Cookie sessionCookie = new Cookie(this.cookieName, this.useBase64Encoding
-				? base64Encode(actualCookieValue) : actualCookieValue);
-		sessionCookie.setSecure(isSecureCookie(request));
-		sessionCookie.setPath(getCookiePath(request));
-		String domainName = getDomainName(request);
-		if (domainName != null) {
-			sessionCookie.setDomain(domainName);
+		StringBuilder sb = new StringBuilder();
+		sb.append(this.cookieName).append('=');
+		String value = getValue(cookieValue);
+		if (value != null && value.length() > 0) {
+			validateValue(value);
+			sb.append(value);
+		}
+		int maxAge = getMaxAge(cookieValue);
+		if (maxAge > -1) {
+			sb.append("; Max-Age=").append(cookieValue.getCookieMaxAge());
+			OffsetDateTime expires = (maxAge != 0)
+					? OffsetDateTime.now().plusSeconds(maxAge)
+					: Instant.EPOCH.atOffset(ZoneOffset.UTC);
+			sb.append("; Expires=")
+					.append(expires.format(DateTimeFormatter.RFC_1123_DATE_TIME));
+		}
+		String domain = getDomainName(request);
+		if (domain != null && domain.length() > 0) {
+			validateDomain(domain);
+			sb.append("; Domain=").append(domain);
+		}
+		String path = getCookiePath(request);
+		if (path != null && path.length() > 0) {
+			validatePath(path);
+			sb.append("; Path=").append(path);
+		}
+		if (isSecureCookie(request)) {
+			sb.append("; Secure");
 		}
-
 		if (this.useHttpOnlyCookie) {
-			sessionCookie.setHttpOnly(true);
+			sb.append("; HttpOnly");
+		}
+		if (this.sameSite != null) {
+			sb.append("; SameSite=").append(this.sameSite);
 		}
 
-		if (cookieValue.getCookieMaxAge() < 0) {
-			if (this.rememberMeRequestAttribute != null
-					&& request.getAttribute(this.rememberMeRequestAttribute) != null) {
-				// the cookie is only written at time of session creation, so we rely on
-				// session expiration rather than cookie expiration if remember me is enabled
-				cookieValue.setCookieMaxAge(Integer.MAX_VALUE);
-			}
-			else if (this.cookieMaxAge != null) {
-				cookieValue.setCookieMaxAge(this.cookieMaxAge);
-			}
-		}
-		sessionCookie.setMaxAge(cookieValue.getCookieMaxAge());
-
-		response.addCookie(sessionCookie);
+		response.addHeader("Set-Cookie", sb.toString());
 	}
 
 	/**
@@ -163,6 +192,81 @@ public class DefaultCookieSerializer implements CookieSerializer {
 		return new String(encodedCookieBytes);
 	}
 
+	private String getValue(CookieValue cookieValue) {
+		String requestedCookieValue = cookieValue.getCookieValue();
+		String actualCookieValue = requestedCookieValue;
+		if (this.jvmRoute != null) {
+			actualCookieValue = requestedCookieValue + this.jvmRoute;
+		}
+		if (this.useBase64Encoding) {
+			actualCookieValue = base64Encode(actualCookieValue);
+		}
+		return actualCookieValue;
+	}
+
+	private void validateValue(String value) {
+		int start = 0;
+		int end = value.length();
+		if ((end > 1) && (value.charAt(0) == '"') && (value.charAt(end - 1) == '"')) {
+			start = 1;
+			end--;
+		}
+		char[] chars = value.toCharArray();
+		for (int i = start; i < end; i++) {
+			char c = chars[i];
+			if (c < 0x21 || c == 0x22 || c == 0x2c || c == 0x3b || c == 0x5c
+					|| c == 0x7f) {
+				throw new IllegalArgumentException(
+						"Invalid character in cookie value: " + Integer.toString(c));
+			}
+		}
+	}
+
+	private int getMaxAge(CookieValue cookieValue) {
+		int maxAge = cookieValue.getCookieMaxAge();
+		if (maxAge < 0) {
+			if (this.rememberMeRequestAttribute != null && cookieValue.getRequest()
+					.getAttribute(this.rememberMeRequestAttribute) != null) {
+				// the cookie is only written at time of session creation, so we rely on
+				// session expiration rather than cookie expiration if remember me is
+				// enabled
+				cookieValue.setCookieMaxAge(Integer.MAX_VALUE);
+			}
+			else if (this.cookieMaxAge != null) {
+				cookieValue.setCookieMaxAge(this.cookieMaxAge);
+			}
+		}
+		return cookieValue.getCookieMaxAge();
+	}
+
+	private void validateDomain(String domain) {
+		int i = 0;
+		int cur = -1;
+		int prev;
+		char[] chars = domain.toCharArray();
+		while (i < chars.length) {
+			prev = cur;
+			cur = chars[i];
+			if (!domainValid.get(cur)
+					|| ((prev == '.' || prev == -1) && (cur == '.' || cur == '-'))
+					|| (prev == '-' && cur == '.')) {
+				throw new IllegalArgumentException("Invalid cookie domain: " + domain);
+			}
+			i++;
+		}
+		if (cur == '.' || cur == '-') {
+			throw new IllegalArgumentException("Invalid cookie domain: " + domain);
+		}
+	}
+
+	private void validatePath(String path) {
+		for (char ch : path.toCharArray()) {
+			if (ch < 0x20 || ch > 0x7E || ch == ';') {
+				throw new IllegalArgumentException("Invalid cookie path: " + path);
+			}
+		}
+	}
+
 	/**
 	 * Sets if a Cookie marked as secure should be used. The default is to use the value
 	 * of {@link HttpServletRequest#isSecure()}.
@@ -318,6 +422,16 @@ public class DefaultCookieSerializer implements CookieSerializer {
 		this.rememberMeRequestAttribute = rememberMeRequestAttribute;
 	}
 
+	/**
+	 * Set the value for the {@code SameSite} cookie directive. The default value is
+	 * {@code Lax}.
+	 * @param sameSite the SameSite directive value
+	 * @since 2.1.0
+	 */
+	public void setSameSite(String sameSite) {
+		this.sameSite = sameSite;
+	}
+
 	private String getDomainName(HttpServletRequest request) {
 		if (this.domainName != null) {
 			return this.domainName;

spring-session-core/src/main/java/org/springframework/session/web/http/HttpSessionAdapter.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -24,8 +24,13 @@ import java.util.Set;
 
 import javax.servlet.ServletContext;
 import javax.servlet.http.HttpSession;
+import javax.servlet.http.HttpSessionBindingEvent;
+import javax.servlet.http.HttpSessionBindingListener;
 import javax.servlet.http.HttpSessionContext;
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
 import org.springframework.session.Session;
 
 /**
@@ -33,11 +38,14 @@ import org.springframework.session.Session;
  *
  * @param <S> the {@link Session} type
  * @author Rob Winch
+ * @author Vedran Pavic
  * @since 1.1
  */
 @SuppressWarnings("deprecation")
 class HttpSessionAdapter<S extends Session> implements HttpSession {
 
+	private static final Log logger = LogFactory.getLog(HttpSessionAdapter.class);
+
 	private S session;
 
 	private final ServletContext servletContext;
@@ -129,7 +137,28 @@ class HttpSessionAdapter<S extends Session> implements HttpSession {
 	@Override
 	public void setAttribute(String name, Object value) {
 		checkState();
+		Object oldValue = this.session.getAttribute(name);
 		this.session.setAttribute(name, value);
+		if (value != oldValue) {
+			if (oldValue instanceof HttpSessionBindingListener) {
+				try {
+					((HttpSessionBindingListener) oldValue).valueUnbound(
+							new HttpSessionBindingEvent(this, name, oldValue));
+				}
+				catch (Throwable th) {
+					logger.error("Error invoking session binding event listener", th);
+				}
+			}
+			if (value instanceof HttpSessionBindingListener) {
+				try {
+					((HttpSessionBindingListener) value)
+							.valueBound(new HttpSessionBindingEvent(this, name, value));
+				}
+				catch (Throwable th) {
+					logger.error("Error invoking session binding event listener", th);
+				}
+			}
+		}
 	}
 
 	@Override
@@ -140,7 +169,17 @@ class HttpSessionAdapter<S extends Session> implements HttpSession {
 	@Override
 	public void removeAttribute(String name) {
 		checkState();
+		Object oldValue = this.session.getAttribute(name);
 		this.session.removeAttribute(name);
+		if (oldValue instanceof HttpSessionBindingListener) {
+			try {
+				((HttpSessionBindingListener) oldValue)
+						.valueUnbound(new HttpSessionBindingEvent(this, name, oldValue));
+			}
+			catch (Throwable th) {
+				logger.error("Error invoking session binding event listener", th);
+			}
+		}
 	}
 
 	@Override

spring-session-core/src/main/java/org/springframework/session/web/http/OncePerRequestFilter.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,6 +18,7 @@ package org.springframework.session.web.http;
 
 import java.io.IOException;
 
+import javax.servlet.DispatcherType;
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
@@ -66,8 +67,11 @@ abstract class OncePerRequestFilter implements Filter {
 		}
 		HttpServletRequest httpRequest = (HttpServletRequest) request;
 		HttpServletResponse httpResponse = (HttpServletResponse) response;
+		String alreadyFilteredAttributeName = this.alreadyFilteredAttributeName;
+		alreadyFilteredAttributeName = updateForErrorDispatch(
+				alreadyFilteredAttributeName, request);
 		boolean hasAlreadyFilteredAttribute = request
-				.getAttribute(this.alreadyFilteredAttributeName) != null;
+				.getAttribute(alreadyFilteredAttributeName) != null;
 
 		if (hasAlreadyFilteredAttribute) {
 
@@ -76,17 +80,28 @@ abstract class OncePerRequestFilter implements Filter {
 		}
 		else {
 			// Do invoke this filter...
-			request.setAttribute(this.alreadyFilteredAttributeName, Boolean.TRUE);
+			request.setAttribute(alreadyFilteredAttributeName, Boolean.TRUE);
 			try {
 				doFilterInternal(httpRequest, httpResponse, filterChain);
 			}
 			finally {
 				// Remove the "already filtered" request attribute for this request.
-				request.removeAttribute(this.alreadyFilteredAttributeName);
+				request.removeAttribute(alreadyFilteredAttributeName);
 			}
 		}
 	}
 
+	private String updateForErrorDispatch(String alreadyFilteredAttributeName,
+			ServletRequest request) {
+		// Jetty does ERROR dispatch within sendError, so request attribute is still present
+		// Use a separate attribute for ERROR dispatches
+		if (DispatcherType.ERROR.equals(request.getDispatcherType())
+				&& request.getAttribute(alreadyFilteredAttributeName) != null) {
+			return alreadyFilteredAttributeName + ".ERROR";
+		}
+		return alreadyFilteredAttributeName;
+	}
+
 	/**
 	 * Same contract as for {@code doFilter}, but guaranteed to be just invoked once per
 	 * request within a single request thread.

spring-session-core/src/main/java/org/springframework/session/web/server/session/SpringSessionWebSessionStore.java

@@ -87,12 +87,6 @@ public class SpringSessionWebSessionStore<S extends Session> implements WebSessi
 		return Mono.just(session);
 	}
 
-	public Mono<Void> storeSession(WebSession session) {
-		@SuppressWarnings("unchecked")
-		SpringSessionWebSession springWebSession = (SpringSessionWebSession) session;
-		return this.sessions.save(springWebSession.session);
-	}
-
 	@Override
 	public Mono<WebSession> retrieveSession(String sessionId) {
 		return this.sessions.findById(sessionId)

spring-session-core/src/test/java/org/springframework/session/MapSessionTests.java

@@ -24,7 +24,7 @@ import org.junit.Before;
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 public class MapSessionTests {
 
@@ -38,9 +38,9 @@ public class MapSessionTests {
 
 	@Test
 	public void constructorNullSession() {
-		assertThatThrownBy(() -> new MapSession((Session) null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("session cannot be null");
+		assertThatExceptionOfType(IllegalArgumentException.class)
+				.isThrownBy(() -> new MapSession((Session) null))
+				.withMessage("session cannot be null");
 	}
 
 	@Test
@@ -70,9 +70,9 @@ public class MapSessionTests {
 
 	@Test
 	public void getRequiredAttributeWhenNullThenException() {
-		assertThatThrownBy(() -> this.session.getRequiredAttribute("attrName"))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("Required attribute 'attrName' is missing.");
+		assertThatExceptionOfType(IllegalArgumentException.class)
+				.isThrownBy(() -> this.session.getRequiredAttribute("attrName"))
+				.withMessage("Required attribute 'attrName' is missing.");
 	}
 
 	@Test

spring-session-core/src/test/java/org/springframework/session/ReactiveMapSessionRepositoryTests.java

@@ -27,7 +27,7 @@ import org.junit.Before;
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * Tests for {@link ReactiveMapSessionRepository}.
@@ -60,9 +60,9 @@ public class ReactiveMapSessionRepositoryTests {
 
 	@Test
 	public void constructorMapWhenNullThenThrowsIllegalArgumentException() {
-		assertThatThrownBy(() -> new ReactiveMapSessionRepository(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("sessions cannot be null");
+		assertThatExceptionOfType(IllegalArgumentException.class)
+				.isThrownBy(() -> new ReactiveMapSessionRepository(null))
+				.withMessage("sessions cannot be null");
 	}
 
 	@Test

spring-session-core/src/test/java/org/springframework/session/config/annotation/web/http/SpringHttpSessionConfigurationTests.java

@@ -38,7 +38,7 @@ import org.springframework.session.web.http.SessionRepositoryFilter;
 import org.springframework.test.util.ReflectionTestUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * Tests for {@link SpringHttpSessionConfiguration}.
@@ -63,9 +63,9 @@ public class SpringHttpSessionConfigurationTests {
 
 	@Test
 	public void noSessionRepositoryConfiguration() {
-		assertThatThrownBy(() -> registerAndRefresh(EmptyConfiguration.class))
-				.isInstanceOf(UnsatisfiedDependencyException.class)
-				.hasMessageContaining("org.springframework.session.SessionRepository");
+		assertThatExceptionOfType(UnsatisfiedDependencyException.class)
+				.isThrownBy(() -> registerAndRefresh(EmptyConfiguration.class))
+				.withMessageContaining("org.springframework.session.SessionRepository");
 	}
 
 	@Test

spring-session-core/src/test/java/org/springframework/session/security/SpringSessionBackedSessionRegistryTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,6 +17,7 @@
 package org.springframework.session.security;
 
 import java.time.Instant;
+import java.time.temporal.ChronoUnit;
 import java.util.Collections;
 import java.util.LinkedHashMap;
 import java.util.List;
@@ -74,7 +75,9 @@ public class SpringSessionBackedSessionRegistryTest {
 				.getSessionInformation(SESSION_ID);
 
 		assertThat(sessionInfo.getSessionId()).isEqualTo(SESSION_ID);
-		assertThat(sessionInfo.getLastRequest().toInstant()).isEqualTo(NOW);
+		assertThat(
+				sessionInfo.getLastRequest().toInstant().truncatedTo(ChronoUnit.MILLIS))
+						.isEqualTo(NOW.truncatedTo(ChronoUnit.MILLIS));
 		assertThat(sessionInfo.getPrincipal()).isEqualTo(USER_NAME);
 		assertThat(sessionInfo.isExpired()).isFalse();
 	}
@@ -90,7 +93,9 @@ public class SpringSessionBackedSessionRegistryTest {
 				.getSessionInformation(SESSION_ID);
 
 		assertThat(sessionInfo.getSessionId()).isEqualTo(SESSION_ID);
-		assertThat(sessionInfo.getLastRequest().toInstant()).isEqualTo(NOW);
+		assertThat(
+				sessionInfo.getLastRequest().toInstant().truncatedTo(ChronoUnit.MILLIS))
+				.isEqualTo(NOW.truncatedTo(ChronoUnit.MILLIS));
 		assertThat(sessionInfo.getPrincipal()).isEqualTo(USER_NAME);
 		assertThat(sessionInfo.isExpired()).isTrue();
 	}
@@ -162,9 +167,8 @@ public class SpringSessionBackedSessionRegistryTest {
 		Map<String, Session> sessions = new LinkedHashMap<>();
 		sessions.put(session1.getId(), session1);
 		sessions.put(session2.getId(), session2);
-		when(this.sessionRepository.findByIndexNameAndIndexValue(
-				FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME, USER_NAME))
-						.thenReturn(sessions);
+		when(this.sessionRepository.findByPrincipalName(USER_NAME))
+				.thenReturn(sessions);
 	}
 
 }

spring-session-core/src/test/java/org/springframework/session/security/web/authentication/SpringSessionRememberMeServicesTests.java

@@ -27,7 +27,7 @@ import org.springframework.security.web.context.HttpSessionSecurityContextReposi
 import org.springframework.test.util.ReflectionTestUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -68,9 +68,10 @@ public class SpringSessionRememberMeServicesTests {
 	@Test
 	public void createWithNullParameter() {
 		this.rememberMeServices = new SpringSessionRememberMeServices();
-		assertThatThrownBy(() -> this.rememberMeServices.setRememberMeParameterName(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("rememberMeParameterName cannot be empty or null");
+		assertThatExceptionOfType(IllegalArgumentException.class)
+				.isThrownBy(
+						() -> this.rememberMeServices.setRememberMeParameterName(null))
+				.withMessage("rememberMeParameterName cannot be empty or null");
 	}
 
 	@Test

spring-session-core/src/test/java/org/springframework/session/web/http/CookieHttpSessionIdResolverTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

spring-session-core/src/test/java/org/springframework/session/web/http/DefaultCookieSerializerTests.java

@@ -26,13 +26,14 @@ import org.junit.runner.RunWith;
 import org.junit.runners.Parameterized;
 import org.junit.runners.Parameterized.Parameters;
 
+import org.springframework.mock.web.MockCookie;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.session.web.http.CookieSerializer.CookieValue;
 import org.springframework.util.StringUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * Tests for {@link DefaultCookieSerializer}.
@@ -213,9 +214,9 @@ public class DefaultCookieSerializerTests {
 	@Test
 	public void setDomainNameAndDomainNamePatternThrows() {
 		this.serializer.setDomainName("example.com");
-		assertThatThrownBy(() -> this.serializer.setDomainNamePattern(".*"))
-				.isInstanceOf(IllegalStateException.class)
-				.hasMessage("Cannot set both domainName and domainNamePattern");
+		assertThatExceptionOfType(IllegalStateException.class)
+				.isThrownBy(() -> this.serializer.setDomainNamePattern(".*"))
+				.withMessage("Cannot set both domainName and domainNamePattern");
 	}
 
 	// --- domainNamePattern ---
@@ -247,9 +248,9 @@ public class DefaultCookieSerializerTests {
 	@Test
 	public void setDomainNamePatternAndDomainNameThrows() {
 		this.serializer.setDomainNamePattern(".*");
-		assertThatThrownBy(() -> this.serializer.setDomainName("example.com"))
-				.isInstanceOf(IllegalStateException.class)
-				.hasMessage("Cannot set both domainName and domainNamePattern");
+		assertThatExceptionOfType(IllegalStateException.class)
+				.isThrownBy(() -> this.serializer.setDomainName("example.com"))
+				.withMessage("Cannot set both domainName and domainNamePattern");
 	}
 
 	// --- cookieName ---
@@ -273,9 +274,9 @@ public class DefaultCookieSerializerTests {
 
 	@Test
 	public void setCookieNameNullThrows() {
-		assertThatThrownBy(() -> this.serializer.setCookieName(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("cookieName cannot be null");
+		assertThatExceptionOfType(IllegalArgumentException.class)
+				.isThrownBy(() -> this.serializer.setCookieName(null))
+				.withMessage("cookieName cannot be null");
 	}
 
 	// --- cookiePath ---
@@ -466,6 +467,39 @@ public class DefaultCookieSerializerTests {
 		assertThat(getCookie().getMaxAge()).isEqualTo(100);
 	}
 
+	// --- sameSite ---
+
+	@Test
+	public void writeCookieDefaultSameSiteLax() {
+		this.serializer.writeCookieValue(cookieValue(this.sessionId));
+
+		assertThat(getCookie().getSameSite()).isEqualTo("Lax");
+	}
+
+	@Test
+	public void writeCookieSetSameSiteLax() {
+		this.serializer.setSameSite("Lax");
+		this.serializer.writeCookieValue(cookieValue(this.sessionId));
+
+		assertThat(getCookie().getSameSite()).isEqualTo("Lax");
+	}
+
+	@Test
+	public void writeCookieSetSameSiteStrict() {
+		this.serializer.setSameSite("Strict");
+		this.serializer.writeCookieValue(cookieValue(this.sessionId));
+
+		assertThat(getCookie().getSameSite()).isEqualTo("Strict");
+	}
+
+	@Test
+	public void writeCookieSetSameSiteNull() {
+		this.serializer.setSameSite(null);
+		this.serializer.writeCookieValue(cookieValue(this.sessionId));
+
+		assertThat(getCookie().getSameSite()).isNull();
+	}
+
 	public void setCookieName(String cookieName) {
 		this.cookieName = cookieName;
 		this.serializer.setCookieName(cookieName);
@@ -478,8 +512,8 @@ public class DefaultCookieSerializerTests {
 		return new Cookie(name, value);
 	}
 
-	private Cookie getCookie() {
-		return this.response.getCookie(this.cookieName);
+	private MockCookie getCookie() {
+		return (MockCookie) this.response.getCookie(this.cookieName);
 	}
 
 	private String getCookieValue() {

spring-session-core/src/test/java/org/springframework/session/web/http/HeaderHttpSessionIdResolverTests.java

@@ -27,7 +27,7 @@ import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.test.util.ReflectionTestUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * Tests for {@link HeaderHttpSessionIdResolver}.
@@ -74,9 +74,9 @@ public class HeaderHttpSessionIdResolverTests {
 
 	@Test
 	public void createResolverWithNullHeaderName() {
-		assertThatThrownBy(() -> new HeaderHttpSessionIdResolver(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("headerName cannot be null");
+		assertThatExceptionOfType(IllegalArgumentException.class)
+				.isThrownBy(() -> new HeaderHttpSessionIdResolver(null))
+				.withMessage("headerName cannot be null");
 	}
 
 	@Test

spring-session-core/src/test/java/org/springframework/session/web/http/SessionRepositoryFilterTests.java

@@ -27,6 +27,8 @@ import java.util.Map;
 import java.util.NoSuchElementException;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.TimeUnit;
+import java.util.concurrent.atomic.AtomicBoolean;
+import java.util.concurrent.atomic.AtomicInteger;
 
 import javax.servlet.FilterChain;
 import javax.servlet.ServletContext;
@@ -36,6 +38,8 @@ import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
+import javax.servlet.http.HttpSessionBindingEvent;
+import javax.servlet.http.HttpSessionBindingListener;
 import javax.servlet.http.HttpSessionContext;
 
 import org.assertj.core.data.Offset;
@@ -58,7 +62,7 @@ import org.springframework.session.SessionRepository;
 import org.springframework.test.util.ReflectionTestUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.assertj.core.api.Assertions.fail;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
@@ -1414,16 +1418,132 @@ public class SessionRepositoryFilterTests {
 	@Test
 	@SuppressWarnings("unused")
 	public void doesNotImplementOrdered() {
-		assertThatThrownBy(() -> {
+		assertThatExceptionOfType(ClassCastException.class).isThrownBy(() -> {
 			Ordered o = (Ordered) this.filter;
-		}).isInstanceOf(ClassCastException.class);
+		});
 	}
 
 	@Test
 	public void setHttpSessionIdResolverNull() {
-		assertThatThrownBy(() -> this.filter.setHttpSessionIdResolver(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("httpSessionIdResolver cannot be null");
+		assertThatExceptionOfType(IllegalArgumentException.class)
+				.isThrownBy(() -> this.filter.setHttpSessionIdResolver(null))
+				.withMessage("httpSessionIdResolver cannot be null");
+	}
+
+	@Test
+	public void bindingListenerBindListener() throws Exception {
+		String bindingListenerName = "bindingListener";
+		CountingHttpSessionBindingListener bindingListener = new CountingHttpSessionBindingListener();
+
+		doFilter(new DoInFilter() {
+
+			@Override
+			public void doFilter(HttpServletRequest wrappedRequest) {
+				HttpSession session = wrappedRequest.getSession();
+				session.setAttribute(bindingListenerName, bindingListener);
+			}
+
+		});
+
+		assertThat(bindingListener.getCounter()).isEqualTo(1);
+	}
+
+	@Test
+	public void bindingListenerBindListenerThenUnbind() throws Exception {
+		String bindingListenerName = "bindingListener";
+		CountingHttpSessionBindingListener bindingListener = new CountingHttpSessionBindingListener();
+
+		doFilter(new DoInFilter() {
+
+			@Override
+			public void doFilter(HttpServletRequest wrappedRequest) {
+				HttpSession session = wrappedRequest.getSession();
+				session.setAttribute(bindingListenerName, bindingListener);
+				session.removeAttribute(bindingListenerName);
+			}
+
+		});
+
+		assertThat(bindingListener.getCounter()).isEqualTo(0);
+	}
+
+	@Test
+	public void bindingListenerBindSameListenerTwice() throws Exception {
+		String bindingListenerName = "bindingListener";
+		CountingHttpSessionBindingListener bindingListener = new CountingHttpSessionBindingListener();
+
+		doFilter(new DoInFilter() {
+
+			@Override
+			public void doFilter(HttpServletRequest wrappedRequest) {
+				HttpSession session = wrappedRequest.getSession();
+				session.setAttribute(bindingListenerName, bindingListener);
+				session.setAttribute(bindingListenerName, bindingListener);
+			}
+
+		});
+
+		assertThat(bindingListener.getCounter()).isEqualTo(1);
+	}
+
+	@Test
+	public void bindingListenerBindListenerOverwrite() throws Exception {
+		String bindingListenerName = "bindingListener";
+		CountingHttpSessionBindingListener bindingListener1 = new CountingHttpSessionBindingListener();
+		CountingHttpSessionBindingListener bindingListener2 = new CountingHttpSessionBindingListener();
+
+		doFilter(new DoInFilter() {
+
+			@Override
+			public void doFilter(HttpServletRequest wrappedRequest) {
+				HttpSession session = wrappedRequest.getSession();
+				session.setAttribute(bindingListenerName, bindingListener1);
+				session.setAttribute(bindingListenerName, bindingListener2);
+			}
+
+		});
+
+		assertThat(bindingListener1.getCounter()).isEqualTo(0);
+		assertThat(bindingListener2.getCounter()).isEqualTo(1);
+	}
+
+	@Test
+	public void bindingListenerBindThrowsException() throws Exception {
+		String bindingListenerName = "bindingListener";
+		CountingHttpSessionBindingListener bindingListener = new CountingHttpSessionBindingListener();
+
+		doFilter(new DoInFilter() {
+
+			@Override
+			public void doFilter(HttpServletRequest wrappedRequest) {
+				HttpSession session = wrappedRequest.getSession();
+				bindingListener.setThrowException();
+				session.setAttribute(bindingListenerName, bindingListener);
+			}
+
+		});
+
+		assertThat(bindingListener.getCounter()).isEqualTo(0);
+	}
+
+	@Test
+	public void bindingListenerBindListenerThenUnbindThrowsException() throws Exception {
+		String bindingListenerName = "bindingListener";
+		CountingHttpSessionBindingListener bindingListener = new CountingHttpSessionBindingListener();
+
+		doFilter(new DoInFilter() {
+
+			@Override
+			public void doFilter(HttpServletRequest wrappedRequest) {
+				HttpSession session = wrappedRequest.getSession();
+				session.setAttribute(bindingListenerName, bindingListener);
+				bindingListener.setThrowException();
+				session.removeAttribute(bindingListenerName);
+			}
+
+		});
+
+		assertThat(bindingListener.getCounter()).isEqualTo(1);
 	}
 
 	// --- helper methods
@@ -1528,4 +1648,39 @@ public class SessionRepositoryFilterTests {
 
 	}
 
+	private static class CountingHttpSessionBindingListener
+			implements HttpSessionBindingListener {
+
+		private final AtomicInteger counter = new AtomicInteger(0);
+
+		private final AtomicBoolean throwException = new AtomicBoolean(false);
+
+		@Override
+		public void valueBound(HttpSessionBindingEvent event) {
+			if (this.throwException.get()) {
+				this.throwException.compareAndSet(true, false);
+				throw new RuntimeException("bind exception");
+			}
+			this.counter.incrementAndGet();
+		}
+
+		@Override
+		public void valueUnbound(HttpSessionBindingEvent event) {
+			if (this.throwException.get()) {
+				this.throwException.compareAndSet(true, false);
+				throw new RuntimeException("unbind exception");
+			}
+			this.counter.decrementAndGet();
+		}
+
+		int getCounter() {
+			return this.counter.get();
+		}
+
+		void setThrowException() {
+			this.throwException.compareAndSet(false, true);
+		}
+
+	}
+
 }

spring-session-core/src/test/java/org/springframework/session/web/server/session/SpringSessionWebSessionStoreTests.java

@@ -33,7 +33,7 @@ import org.springframework.session.Session;
 import org.springframework.web.server.WebSession;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verify;
@@ -69,9 +69,9 @@ public class SpringSessionWebSessionStoreTests<S extends Session> {
 
 	@Test
 	public void constructorWhenNullRepositoryThenThrowsIllegalArgumentException() {
-		assertThatThrownBy(() -> new SpringSessionWebSessionStore<S>(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("reactiveSessionRepository cannot be null");
+		assertThatExceptionOfType(IllegalArgumentException.class)
+				.isThrownBy(() -> new SpringSessionWebSessionStore<S>(null))
+				.withMessage("reactiveSessionRepository cannot be null");
 	}
 
 	@Test
@@ -253,17 +253,6 @@ public class SpringSessionWebSessionStoreTests<S extends Session> {
 				.containsExactly(new AbstractMap.SimpleEntry<>(attrName, attrValue));
 	}
 
-	@Test
-	public void storeSessionWhenInvokedThenSessionSaved() {
-		given(this.sessionRepository.save(this.createSession)).willReturn(Mono.empty());
-		WebSession createdSession = this.webSessionStore.createWebSession()
-				.block();
-
-		this.webSessionStore.storeSession(createdSession).block();
-
-		verify(this.sessionRepository).save(this.createSession);
-	}
-
 	@Test
 	public void retrieveSessionThenStarted() {
 		String id = "id";
@@ -286,9 +275,9 @@ public class SpringSessionWebSessionStoreTests<S extends Session> {
 
 	@Test
 	public void setClockWhenNullThenException() {
-		assertThatThrownBy(() -> this.webSessionStore.setClock(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("clock cannot be null");
+		assertThatExceptionOfType(IllegalArgumentException.class)
+				.isThrownBy(() -> this.webSessionStore.setClock(null))
+				.withMessage("clock cannot be null");
 	}
 
 	@Test // gh-1114

spring-session-core/src/test/java/org/springframework/session/web/socket/handler/WebSocketConnectHandlerDecoratorFactoryTests.java

@@ -31,7 +31,7 @@ import org.springframework.web.socket.WebSocketHandler;
 import org.springframework.web.socket.WebSocketSession;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.BDDMockito.willThrow;
 import static org.mockito.Mockito.any;
 import static org.mockito.Mockito.verify;
@@ -56,9 +56,9 @@ public class WebSocketConnectHandlerDecoratorFactoryTests {
 
 	@Test
 	public void constructorNullEventPublisher() {
-		assertThatThrownBy(() -> new WebSocketConnectHandlerDecoratorFactory(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("eventPublisher cannot be null");
+		assertThatExceptionOfType(IllegalArgumentException.class)
+				.isThrownBy(() -> new WebSocketConnectHandlerDecoratorFactory(null))
+				.withMessage("eventPublisher cannot be null");
 	}
 
 	@Test

spring-session-core/src/test/java/org/springframework/session/web/socket/server/SessionRepositoryMessageInterceptorTests.java

@@ -43,7 +43,7 @@ import org.springframework.session.Session;
 import org.springframework.session.SessionRepository;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.ArgumentMatchers.argThat;
@@ -82,9 +82,9 @@ public class SessionRepositoryMessageInterceptorTests {
 
 	@Test
 	public void preSendconstructorNullRepository() {
-		assertThatThrownBy(() -> new SessionRepositoryMessageInterceptor<>(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("sessionRepository cannot be null");
+		assertThatExceptionOfType(IllegalArgumentException.class)
+				.isThrownBy(() -> new SessionRepositoryMessageInterceptor<>(null))
+				.withMessage("sessionRepository cannot be null");
 	}
 
 	@Test
@@ -134,17 +134,16 @@ public class SessionRepositoryMessageInterceptorTests {
 
 	@Test
 	public void setMatchingMessageTypesNull() {
-		assertThatThrownBy(() -> this.interceptor.setMatchingMessageTypes(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("matchingMessageTypes cannot be null or empty");
+		assertThatExceptionOfType(IllegalArgumentException.class)
+				.isThrownBy(() -> this.interceptor.setMatchingMessageTypes(null))
+				.withMessage("matchingMessageTypes cannot be null or empty");
 	}
 
 	@Test
 	public void setMatchingMessageTypesEmpty() {
-		assertThatThrownBy(
+		assertThatExceptionOfType(IllegalArgumentException.class).isThrownBy(
 				() -> this.interceptor.setMatchingMessageTypes(Collections.emptySet()))
-						.isInstanceOf(IllegalArgumentException.class)
-						.hasMessage("matchingMessageTypes cannot be null or empty");
+				.withMessage("matchingMessageTypes cannot be null or empty");
 	}
 
 	@Test

spring-session-data-redis/src/integration-test/java/org/springframework/session/data/redis/AbstractRedisITests.java

@@ -29,7 +29,7 @@ import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactor
  */
 public abstract class AbstractRedisITests {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.12";
+	private static final String DOCKER_IMAGE = "redis:5.0.5";
 
 	protected static class BaseConfig {
 

spring-session-data-redis/src/integration-test/java/org/springframework/session/data/redis/ReactiveRedisOperationsSessionRepositoryITests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2018 the original author or authors.
+ * Copyright 2014-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,6 +20,7 @@ import java.time.Instant;
 
 import org.junit.Test;
 import org.junit.runner.RunWith;
+import reactor.core.publisher.Mono;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
@@ -30,6 +31,7 @@ import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.context.web.WebAppConfiguration;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * Integration tests for {@link ReactiveRedisOperationsSessionRepository}.
@@ -67,6 +69,17 @@ public class ReactiveRedisOperationsSessionRepositoryITests extends AbstractRedi
 		assertThat(this.repository.findById(toSave.getId()).block()).isNull();
 	}
 
+	@Test // gh-1399
+	public void saveMultipleTimes() {
+		ReactiveRedisOperationsSessionRepository.RedisSession session = this.repository
+				.createSession().block();
+		session.setAttribute("attribute1", "value1");
+		Mono<Void> save1 = this.repository.save(session);
+		session.setAttribute("attribute2", "value2");
+		Mono<Void> save2 = this.repository.save(session);
+		Mono.zip(save1, save2).block();
+	}
+
 	@Test
 	public void putAllOnSingleAttrDoesNotRemoveOld() {
 		ReactiveRedisOperationsSessionRepository.RedisSession toSave = this.repository
@@ -209,7 +222,10 @@ public class ReactiveRedisOperationsSessionRepositoryITests extends AbstractRedi
 		this.repository.save(session).block();
 
 		toSave.setLastAccessedTime(Instant.now());
-		this.repository.save(toSave).block();
+
+		assertThatExceptionOfType(IllegalStateException.class)
+				.isThrownBy(() -> this.repository.save(toSave).block())
+				.withMessage("Session was invalidated");
 
 		assertThat(this.repository.findById(sessionId).block()).isNull();
 		assertThat(this.repository.findById(session.getId()).block()).isNotNull();

spring-session-data-redis/src/integration-test/resources/testcontainers.properties

@@ -0,0 +1 @@
+ryuk.container.timeout=120

spring-session-data-redis/src/main/java/org/springframework/session/data/redis/ReactiveRedisOperationsSessionRepository.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2018 the original author or authors.
+ * Copyright 2014-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -118,6 +118,15 @@ public class ReactiveRedisOperationsSessionRepository implements
 		this.redisFlushMode = redisFlushMode;
 	}
 
+	/**
+	 * Returns the {@link ReactiveRedisOperations} used for sessions.
+	 * @return the {@link ReactiveRedisOperations} used for sessions
+	 * @since 2.1.0
+	 */
+	public ReactiveRedisOperations<String, Object> getSessionRedisOperations() {
+		return this.sessionRedisOperations;
+	}
+
 	@Override
 	public Mono<RedisSession> createSession() {
 		return Mono.defer(() -> {
@@ -134,21 +143,15 @@ public class ReactiveRedisOperationsSessionRepository implements
 
 	@Override
 	public Mono<Void> save(RedisSession session) {
-		Mono<Void> result = session.saveChangeSessionId().and(session.saveDelta())
-				.and((s) -> {
-					session.isNew = false;
-					s.onComplete();
-				});
 		if (session.isNew) {
-			return result;
-		}
-		else {
-			String sessionKey = getSessionKey(
-					session.hasChangedSessionId() ? session.originalSessionId
-							: session.getId());
-			return this.sessionRedisOperations.hasKey(sessionKey)
-					.flatMap((exists) -> exists ? result : Mono.empty());
+			return session.save();
 		}
+		String sessionKey = getSessionKey(
+				session.hasChangedSessionId() ? session.originalSessionId
+						: session.getId());
+		return this.sessionRedisOperations.hasKey(sessionKey).flatMap((exists) -> exists
+				? session.save()
+				: Mono.error(new IllegalStateException("Session was invalidated")));
 	}
 
 	@Override
@@ -294,7 +297,7 @@ public class ReactiveRedisOperationsSessionRepository implements
 
 		private void flushImmediateIfNecessary() {
 			if (ReactiveRedisOperationsSessionRepository.this.redisFlushMode == RedisFlushMode.IMMEDIATE) {
-				saveDelta();
+				save();
 			}
 		}
 
@@ -303,6 +306,11 @@ public class ReactiveRedisOperationsSessionRepository implements
 			flushImmediateIfNecessary();
 		}
 
+		private Mono<Void> save() {
+			return Mono.defer(() -> saveChangeSessionId().then(saveDelta())
+					.doOnSuccess((aVoid) -> this.isNew = false));
+		}
+
 		private Mono<Void> saveDelta() {
 			if (this.delta.isEmpty()) {
 				return Mono.empty();
@@ -310,7 +318,7 @@ public class ReactiveRedisOperationsSessionRepository implements
 
 			String sessionKey = getSessionKey(getId());
 			Mono<Boolean> update = ReactiveRedisOperationsSessionRepository.this.sessionRedisOperations
-					.opsForHash().putAll(sessionKey, this.delta);
+					.opsForHash().putAll(sessionKey, new HashMap<>(this.delta));
 			Mono<Boolean> setTtl = ReactiveRedisOperationsSessionRepository.this.sessionRedisOperations
 					.expire(sessionKey, getMaxInactiveInterval());
 

spring-session-data-redis/src/main/java/org/springframework/session/data/redis/RedisOperationsSessionRepository.java

@@ -418,7 +418,7 @@ public class RedisOperationsSessionRepository implements
 
 	@Override
 	public void save(RedisSession session) {
-		session.saveDelta();
+		session.save();
 		if (session.isNew()) {
 			String sessionCreatedKey = getSessionCreatedChannel(session.getId());
 			this.sessionRedisOperations.convertAndSend(sessionCreatedKey, session.delta);
@@ -516,12 +516,13 @@ public class RedisOperationsSessionRepository implements
 
 	@Override
 	public RedisSession createSession() {
-		RedisSession redisSession = new RedisSession();
-		if (this.defaultMaxInactiveInterval != null) {
-			redisSession.setMaxInactiveInterval(
-					Duration.ofSeconds(this.defaultMaxInactiveInterval));
-		}
-		return redisSession;
+		Duration maxInactiveInterval = Duration
+				.ofSeconds((this.defaultMaxInactiveInterval != null)
+						? this.defaultMaxInactiveInterval
+						: MapSession.DEFAULT_MAX_INACTIVE_INTERVAL_SECONDS);
+		RedisSession session = new RedisSession(maxInactiveInterval);
+		session.flushImmediateIfNecessary();
+		return session;
 	}
 
 	@Override
@@ -711,14 +712,17 @@ public class RedisOperationsSessionRepository implements
 		/**
 		 * Creates a new instance ensuring to mark all of the new attributes to be
 		 * persisted in the next save operation.
+		 *
+		 * @param maxInactiveInterval the amount of time that the {@link Session} should
+		 * be kept alive between client requests.
 		 */
-		RedisSession() {
+		RedisSession(Duration maxInactiveInterval) {
 			this(new MapSession());
+			this.cached.setMaxInactiveInterval(maxInactiveInterval);
 			this.delta.put(CREATION_TIME_ATTR, getCreationTime().toEpochMilli());
 			this.delta.put(MAX_INACTIVE_ATTR, (int) getMaxInactiveInterval().getSeconds());
 			this.delta.put(LAST_ACCESSED_ATTR, getLastAccessedTime().toEpochMilli());
 			this.isNew = true;
-			this.flushImmediateIfNecessary();
 		}
 
 		/**
@@ -808,7 +812,7 @@ public class RedisOperationsSessionRepository implements
 
 		private void flushImmediateIfNecessary() {
 			if (RedisOperationsSessionRepository.this.redisFlushMode == RedisFlushMode.IMMEDIATE) {
-				saveDelta();
+				save();
 			}
 		}
 
@@ -817,16 +821,20 @@ public class RedisOperationsSessionRepository implements
 			this.flushImmediateIfNecessary();
 		}
 
+		private void save() {
+			saveChangeSessionId();
+			saveDelta();
+		}
+
 		/**
 		 * Saves any attributes that have been changed and updates the expiration of this
 		 * session.
 		 */
 		private void saveDelta() {
-			String sessionId = getId();
-			saveChangeSessionId(sessionId);
 			if (this.delta.isEmpty()) {
 				return;
 			}
+			String sessionId = getId();
 			getSessionBoundHashOperations(sessionId).putAll(this.delta);
 			String principalSessionKey = getSessionAttrNameKey(
 					FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME);
@@ -859,30 +867,32 @@ public class RedisOperationsSessionRepository implements
 					.onExpirationUpdated(originalExpiration, this);
 		}
 
-		private void saveChangeSessionId(String sessionId) {
-			if (!sessionId.equals(this.originalSessionId)) {
-				if (!isNew()) {
-					String originalSessionIdKey = getSessionKey(this.originalSessionId);
-					String sessionIdKey = getSessionKey(sessionId);
-					try {
-						RedisOperationsSessionRepository.this.sessionRedisOperations
-								.rename(originalSessionIdKey, sessionIdKey);
-					}
-					catch (NonTransientDataAccessException ex) {
-						handleErrNoSuchKeyError(ex);
-					}
-					String originalExpiredKey = getExpiredKey(this.originalSessionId);
-					String expiredKey = getExpiredKey(sessionId);
-					try {
-						RedisOperationsSessionRepository.this.sessionRedisOperations
-								.rename(originalExpiredKey, expiredKey);
-					}
-					catch (NonTransientDataAccessException ex) {
-						handleErrNoSuchKeyError(ex);
-					}
-				}
-				this.originalSessionId = sessionId;
+		private void saveChangeSessionId() {
+			String sessionId = getId();
+			if (sessionId.equals(this.originalSessionId)) {
+				return;
 			}
+			if (!isNew()) {
+				String originalSessionIdKey = getSessionKey(this.originalSessionId);
+				String sessionIdKey = getSessionKey(sessionId);
+				try {
+					RedisOperationsSessionRepository.this.sessionRedisOperations
+							.rename(originalSessionIdKey, sessionIdKey);
+				}
+				catch (NonTransientDataAccessException ex) {
+					handleErrNoSuchKeyError(ex);
+				}
+				String originalExpiredKey = getExpiredKey(this.originalSessionId);
+				String expiredKey = getExpiredKey(sessionId);
+				try {
+					RedisOperationsSessionRepository.this.sessionRedisOperations
+							.rename(originalExpiredKey, expiredKey);
+				}
+				catch (NonTransientDataAccessException ex) {
+					handleErrNoSuchKeyError(ex);
+				}
+			}
+			this.originalSessionId = sessionId;
 		}
 
 		private void handleErrNoSuchKeyError(NonTransientDataAccessException ex) {

spring-session-data-redis/src/main/java/org/springframework/session/data/redis/config/annotation/SpringSessionRedisOperations.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -23,14 +23,14 @@ import java.lang.annotation.RetentionPolicy;
 import java.lang.annotation.Target;
 
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.data.redis.core.RedisOperations;
-import org.springframework.session.data.redis.RedisOperationsSessionRepository;
 
 /**
- * Annotation used to inject the {@link RedisOperations} instance used by Spring Session's
- * {@link RedisOperationsSessionRepository}.
+ * Annotation used to inject the Redis accessor used by Spring Session's Redis session
+ * repository.
  *
  * @author Vedran Pavic
+ * @see org.springframework.session.data.redis.RedisOperationsSessionRepository#getSessionRedisOperations()
+ * @see org.springframework.session.data.redis.ReactiveRedisOperationsSessionRepository#getSessionRedisOperations()
  * @since 2.0.0
  */
 @Target({ ElementType.FIELD, ElementType.METHOD, ElementType.PARAMETER,

spring-session-data-redis/src/main/java/org/springframework/session/data/redis/config/annotation/web/server/RedisWebSessionConfiguration.java

@@ -21,6 +21,7 @@ import java.util.Map;
 import org.springframework.beans.factory.BeanClassLoaderAware;
 import org.springframework.beans.factory.ObjectProvider;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.context.EmbeddedValueResolverAware;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -64,6 +65,8 @@ public class RedisWebSessionConfiguration extends SpringWebSessionConfiguration
 
 	private ReactiveRedisConnectionFactory redisConnectionFactory;
 
+	private RedisSerializer<Object> defaultRedisSerializer;
+
 	private ClassLoader classLoader;
 
 	private StringValueResolver embeddedValueResolver;
@@ -107,6 +110,13 @@ public class RedisWebSessionConfiguration extends SpringWebSessionConfiguration
 		this.redisConnectionFactory = redisConnectionFactoryToUse;
 	}
 
+	@Autowired(required = false)
+	@Qualifier("springSessionDefaultRedisSerializer")
+	public void setDefaultRedisSerializer(
+			RedisSerializer<Object> defaultRedisSerializer) {
+		this.defaultRedisSerializer = defaultRedisSerializer;
+	}
+
 	@Override
 	public void setBeanClassLoader(ClassLoader classLoader) {
 		this.classLoader = classLoader;
@@ -134,10 +144,11 @@ public class RedisWebSessionConfiguration extends SpringWebSessionConfiguration
 
 	private ReactiveRedisTemplate<String, Object> createReactiveRedisTemplate() {
 		RedisSerializer<String> keySerializer = new StringRedisSerializer();
-		RedisSerializer<Object> valueSerializer = new JdkSerializationRedisSerializer(
-				this.classLoader);
+		RedisSerializer<Object> defaultSerializer = (this.defaultRedisSerializer != null)
+				? this.defaultRedisSerializer
+				: new JdkSerializationRedisSerializer(this.classLoader);
 		RedisSerializationContext<String, Object> serializationContext = RedisSerializationContext
-				.<String, Object>newSerializationContext(valueSerializer)
+				.<String, Object>newSerializationContext(defaultSerializer)
 				.key(keySerializer).hashKey(keySerializer).build();
 		return new ReactiveRedisTemplate<>(this.redisConnectionFactory,
 				serializationContext);

spring-session-data-redis/src/test/java/org/springframework/session/data/redis/ReactiveRedisOperationsSessionRepositoryTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2018 the original author or authors.
+ * Copyright 2014-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -36,7 +36,7 @@ import org.springframework.session.data.redis.ReactiveRedisOperationsSessionRepo
 import org.springframework.test.util.ReflectionTestUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.BDDMockito.given;
@@ -80,9 +80,9 @@ public class ReactiveRedisOperationsSessionRepositoryTests {
 
 	@Test
 	public void constructorWithNullReactiveRedisOperations() {
-		assertThatThrownBy(() -> new ReactiveRedisOperationsSessionRepository(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("sessionRedisOperations cannot be null");
+		assertThatExceptionOfType(IllegalArgumentException.class)
+				.isThrownBy(() -> new ReactiveRedisOperationsSessionRepository(null))
+				.withMessageContaining("sessionRedisOperations cannot be null");
 	}
 
 	@Test
@@ -95,16 +95,16 @@ public class ReactiveRedisOperationsSessionRepositoryTests {
 
 	@Test
 	public void nullRedisKeyNamespace() {
-		assertThatThrownBy(() -> this.repository.setRedisKeyNamespace(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("namespace cannot be null or empty");
+		assertThatExceptionOfType(IllegalArgumentException.class)
+				.isThrownBy(() -> this.repository.setRedisKeyNamespace(null))
+				.withMessage("namespace cannot be null or empty");
 	}
 
 	@Test
 	public void emptyRedisKeyNamespace() {
-		assertThatThrownBy(() -> this.repository.setRedisKeyNamespace(""))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("namespace cannot be null or empty");
+		assertThatExceptionOfType(IllegalArgumentException.class)
+				.isThrownBy(() -> this.repository.setRedisKeyNamespace(""))
+				.withMessage("namespace cannot be null or empty");
 	}
 
 	@Test
@@ -125,16 +125,17 @@ public class ReactiveRedisOperationsSessionRepositoryTests {
 
 	@Test
 	public void nullRedisFlushMode() {
-		assertThatThrownBy(() -> this.repository.setRedisFlushMode(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("redisFlushMode cannot be null");
+		assertThatExceptionOfType(IllegalArgumentException.class)
+				.isThrownBy(() -> this.repository.setRedisFlushMode(null))
+				.withMessage("redisFlushMode cannot be null");
 	}
 
 	@Test
 	public void createSessionDefaultMaxInactiveInterval() {
-		StepVerifier.create(this.repository.createSession()).consumeNextWith(
-				(session) -> assertThat(session.getMaxInactiveInterval()).isEqualTo(Duration
-						.ofSeconds(MapSession.DEFAULT_MAX_INACTIVE_INTERVAL_SECONDS)))
+		StepVerifier.create(this.repository.createSession())
+				.consumeNextWith((session) -> assertThat(session.getMaxInactiveInterval())
+						.isEqualTo(Duration.ofSeconds(
+								MapSession.DEFAULT_MAX_INACTIVE_INTERVAL_SECONDS)))
 				.verifyComplete();
 	}
 
@@ -155,30 +156,26 @@ public class ReactiveRedisOperationsSessionRepositoryTests {
 		given(this.redisOperations.expire(anyString(), any()))
 				.willReturn(Mono.just(true));
 
-		StepVerifier
-				.create(this.repository.createSession().doOnNext(this.repository::save))
-				.consumeNextWith((session) -> {
-					verify(this.redisOperations).opsForHash();
-					verify(this.hashOperations).putAll(anyString(), this.delta.capture());
-					verify(this.redisOperations).expire(anyString(), any());
-					verifyZeroInteractions(this.redisOperations);
-					verifyZeroInteractions(this.hashOperations);
+		RedisSession newSession = this.repository.new RedisSession();
+		StepVerifier.create(this.repository.save(newSession)).verifyComplete();
 
-					Map<String, Object> delta = this.delta.getAllValues().get(0);
-					assertThat(delta.size()).isEqualTo(3);
-					assertThat(delta.get(
-							ReactiveRedisOperationsSessionRepository.CREATION_TIME_KEY))
-									.isEqualTo(session.getCreationTime().toEpochMilli());
-					assertThat(delta.get(
-							ReactiveRedisOperationsSessionRepository.MAX_INACTIVE_INTERVAL_KEY))
-									.isEqualTo((int) Duration.ofSeconds(
-											MapSession.DEFAULT_MAX_INACTIVE_INTERVAL_SECONDS)
-											.getSeconds());
-					assertThat(delta.get(
-							ReactiveRedisOperationsSessionRepository.LAST_ACCESSED_TIME_KEY))
-									.isEqualTo(
-											session.getLastAccessedTime().toEpochMilli());
-				}).verifyComplete();
+		verify(this.redisOperations).opsForHash();
+		verify(this.hashOperations).putAll(anyString(), this.delta.capture());
+		verify(this.redisOperations).expire(anyString(), any());
+		verifyZeroInteractions(this.redisOperations);
+		verifyZeroInteractions(this.hashOperations);
+
+		Map<String, Object> delta = this.delta.getAllValues().get(0);
+		assertThat(delta.size()).isEqualTo(3);
+		assertThat(delta.get(ReactiveRedisOperationsSessionRepository.CREATION_TIME_KEY))
+				.isEqualTo(newSession.getCreationTime().toEpochMilli());
+		assertThat(delta
+				.get(ReactiveRedisOperationsSessionRepository.MAX_INACTIVE_INTERVAL_KEY))
+						.isEqualTo(
+								(int) newSession.getMaxInactiveInterval().getSeconds());
+		assertThat(delta
+				.get(ReactiveRedisOperationsSessionRepository.LAST_ACCESSED_TIME_KEY))
+						.isEqualTo(newSession.getLastAccessedTime().toEpochMilli());
 	}
 
 	@Test
@@ -207,7 +204,7 @@ public class ReactiveRedisOperationsSessionRepositoryTests {
 
 		RedisSession session = this.repository.new RedisSession(this.cached);
 		session.setLastAccessedTime(Instant.ofEpochMilli(12345678L));
-		Mono.just(session).subscribe(this.repository::save);
+		StepVerifier.create(this.repository.save(session)).verifyComplete();
 
 		verify(this.redisOperations).hasKey(anyString());
 		verify(this.redisOperations).opsForHash();
@@ -232,7 +229,7 @@ public class ReactiveRedisOperationsSessionRepositoryTests {
 		String attrName = "attrName";
 		RedisSession session = this.repository.new RedisSession(this.cached);
 		session.setAttribute(attrName, "attrValue");
-		Mono.just(session).subscribe(this.repository::save);
+		StepVerifier.create(this.repository.save(session)).verifyComplete();
 
 		verify(this.redisOperations).hasKey(anyString());
 		verify(this.redisOperations).opsForHash();
@@ -257,7 +254,7 @@ public class ReactiveRedisOperationsSessionRepositoryTests {
 		String attrName = "attrName";
 		RedisSession session = this.repository.new RedisSession(new MapSession());
 		session.removeAttribute(attrName);
-		Mono.just(session).subscribe(this.repository::save);
+		StepVerifier.create(this.repository.save(session)).verifyComplete();
 
 		verify(this.redisOperations).hasKey(anyString());
 		verify(this.redisOperations).opsForHash();
@@ -333,25 +330,30 @@ public class ReactiveRedisOperationsSessionRepositoryTests {
 		given(this.hashOperations.entries(anyString()))
 				.willReturn(Flux.fromIterable(map.entrySet()));
 
-		StepVerifier.create(this.repository.findById("test")).consumeNextWith((session) -> {
-			verify(this.redisOperations).opsForHash();
-			verify(this.hashOperations).entries(anyString());
-			verifyZeroInteractions(this.redisOperations);
-			verifyZeroInteractions(this.hashOperations);
+		StepVerifier.create(this.repository.findById("test"))
+				.consumeNextWith((session) -> {
+					verify(this.redisOperations).opsForHash();
+					verify(this.hashOperations).entries(anyString());
+					verifyZeroInteractions(this.redisOperations);
+					verifyZeroInteractions(this.hashOperations);
 
-			assertThat(session.getId()).isEqualTo(expected.getId());
-			assertThat(session.getAttributeNames())
-					.isEqualTo(expected.getAttributeNames());
-			assertThat(session.<String>getAttribute(attribute1))
-					.isEqualTo(expected.getAttribute(attribute1));
-			assertThat(session.<String>getAttribute(attribute2))
-					.isEqualTo(expected.getAttribute(attribute2));
-			assertThat(session.getCreationTime()).isEqualTo(expected.getCreationTime());
-			assertThat(session.getMaxInactiveInterval())
-					.isEqualTo(expected.getMaxInactiveInterval());
-			assertThat(session.getLastAccessedTime())
-					.isEqualTo(expected.getLastAccessedTime());
-		}).verifyComplete();
+					assertThat(session.getId()).isEqualTo(expected.getId());
+					assertThat(session.getAttributeNames())
+							.isEqualTo(expected.getAttributeNames());
+					assertThat(session.<String>getAttribute(attribute1))
+							.isEqualTo(expected.getAttribute(attribute1));
+					assertThat(session.<String>getAttribute(attribute2))
+							.isEqualTo(expected.getAttribute(attribute2));
+					assertThat(session.getCreationTime().truncatedTo(ChronoUnit.MILLIS))
+							.isEqualTo(expected.getCreationTime()
+									.truncatedTo(ChronoUnit.MILLIS));
+					assertThat(session.getMaxInactiveInterval())
+							.isEqualTo(expected.getMaxInactiveInterval());
+					assertThat(
+							session.getLastAccessedTime().truncatedTo(ChronoUnit.MILLIS))
+									.isEqualTo(expected.getLastAccessedTime()
+											.truncatedTo(ChronoUnit.MILLIS));
+				}).verifyComplete();
 	}
 
 	@Test

spring-session-data-redis/src/test/java/org/springframework/session/data/redis/RedisOperationsSessionRepositoryTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2018 the original author or authors.
+ * Copyright 2014-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -59,7 +59,7 @@ import org.springframework.session.data.redis.RedisOperationsSessionRepository.R
 import org.springframework.session.events.AbstractSessionEvent;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyLong;
 import static org.mockito.ArgumentMatchers.anyString;
@@ -115,9 +115,9 @@ public class RedisOperationsSessionRepositoryTests {
 
 	@Test
 	public void setApplicationEventPublisherNull() {
-		assertThatThrownBy(() -> this.redisRepository.setApplicationEventPublisher(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("applicationEventPublisher cannot be null");
+		assertThatExceptionOfType(IllegalArgumentException.class)
+				.isThrownBy(() -> this.redisRepository.setApplicationEventPublisher(null))
+				.withMessage("applicationEventPublisher cannot be null");
 	}
 
 	@Test
@@ -343,7 +343,8 @@ public class RedisOperationsSessionRepositoryTests {
 	@Test
 	public void redisSessionGetAttributes() {
 		String attrName = "attrName";
-		RedisSession session = this.redisRepository.new RedisSession();
+		RedisSession session = this.redisRepository.new RedisSession(
+				Duration.ofSeconds(MapSession.DEFAULT_MAX_INACTIVE_INTERVAL_SECONDS));
 		assertThat(session.getAttributeNames()).isEmpty();
 		session.setAttribute(attrName, "attrValue");
 		assertThat(session.getAttributeNames()).containsOnly(attrName);
@@ -432,12 +433,12 @@ public class RedisOperationsSessionRepositoryTests {
 				.isEqualTo(expected.getAttribute(attribute1));
 		assertThat(session.<String>getAttribute(attribute2))
 				.isEqualTo(expected.getAttribute(attribute2));
-		assertThat(session.getCreationTime()).isEqualTo(expected.getCreationTime());
+		assertThat(session.getCreationTime().truncatedTo(ChronoUnit.MILLIS))
+				.isEqualTo(expected.getCreationTime().truncatedTo(ChronoUnit.MILLIS));
 		assertThat(session.getMaxInactiveInterval())
 				.isEqualTo(expected.getMaxInactiveInterval());
-		assertThat(session.getLastAccessedTime())
-				.isEqualTo(expected.getLastAccessedTime());
-
+		assertThat(session.getLastAccessedTime().truncatedTo(ChronoUnit.MILLIS))
+				.isEqualTo(expected.getLastAccessedTime().truncatedTo(ChronoUnit.MILLIS));
 	}
 
 	@Test
@@ -498,9 +499,11 @@ public class RedisOperationsSessionRepositoryTests {
 		RedisSession session = sessionIdToSessions.get(sessionId);
 		assertThat(session).isNotNull();
 		assertThat(session.getId()).isEqualTo(sessionId);
-		assertThat(session.getLastAccessedTime()).isEqualTo(lastAccessed);
+		assertThat(session.getLastAccessedTime().truncatedTo(ChronoUnit.MILLIS))
+				.isEqualTo(lastAccessed.truncatedTo(ChronoUnit.MILLIS));
 		assertThat(session.getMaxInactiveInterval()).isEqualTo(maxInactive);
-		assertThat(session.getCreationTime()).isEqualTo(createdTime);
+		assertThat(session.getCreationTime().truncatedTo(ChronoUnit.MILLIS))
+				.isEqualTo(createdTime.truncatedTo(ChronoUnit.MILLIS));
 	}
 
 	@Test
@@ -755,6 +758,23 @@ public class RedisOperationsSessionRepositoryTests {
 				.isEqualTo(session.getCreationTime().toEpochMilli());
 	}
 
+	@Test // gh-1409
+	public void flushModeImmediateCreateWithCustomMaxInactiveInterval() {
+		given(this.redisOperations.boundHashOps(anyString()))
+				.willReturn(this.boundHashOperations);
+		given(this.redisOperations.boundSetOps(anyString()))
+				.willReturn(this.boundSetOperations);
+		given(this.redisOperations.boundValueOps(anyString()))
+				.willReturn(this.boundValueOperations);
+		this.redisRepository.setDefaultMaxInactiveInterval(60);
+		this.redisRepository.setRedisFlushMode(RedisFlushMode.IMMEDIATE);
+		this.redisRepository.createSession();
+		Map<String, Object> delta = getDelta();
+		assertThat(delta.size()).isEqualTo(3);
+		assertThat(delta.get(RedisOperationsSessionRepository.MAX_INACTIVE_ATTR))
+				.isEqualTo(60);
+	}
+
 	@Test
 	public void flushModeImmediateSetAttribute() {
 		given(this.redisOperations.boundHashOps(anyString()))
@@ -839,9 +859,9 @@ public class RedisOperationsSessionRepositoryTests {
 
 	@Test
 	public void setRedisFlushModeNull() {
-		assertThatThrownBy(() -> this.redisRepository.setRedisFlushMode(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("redisFlushMode cannot be null");
+		assertThatExceptionOfType(IllegalArgumentException.class)
+				.isThrownBy(() -> this.redisRepository.setRedisFlushMode(null))
+				.withMessage("redisFlushMode cannot be null");
 	}
 
 	@Test
@@ -866,16 +886,16 @@ public class RedisOperationsSessionRepositoryTests {
 
 	@Test
 	public void setRedisKeyNamespaceNullNamespace() {
-		assertThatThrownBy(() -> this.redisRepository.setRedisKeyNamespace(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("namespace cannot be null or empty");
+		assertThatExceptionOfType(IllegalArgumentException.class)
+				.isThrownBy(() -> this.redisRepository.setRedisKeyNamespace(null))
+				.withMessage("namespace cannot be null or empty");
 	}
 
 	@Test
 	public void setRedisKeyNamespaceEmptyNamespace() {
-		assertThatThrownBy(() -> this.redisRepository.setRedisKeyNamespace(" "))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("namespace cannot be null or empty");
+		assertThatExceptionOfType(IllegalArgumentException.class)
+				.isThrownBy(() -> this.redisRepository.setRedisKeyNamespace(" "))
+				.withMessage("namespace cannot be null or empty");
 	}
 
 	@Test // gh-1120

spring-session-data-redis/src/test/java/org/springframework/session/data/redis/config/annotation/web/http/RedisHttpSessionConfigurationTests.java

@@ -37,7 +37,7 @@ import org.springframework.session.data.redis.config.annotation.SpringSessionRed
 import org.springframework.test.util.ReflectionTestUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -184,10 +184,10 @@ public class RedisHttpSessionConfigurationTests {
 
 	@Test
 	public void multipleConnectionFactoryRedisConfig() {
-		assertThatThrownBy(() -> registerAndRefresh(RedisConfig.class,
-				MultipleConnectionFactoryRedisConfig.class))
-						.isInstanceOf(BeanCreationException.class)
-						.hasMessageContaining("expected single matching bean but found 2");
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> registerAndRefresh(RedisConfig.class,
+						MultipleConnectionFactoryRedisConfig.class))
+				.withMessageContaining("expected single matching bean but found 2");
 	}
 
 	private void registerAndRefresh(Class<?>... annotatedClasses) {

spring-session-data-redis/src/test/java/org/springframework/session/data/redis/config/annotation/web/server/RedisWebSessionConfigurationTests.java

@@ -27,13 +27,16 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Primary;
 import org.springframework.data.redis.connection.ReactiveRedisConnectionFactory;
 import org.springframework.data.redis.core.ReactiveRedisOperations;
+import org.springframework.data.redis.serializer.RedisSerializationContext;
+import org.springframework.data.redis.serializer.RedisSerializer;
 import org.springframework.session.data.redis.ReactiveRedisOperationsSessionRepository;
 import org.springframework.session.data.redis.RedisFlushMode;
 import org.springframework.session.data.redis.config.annotation.SpringSessionRedisConnectionFactory;
+import org.springframework.session.data.redis.config.annotation.SpringSessionRedisOperations;
 import org.springframework.test.util.ReflectionTestUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.Mockito.mock;
 
 /**
@@ -70,6 +73,22 @@ public class RedisWebSessionConfigurationTests {
 		assertThat(repository).isNotNull();
 	}
 
+	@Test
+	public void springSessionRedisOperationsResolvingConfiguration() {
+		registerAndRefresh(RedisConfig.class,
+				SpringSessionRedisOperationsResolvingConfig.class);
+
+		ReactiveRedisOperationsSessionRepository repository = this.context
+				.getBean(ReactiveRedisOperationsSessionRepository.class);
+		assertThat(repository).isNotNull();
+		ReactiveRedisOperations<String, Object> springSessionRedisOperations = this.context
+				.getBean(SpringSessionRedisOperationsResolvingConfig.class)
+				.getSpringSessionRedisOperations();
+		assertThat(springSessionRedisOperations).isNotNull();
+		assertThat((ReactiveRedisOperations) ReflectionTestUtils.getField(repository,
+				"sessionRedisOperations")).isEqualTo(springSessionRedisOperations);
+	}
+
 	@Test
 	public void customNamespace() {
 		registerAndRefresh(RedisConfig.class, CustomNamespaceConfig.class);
@@ -175,10 +194,40 @@ public class RedisWebSessionConfigurationTests {
 
 	@Test
 	public void multipleConnectionFactoryRedisConfig() {
-		assertThatThrownBy(() -> registerAndRefresh(RedisConfig.class,
-				MultipleConnectionFactoryRedisConfig.class))
-						.isInstanceOf(BeanCreationException.class)
-						.hasMessageContaining("expected single matching bean but found 2");
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(() -> registerAndRefresh(RedisConfig.class,
+						MultipleConnectionFactoryRedisConfig.class))
+				.withMessageContaining("expected single matching bean but found 2");
+	}
+
+	@Test
+	@SuppressWarnings("unchecked")
+	public void customRedisSerializerConfig() {
+		registerAndRefresh(RedisConfig.class, CustomRedisSerializerConfig.class);
+
+		ReactiveRedisOperationsSessionRepository repository = this.context
+				.getBean(ReactiveRedisOperationsSessionRepository.class);
+		RedisSerializer<Object> redisSerializer = this.context
+				.getBean("springSessionDefaultRedisSerializer", RedisSerializer.class);
+		assertThat(repository).isNotNull();
+		assertThat(redisSerializer).isNotNull();
+		ReactiveRedisOperations redisOperations = (ReactiveRedisOperations) ReflectionTestUtils
+				.getField(repository, "sessionRedisOperations");
+		assertThat(redisOperations).isNotNull();
+		RedisSerializationContext serializationContext = redisOperations
+				.getSerializationContext();
+		assertThat(ReflectionTestUtils.getField(
+				serializationContext.getValueSerializationPair().getReader(),
+				"serializer")).isEqualTo(redisSerializer);
+		assertThat(ReflectionTestUtils.getField(
+				serializationContext.getValueSerializationPair().getWriter(),
+				"serializer")).isEqualTo(redisSerializer);
+		assertThat(ReflectionTestUtils.getField(
+				serializationContext.getHashValueSerializationPair().getReader(),
+				"serializer")).isEqualTo(redisSerializer);
+		assertThat(ReflectionTestUtils.getField(
+				serializationContext.getHashValueSerializationPair().getWriter(),
+				"serializer")).isEqualTo(redisSerializer);
 	}
 
 	private void registerAndRefresh(Class<?>... annotatedClasses) {
@@ -201,6 +250,18 @@ public class RedisWebSessionConfigurationTests {
 
 	}
 
+	@EnableRedisWebSession
+	static class SpringSessionRedisOperationsResolvingConfig {
+
+		@SpringSessionRedisOperations
+		private ReactiveRedisOperations<String, Object> springSessionRedisOperations;
+
+		public ReactiveRedisOperations<String, Object> getSpringSessionRedisOperations() {
+			return this.springSessionRedisOperations;
+		}
+
+	}
+
 	@EnableRedisWebSession(redisNamespace = REDIS_NAMESPACE)
 	static class CustomNamespaceConfig {
 
@@ -275,4 +336,15 @@ public class RedisWebSessionConfigurationTests {
 
 	}
 
+	@EnableRedisWebSession
+	static class CustomRedisSerializerConfig {
+
+		@Bean
+		@SuppressWarnings("unchecked")
+		public RedisSerializer<Object> springSessionDefaultRedisSerializer() {
+			return mock(RedisSerializer.class);
+		}
+
+	}
+
 }

spring-session-hazelcast/spring-session-hazelcast.gradle

@@ -3,6 +3,7 @@ apply plugin: 'io.spring.convention.spring-module'
 dependencies {
 	compile project(':spring-session-core')
 	compile "com.hazelcast:hazelcast"
+	compile "javax.annotation:javax.annotation-api"
 	compile "org.springframework:spring-context"
 
 	testCompile "javax.servlet:javax.servlet-api"

spring-session-hazelcast/src/integration-test/java/org/springframework/session/hazelcast/HazelcastClientRepositoryITests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2018 the original author or authors.
+ * Copyright 2014-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -48,7 +48,7 @@ import org.springframework.test.context.web.WebAppConfiguration;
 public class HazelcastClientRepositoryITests extends AbstractHazelcastRepositoryITests {
 
 	private static GenericContainer container = new GenericContainer<>(
-			"hazelcast/hazelcast:3.9.4")
+			"hazelcast/hazelcast:3.11.4")
 					.withExposedPorts(5701)
 					.withEnv("JAVA_OPTS",
 							"-Dhazelcast.config=/opt/hazelcast/config_ext/hazelcast.xml")

spring-session-hazelcast/src/integration-test/java/org/springframework/session/hazelcast/config/annotation/web/http/EnableHazelcastHttpSessionEventsTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2018 the original author or authors.
+ * Copyright 2014-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -122,7 +122,7 @@ public class EnableHazelcastHttpSessionEventsTests<S extends Session> {
 		assertThat(this.registry.<SessionExpiredEvent>getEvent(sessionToSave.getId()))
 				.isInstanceOf(SessionExpiredEvent.class);
 
-		assertThat(this.repository.<Session>findById(sessionToSave.getId())).isNull();
+		assertThat(this.repository.findById(sessionToSave.getId())).isNull();
 	}
 
 	@Test
@@ -147,24 +147,18 @@ public class EnableHazelcastHttpSessionEventsTests<S extends Session> {
 
 	@Test
 	public void saveUpdatesTimeToLiveTest() throws InterruptedException {
-		Object lock = new Object();
-
 		S sessionToSave = this.repository.createSession();
-
+		sessionToSave.setMaxInactiveInterval(Duration.ofSeconds(3));
 		this.repository.save(sessionToSave);
 
-		synchronized (lock) {
-			lock.wait(sessionToSave.getMaxInactiveInterval().minusMillis(500).toMillis());
-		}
+		Thread.sleep(2000);
 
 		// Get and save the session like SessionRepositoryFilter would.
 		S sessionToUpdate = this.repository.findById(sessionToSave.getId());
 		sessionToUpdate.setLastAccessedTime(Instant.now());
 		this.repository.save(sessionToUpdate);
 
-		synchronized (lock) {
-			lock.wait(sessionToUpdate.getMaxInactiveInterval().minusMillis(100).toMillis());
-		}
+		Thread.sleep(2000);
 
 		assertThat(this.repository.findById(sessionToUpdate.getId())).isNotNull();
 	}
@@ -187,6 +181,28 @@ public class EnableHazelcastHttpSessionEventsTests<S extends Session> {
 		assertThat(this.registry.receivedEvent(sessionToSave.getId())).isFalse();
 	}
 
+	@Test // gh-1300
+	public void updateMaxInactiveIntervalTest() throws InterruptedException {
+		S sessionToSave = this.repository.createSession();
+		sessionToSave.setMaxInactiveInterval(Duration.ofMinutes(30));
+		this.repository.save(sessionToSave);
+
+		assertThat(this.registry.receivedEvent(sessionToSave.getId())).isTrue();
+		assertThat(this.registry.<SessionCreatedEvent>getEvent(sessionToSave.getId()))
+				.isInstanceOf(SessionCreatedEvent.class);
+		this.registry.clear();
+
+		S sessionToUpdate = this.repository.findById(sessionToSave.getId());
+		sessionToUpdate.setLastAccessedTime(Instant.now());
+		sessionToUpdate.setMaxInactiveInterval(Duration.ofSeconds(1));
+		this.repository.save(sessionToUpdate);
+
+		assertThat(this.registry.receivedEvent(sessionToUpdate.getId())).isTrue();
+		assertThat(this.registry.<SessionExpiredEvent>getEvent(sessionToUpdate.getId()))
+				.isInstanceOf(SessionExpiredEvent.class);
+		assertThat(this.repository.findById(sessionToUpdate.getId())).isNull();
+	}
+
 	@Configuration
 	@EnableHazelcastHttpSession(maxInactiveIntervalInSeconds = MAX_INACTIVE_INTERVAL_IN_SECONDS)
 	static class HazelcastSessionConfig {
@@ -200,6 +216,7 @@ public class EnableHazelcastHttpSessionEventsTests<S extends Session> {
 		public SessionEventRegistry sessionEventRegistry() {
 			return new SessionEventRegistry();
 		}
+
 	}
 
 }

spring-session-hazelcast/src/integration-test/resources/hazelcast-server.xml

@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <hazelcast xmlns="http://www.hazelcast.com/schema/config"
 		xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-		xsi:schemaLocation="http://www.hazelcast.com/schema/config https://www.hazelcast.com/schema/config/hazelcast-config-3.9.xsd">
+		xsi:schemaLocation="http://www.hazelcast.com/schema/config https://www.hazelcast.com/schema/config/hazelcast-config-3.11.xsd">
 
 	<user-code-deployment enabled="true">
 		<class-cache-mode>ETERNAL</class-cache-mode>

spring-session-hazelcast/src/integration-test/resources/org/springframework/session/hazelcast/config/annotation/web/http/hazelcast-custom-idle-time-map-name.xml

@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <hazelcast xmlns="http://www.hazelcast.com/schema/config"
 		xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-		xsi:schemaLocation="http://www.hazelcast.com/schema/config https://www.hazelcast.com/schema/config/hazelcast-config-3.9.xsd">
+		xsi:schemaLocation="http://www.hazelcast.com/schema/config https://www.hazelcast.com/schema/config/hazelcast-config-3.11.xsd">
 
 	<group>
 		<name>spring-session-it-test-idle-time-map-name</name>

spring-session-hazelcast/src/integration-test/resources/org/springframework/session/hazelcast/config/annotation/web/http/hazelcast-custom-map-name.xml

@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <hazelcast xmlns="http://www.hazelcast.com/schema/config"
 		xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-		xsi:schemaLocation="http://www.hazelcast.com/schema/config https://www.hazelcast.com/schema/config/hazelcast-config-3.9.xsd">
+		xsi:schemaLocation="http://www.hazelcast.com/schema/config https://www.hazelcast.com/schema/config/hazelcast-config-3.11.xsd">
 
 	<group>
 		<name>spring-session-it-test-map-name</name>

spring-session-hazelcast/src/integration-test/resources/testcontainers.properties

@@ -0,0 +1 @@
+ryuk.container.timeout=120

spring-session-hazelcast/src/main/java/org/springframework/session/hazelcast/HazelcastSessionRepository.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2018 the original author or authors.
+ * Copyright 2014-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -48,6 +48,7 @@ import org.springframework.session.events.SessionCreatedEvent;
 import org.springframework.session.events.SessionDeletedEvent;
 import org.springframework.session.events.SessionExpiredEvent;
 import org.springframework.util.Assert;
+import org.springframework.util.ClassUtils;
 
 /**
  * A {@link org.springframework.session.SessionRepository} implementation that stores
@@ -120,6 +121,9 @@ public class HazelcastSessionRepository implements
 	 */
 	public static final String PRINCIPAL_NAME_ATTRIBUTE = "principalName";
 
+	private static final boolean SUPPORTS_SET_TTL = ClassUtils
+			.hasAtLeastOneMethodWithName(IMap.class, "setTtl");
+
 	private static final Log logger = LogFactory.getLog(HazelcastSessionRepository.class);
 
 	private final HazelcastInstance hazelcastInstance;
@@ -238,6 +242,9 @@ public class HazelcastSessionRepository implements
 				entryProcessor.setLastAccessedTime(session.getLastAccessedTime());
 			}
 			if (session.maxInactiveIntervalChanged) {
+				if (SUPPORTS_SET_TTL) {
+					updateTtl(session);
+				}
 				entryProcessor.setMaxInactiveInterval(session.getMaxInactiveInterval());
 			}
 			if (!session.delta.isEmpty()) {
@@ -248,6 +255,11 @@ public class HazelcastSessionRepository implements
 		session.clearChangeFlags();
 	}
 
+	private void updateTtl(HazelcastSession session) {
+		this.sessions.setTtl(session.getId(),
+				session.getMaxInactiveInterval().getSeconds(), TimeUnit.SECONDS);
+	}
+
 	@Override
 	public HazelcastSession findById(String id) {
 		MapSession saved = this.sessions.get(id);

spring-session-hazelcast/src/main/java/org/springframework/session/hazelcast/SessionUpdateEntryProcessor.java

@@ -20,6 +20,7 @@ import java.time.Duration;
 import java.time.Instant;
 import java.util.Map;
 
+import com.hazelcast.core.Offloadable;
 import com.hazelcast.map.AbstractEntryProcessor;
 import com.hazelcast.map.EntryProcessor;
 
@@ -33,7 +34,7 @@ import org.springframework.session.MapSession;
  * @see HazelcastSessionRepository#save(HazelcastSessionRepository.HazelcastSession)
  */
 public class SessionUpdateEntryProcessor
-		extends AbstractEntryProcessor<String, MapSession> {
+		extends AbstractEntryProcessor<String, MapSession> implements Offloadable {
 
 	private Instant lastAccessedTime;
 
@@ -67,6 +68,11 @@ public class SessionUpdateEntryProcessor
 		return Boolean.TRUE;
 	}
 
+	@Override
+	public String getExecutorName() {
+		return OFFLOADABLE_EXECUTOR;
+	}
+
 	void setLastAccessedTime(Instant lastAccessedTime) {
 		this.lastAccessedTime = lastAccessedTime;
 	}

spring-session-hazelcast/src/test/java/org/springframework/session/hazelcast/HazelcastSessionRepositoryTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2018 the original author or authors.
+ * Copyright 2014-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -39,9 +39,10 @@ import org.springframework.session.MapSession;
 import org.springframework.session.hazelcast.HazelcastSessionRepository.HazelcastSession;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyBoolean;
+import static org.mockito.ArgumentMatchers.anyLong;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.ArgumentMatchers.isA;
@@ -78,9 +79,9 @@ public class HazelcastSessionRepositoryTests {
 
 	@Test
 	public void constructorNullHazelcastInstance() {
-		assertThatThrownBy(() -> new HazelcastSessionRepository(null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("HazelcastInstance must not be null");
+		assertThatExceptionOfType(IllegalArgumentException.class)
+				.isThrownBy(() -> new HazelcastSessionRepository(null))
+				.withMessage("HazelcastInstance must not be null");
 	}
 
 	@Test
@@ -259,10 +260,12 @@ public class HazelcastSessionRepositoryTests {
 		this.repository.setHazelcastFlushMode(HazelcastFlushMode.IMMEDIATE);
 
 		HazelcastSession session = this.repository.createSession();
+		String sessionId = session.getId();
 		session.setMaxInactiveInterval(Duration.ofSeconds(1));
-		verify(this.sessions, times(1)).set(eq(session.getId()),
+		verify(this.sessions, times(1)).set(eq(sessionId),
 				eq(session.getDelegate()), isA(Long.class), eq(TimeUnit.SECONDS));
-		verify(this.sessions, times(1)).executeOnKey(eq(session.getId()),
+		verify(this.sessions).setTtl(eq(sessionId), anyLong(), any());
+		verify(this.sessions, times(1)).executeOnKey(eq(sessionId),
 				any(EntryProcessor.class));
 
 		this.repository.save(session);

spring-session-hazelcast/src/test/java/org/springframework/session/hazelcast/config/annotation/web/http/HazelcastHttpSessionConfigurationTests.java

@@ -32,7 +32,7 @@ import org.springframework.session.hazelcast.config.annotation.SpringSessionHaze
 import org.springframework.test.util.ReflectionTestUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -62,10 +62,10 @@ public class HazelcastHttpSessionConfigurationTests {
 
 	@Test
 	public void noHazelcastInstanceConfiguration() {
-		assertThatThrownBy(
-				() -> registerAndRefresh(NoHazelcastInstanceConfiguration.class))
-						.isInstanceOf(BeanCreationException.class)
-						.hasMessageContaining("HazelcastInstance");
+		assertThatExceptionOfType(BeanCreationException.class)
+				.isThrownBy(
+						() -> registerAndRefresh(NoHazelcastInstanceConfiguration.class))
+				.withMessageContaining("HazelcastInstance");
 	}
 
 	@Test
@@ -206,10 +206,9 @@ public class HazelcastHttpSessionConfigurationTests {
 
 	@Test
 	public void multipleHazelcastInstanceConfiguration() {
-		assertThatThrownBy(
+		assertThatExceptionOfType(BeanCreationException.class).isThrownBy(
 				() -> registerAndRefresh(MultipleHazelcastInstanceConfiguration.class))
-						.isInstanceOf(BeanCreationException.class)
-						.hasMessageContaining("expected single matching bean but found 2");
+				.withMessageContaining("expected single matching bean but found 2");
 	}
 
 	private void registerAndRefresh(Class<?>... annotatedClasses) {

spring-session-jdbc/spring-session-jdbc.gradle

@@ -13,6 +13,7 @@ dependencies {
 
 	integrationTestCompile "com.h2database:h2"
 	integrationTestCompile "com.microsoft.sqlserver:mssql-jdbc"
+	integrationTestCompile "com.zaxxer:HikariCP"
 	integrationTestCompile "mysql:mysql-connector-java"
 	integrationTestCompile "org.apache.derby:derby"
 	integrationTestCompile "org.hsqldb:hsqldb"
@@ -21,5 +22,6 @@ dependencies {
 	integrationTestCompile "org.testcontainers:mariadb"
 	integrationTestCompile "org.testcontainers:mssqlserver"
 	integrationTestCompile "org.testcontainers:mysql"
+	integrationTestCompile "org.testcontainers:oracle-xe"
 	integrationTestCompile "org.testcontainers:postgresql"
 }