URL Cleanup (#1385 )

This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener). # Fixed URLs ## Fixed But Review Recommended These URLs were fixed, but the https status was not OK. However, the https status was the same as the http request or http redirected to an https URL, so they were migrated. Your review is recommended. * [ ] http://www.puppycrawl.com/dtds/configuration_1_3.dtd (404) with 1 occurrences migrated to: https://www.puppycrawl.com/dtds/configuration_1_3.dtd ([https](https://www.puppycrawl.com/dtds/configuration_1_3.dtd) result 404). * [ ] http://www.puppycrawl.com/dtds/suppressions_1_1.dtd (404) with 1 occurrences migrated to: https://www.puppycrawl.com/dtds/suppressions_1_1.dtd ([https](https://www.puppycrawl.com/dtds/suppressions_1_1.dtd) result 404). ## Fixed Success These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended. * [ ] http://www.springframework.org/schema/beans/spring-beans.xsd with 13 occurrences migrated to: https://www.springframework.org/schema/beans/spring-beans.xsd ([https](https://www.springframework.org/schema/beans/spring-beans.xsd) result 200). * [ ] http://www.springframework.org/schema/context/spring-context.xsd with 10 occurrences migrated to: https://www.springframework.org/schema/context/spring-context.xsd ([https](https://www.springframework.org/schema/context/spring-context.xsd) result 200). * [ ] http://www.springframework.org/schema/gemfire/spring-gemfire.xsd with 4 occurrences migrated to: https://www.springframework.org/schema/gemfire/spring-gemfire.xsd ([https](https://www.springframework.org/schema/gemfire/spring-gemfire.xsd) result 200). * [ ] http://www.springframework.org/schema/jdbc/spring-jdbc.xsd with 1 occurrences migrated to: https://www.springframework.org/schema/jdbc/spring-jdbc.xsd ([https](https://www.springframework.org/schema/jdbc/spring-jdbc.xsd) result 200). * [ ] http://www.springframework.org/schema/security/spring-security.xsd with 2 occurrences migrated to: https://www.springframework.org/schema/security/spring-security.xsd ([https](https://www.springframework.org/schema/security/spring-security.xsd) result 200). * [ ] http://www.springframework.org/schema/util/spring-util-4.1.xsd with 2 occurrences migrated to: https://www.springframework.org/schema/util/spring-util-4.1.xsd ([https](https://www.springframework.org/schema/util/spring-util-4.1.xsd) result 200). * [ ] http://www.springframework.org/schema/util/spring-util.xsd with 4 occurrences migrated to: https://www.springframework.org/schema/util/spring-util.xsd ([https](https://www.springframework.org/schema/util/spring-util.xsd) result 200). * [ ] http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd with 4 occurrences migrated to: https://java.sun.com/xml/ns/javaee/web-app_3_0.xsd ([https](https://java.sun.com/xml/ns/javaee/web-app_3_0.xsd) result 302). # Ignored These URLs were intentionally ignored. * http://java.sun.com/xml/ns/javaee with 8 occurrences * http://www.hazelcast.com/schema/config with 4 occurrences * http://www.springframework.org/schema/beans with 26 occurrences * http://www.springframework.org/schema/context with 20 occurrences * http://www.springframework.org/schema/gemfire with 8 occurrences * http://www.springframework.org/schema/jdbc with 2 occurrences * http://www.springframework.org/schema/p with 8 occurrences * http://www.springframework.org/schema/security with 4 occurrences * http://www.springframework.org/schema/util with 12 occurrences * http://www.w3.org/2001/XMLSchema-instance with 19 occurrences
URL Cleanup (#1391 )
2019-04-01 10:24:10 -05:00 · 2019-04-01 10:22:19 -05:00 · 2019-03-14 20:38:38 -05:00 · 2019-03-05 08:30:08 -06:00 · 2017-06-23 12:22:04 +02:00 · 2017-06-23 12:22:04 +02:00
606 changed files with 35030 additions and 14376 deletions
--- a/.editorconfig
+++ b/.editorconfig
@@ -1,19 +0,0 @@
-root = true
-
-[*]
-end_of_line = lf
-trim_trailing_whitespace = true
-insert_final_newline = true
-max_line_length = 120
-
-[*.java]
-indent_style = tab
-indent_size = 4
-charset = latin1
-continuation_indent_size = 8
-
-[*.xml]
-indent_style = tab
-indent_size = 4
-charset = latin1
-continuation_indent_size = 8
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -1,7 +1,3 @@
-<!--
-For Security Vulnerabilities, please use https://pivotal.io/security#reporting
-->
-
 <!--
 Thanks for raising a Spring Session issue. Please provide a brief description of your problem along with the version of Spring Session that you are using. If possible, please also consider putting together a sample application that reproduces the issue.
 -->
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -1,7 +1,3 @@
-<!--
-For Security Vulnerabilities, please use https://pivotal.io/security#reporting
-->
-
 <!--
 Thanks for contributing to Spring Session. Please provide a brief description of your pull-request and reference any related issue numbers (prefix references with #).
 -->
--- a/.gitignore
+++ b/.gitignore
@@ -10,6 +10,5 @@ target
 out
 .springBeans
 *.rdb
+!eclipse/.checkstyle
 .checkstyle
-!etc/eclipse/.checkstyle
-!**/src/**/build
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,20 +1,19 @@
 language: java

-sudo: required
+services:
+  - redis-server

-services: docker
+jdk:
+  - oraclejdk8

-jdk: oraclejdk8
+os:
+  - linux

 before_cache:
  - rm -f $HOME/.gradle/caches/modules-2/modules-2.lock
-  - rm -fr $HOME/.gradle/caches/*/plugin-resolution/
-
 cache:
  directories:
    - $HOME/.gradle/caches/
    - $HOME/.gradle/wrapper/

-install: true
-
-script: ./gradlew clean build --refresh-dependencies --no-daemon
+script: ./gradlew build
--- a/CODE_OF_CONDUCT.adoc
+++ b/CODE_OF_CONDUCT.adoc
@@ -40,5 +40,5 @@ appropriate to the circumstances. Maintainers are obligated to maintain confiden
 with regard to the reporter of an incident.

 This Code of Conduct is adapted from the
-http://contributor-covenant.org[Contributor Covenant], version 1.3.0, available at
-http://contributor-covenant.org/version/1/3/0/[contributor-covenant.org/version/1/3/0/]
+https://contributor-covenant.org[Contributor Covenant], version 1.3.0, available at
+https://contributor-covenant.org/version/1/3/0/[contributor-covenant.org/version/1/3/0/]
--- a/CONTRIBUTING.adoc
+++ b/CONTRIBUTING.adoc
@@ -10,8 +10,8 @@ By participating, you  are expected to uphold this code. Please report unaccepta
 == Using GitHub issues

 We use GitHub issues to track bugs and enhancements. If you have a general usage question
-please ask on http://stackoverflow.com[Stack Overflow]. The Spring Session team and the
-broader community monitor the http://stackoverflow.com/tags/spring-session[`spring-session`]
+please ask on https://stackoverflow.com[Stack Overflow]. The Spring Session team and the
+broader community monitor the https://stackoverflow.com/tags/spring-session[`spring-session`]
 tag.

 If you are reporting a bug, please help to speed up problem diagnosis by providing as much
--- a/79
+++ b/79
@@ -1,79 +0,0 @@
-def projectProperties = [
-	[$class: 'BuildDiscarderProperty',
-		strategy: [$class: 'LogRotator', numToKeepStr: '5']],
-	pipelineTriggers([cron('@daily')])
-]
-properties(projectProperties)
-
-def SUCCESS = hudson.model.Result.SUCCESS.toString()
-currentBuild.result = SUCCESS
-
-try {
-	parallel check: {
-		stage('Check') {
-			node {
-				checkout scm
-				try {
-					sh "./gradlew clean check  --refresh-dependencies --no-daemon"
-				} catch(Exception e) {
-					currentBuild.result = 'FAILED: check'
-					throw e
-				} finally {
-					junit '**/build/*-results/*.xml'
-				}
-			}
-		}
-	}
-
-	if(currentBuild.result == 'SUCCESS') {
-		parallel artifacts: {
-			stage('Deploy Artifacts') {
-				node {
-					checkout scm
-					withCredentials([file(credentialsId: 'spring-signing-secring.gpg', variable: 'SIGNING_KEYRING_FILE')]) {
-						withCredentials([string(credentialsId: 'spring-gpg-passphrase', variable: 'SIGNING_PASSWORD')]) {
-							withCredentials([usernamePassword(credentialsId: 'oss-token', passwordVariable: 'OSSRH_PASSWORD', usernameVariable: 'OSSRH_USERNAME')]) {
-								withCredentials([usernamePassword(credentialsId: '02bd1690-b54f-4c9f-819d-a77cb7a9822c', usernameVariable: 'ARTIFACTORY_USERNAME', passwordVariable: 'ARTIFACTORY_PASSWORD')]) {
-									sh "./gradlew deployArtifacts finalizeDeployArtifacts -Psigning.secretKeyRingFile=$SIGNING_KEYRING_FILE -Psigning.keyId=$SPRING_SIGNING_KEYID -Psigning.password='$SIGNING_PASSWORD' -PossrhUsername=$OSSRH_USERNAME -PossrhPassword=$OSSRH_PASSWORD -PartifactoryUsername=$ARTIFACTORY_USERNAME -PartifactoryPassword=$ARTIFACTORY_PASSWORD --refresh-dependencies --no-daemon --stacktrace"
-								}
-							}
-						}
-					}
-				}
-			}
-		},
-		docs: {
-			stage('Deploy Docs') {
-				node {
-					checkout scm
-					withCredentials([file(credentialsId: 'docs.spring.io-jenkins_private_ssh_key', variable: 'DEPLOY_SSH_KEY')]) {
-						sh "./gradlew deployDocs -PdeployDocsSshKeyPath=$DEPLOY_SSH_KEY -PdeployDocsSshUsername=$SPRING_DOCS_USERNAME --refresh-dependencies --no-daemon --stacktrace"
-					}
-				}
-			}
-		}
-	}
-} finally {
-	def buildStatus = currentBuild.result
-	def buildNotSuccess =  !SUCCESS.equals(buildStatus)
-	def lastBuildNotSuccess = !SUCCESS.equals(currentBuild.previousBuild?.result)
-
-	if(buildNotSuccess || lastBuildNotSuccess) {
-
-		stage('Notifiy') {
-			node {
-				final def RECIPIENTS = [[$class: 'DevelopersRecipientProvider'], [$class: 'RequesterRecipientProvider']]
-
-				def subject = "${buildStatus}: Build ${env.JOB_NAME} ${env.BUILD_NUMBER} status is now ${buildStatus}"
-				def details = """The build status changed to ${buildStatus}. For details see ${env.BUILD_URL}"""
-
-				emailext (
-					subject: subject,
-					body: details,
-					recipientProviders: RECIPIENTS,
-					to: "$SPRING_SESSION_TEAM_EMAILS"
-				)
-			}
-		}
-	}
-}
--- a/LICENSE.txt
+++ b/LICENSE.txt
@@ -1,202 +0,0 @@
-
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
--- a/README.adoc
+++ b/README.adoc
@@ -1,32 +1,26 @@
+image:https://badges.gitter.im/spring-projects/spring-session.svg[link="https://gitter.im/spring-projects/spring-session?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge"]
+
+image:https://travis-ci.org/spring-projects/spring-session.svg?branch=master["Build Status", link="https://travis-ci.org/spring-projects/spring-session"]
+
 = Spring Session
+Rob Winch

-image:https://travis-ci.org/spring-projects/spring-session.svg?branch=master["Build Status", link="https://travis-ci.org/spring-projects/spring-session"] image:https://badges.gitter.im/spring-projects/spring-session.svg[link="https://gitter.im/spring-projects/spring-session?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge"]
+Spring Session aims to provide a common infrastructure for managing sessions. This provides many benefits including:

-Spring Session provides an API and implementations for managing a user's session information, while also making it trivial to support clustered sessions without being tied to an application container specific solution.
-It also provides transparent integration with:
-
-* `HttpSession` - allows replacing the `HttpSession` in an application container (i.e. Tomcat) neutral way, with support for providing session IDs in headers to work with RESTful APIs.
-* `WebSocket` - provides the ability to keep the `HttpSession` alive when receiving WebSocket messages
-* `WebSession` - allows replacing the Spring WebFlux's `WebSession` in an application container neutral way.
-
-== Modules
-
-Spring Session consists of the following modules:
-
-* Spring Session Core - provides core Spring Session functionalities and APIs
-* Spring Session Data Redis - provides `SessionRepository` and `ReactiveSessionRepository` implementation backed by Redis and configuration support
-* Spring Session JDBC - provides `SessionRepository` implementation backed by a relational database and configuration support
-* Spring Session Hazelcast - provides `SessionRepository` implementation backed by Hazelcast and configuration support
+* Accessing a session from any environment (i.e. web, messaging infrastructure, etc)
+* In a web environment
+** Support for clustering in a vendor neutral way
+** Pluggable strategy for determining the session id
+** Easily keep the HttpSession alive when a WebSocket is active

 == Code of Conduct
-
 This project adheres to the Contributor Covenant link:CODE_OF_CONDUCT.adoc[code of conduct].
 By participating, you  are expected to uphold this code. Please report unacceptable behavior to spring-code-of-conduct@pivotal.io.

-== Spring Session Project Site
+= Spring Session Project Site

-You can find the documentation, issue management, support, samples, and guides for using Spring Session at http://projects.spring.io/spring-session/
+You can find the documentation, issue management, support, samples, and guides for using Spring Session at https://projects.spring.io/spring-session/

-== License
+= License

-Spring Session is Open Source software released under the http://www.apache.org/licenses/LICENSE-2.0.html[Apache 2.0 license].
+Spring Session is Open Source software released under the https://www.apache.org/licenses/LICENSE-2.0.html[Apache 2.0 license].
--- a/build.gradle
+++ b/build.gradle
@@ -1,20 +1,76 @@
 buildscript {
-	dependencies {
-		classpath 'io.spring.gradle:spring-build-conventions:0.0.17.RELEASE'
-		classpath "org.springframework.boot:spring-boot-gradle-plugin:$springBootVersion"
-	}
 	repositories {
-		maven { url 'https://repo.spring.io/plugins-release' }
+		maven { url "https://repo.spring.io/plugins-release" }
+		maven { url "https://repo.spring.io/milestone" }
+	}
+	dependencies {
+		classpath 'io.spring.gradle:dependency-management-plugin:1.0.3.RELEASE'
+		classpath("com.bmuschko:gradle-tomcat-plugin:2.2.5")
+		classpath("org.springframework.build.gradle:propdeps-plugin:0.0.7")
+		classpath("io.spring.gradle:spring-io-plugin:0.0.6.RELEASE")
+		classpath('me.champeau.gradle:gradle-javadoc-hotfix-plugin:0.1')
+		classpath 'org.asciidoctor:asciidoctor-gradle-plugin:1.5.2'
+		classpath 'com.github.ben-manes:gradle-versions-plugin:0.12.0'
 	}
 }
-apply plugin: 'io.spring.convention.root'
+
+plugins {
+	id "org.sonarqube" version "2.1"
+}

 group = 'org.springframework.session'
-description = 'Spring Session'

+ext.springBootVersion = '1.5.4.RELEASE'
+ext.IDE_GRADLE = "$rootDir/gradle/ide.gradle"
+ext.JAVA_GRADLE = "$rootDir/gradle/java.gradle"
+ext.MAVEN_GRADLE = "$rootDir/gradle/publish-maven.gradle"
+ext.BOM_GRADLE = "$rootDir/gradle/bom.gradle"
+ext.SAMPLE_GRADLE = "$rootDir/gradle/sample.gradle"
+ext.TOMCAT_GRADLE = "$rootDir/gradle/tomcat.gradle"
+ext.TOMCAT_6_GRADLE = "$rootDir/gradle/tomcat6.gradle"
+ext.TOMCAT_7_GRADLE = "$rootDir/gradle/tomcat7.gradle"

 ext.releaseBuild = version.endsWith('RELEASE')
 ext.snapshotBuild = version.endsWith('SNAPSHOT')
 ext.milestoneBuild = !(releaseBuild || snapshotBuild)

+apply plugin: 'base'

+
+sonarqube {
+	properties {
+		property "sonar.java.coveragePlugin", "jacoco"
+		property "sonar.projectName", "Spring Session"
+		property "sonar.jacoco.reportPath", "${buildDir.name}/jacoco.exec"
+		property "sonar.links.homepage", 'https://github.com/spring-projects/spring-session'
+		property "sonar.links.ci", 'https://build.spring.io/browse/SESSION'
+		property "sonar.links.issue", 'https://github.com/spring-projects/spring-session/issues'
+		property "sonar.links.scm", 'https://github.com/spring-projects/spring-session'
+		property "sonar.links.scm_dev", 'https://github.com/spring-projects/spring-session.git'
+		property "sonar.java.coveragePlugin", "jacoco"
+	}
+}
+
+task configDocsZip(dependsOn: [':docs:asciidoctor',':spring-session:javadoc']) {
+	doLast {
+		project.tasks.docsZip.from(project(':docs').asciidoctor) {
+			into('reference')
+		}
+		project.tasks.docsZip.from(project(':spring-session').javadoc) {
+			into('api')
+		}
+	}
+}
+
+
+task docsZip(type: Zip, dependsOn: 'configDocsZip') {
+	group = "Distribution"
+	baseName = "spring-session"
+	classifier = "docs"
+	description = "Builds -${classifier} archive containing api and reference " +
+			"for deployment."
+}
+
+artifacts {
+	archives docsZip
+}
--- a/config/checkstyle/checkstyle.xml
+++ b/config/checkstyle/checkstyle.xml
@@ -0,0 +1,166 @@
+<?xml version="1.0"?>
+<!DOCTYPE module PUBLIC "-//Puppy Crawl//DTD Check Configuration 1.3//EN"
+		"https://www.puppycrawl.com/dtds/configuration_1_3.dtd">
+<module name="Checker">
+	<!-- Suppressions -->
+	<module name="SuppressionFilter">
+		<property name="file" value="${configDir}/suppressions.xml"/>
+	</module>
+
+	<!-- Root Checks -->
+	<module name="RegexpHeader">
+		<property name="headerFile" value="${configDir}/header.txt"/>
+		<property name="fileExtensions" value="java"/>
+	</module>
+	<module name="NewlineAtEndOfFile">
+		<property name="lineSeparator" value="lf"/>
+		<property name="fileExtensions" value="java,xml"/>
+	</module>
+
+	<!-- TreeWalker Checks -->
+	<module name="TreeWalker">
+		<!-- Annotations -->
+		<module name="AnnotationUseStyle">
+			<property name="elementStyle" value="compact"/>
+		</module>
+		<module name="MissingOverride"/>
+		<module name="PackageAnnotation"/>
+		<module name="AnnotationLocation">
+			<property name="allowSamelineSingleParameterlessAnnotation" value="false" />
+		</module>
+
+		<!-- Block Checks -->
+		<module name="EmptyBlock">
+			<property name="option" value="text"/>
+		</module>
+		<module name="LeftCurly"/>
+		<module name="RightCurly">
+			<property name="option" value="alone"/>
+		</module>
+		<module name="NeedBraces"/>
+		<module name="AvoidNestedBlocks"/>
+
+		<!-- Class Design -->
+		<module name="FinalClass"/>
+		<module name="InterfaceIsType"/>
+		<module name="HideUtilityClassConstructor"/>
+		<module name="MutableException"/>
+		<module name="InnerTypeLast"/>
+		<module name="OneTopLevelClass"/>
+
+		<!-- Coding -->
+		<module name="CovariantEquals"/>
+		<module name="EmptyStatement"/>
+		<module name="EqualsHashCode"/>
+		<module name="InnerAssignment"/>
+		<module name="SimplifyBooleanExpression"/>
+		<module name="SimplifyBooleanReturn"/>
+		<module name="StringLiteralEquality"/>
+		<module name="NestedForDepth">
+			<property name="max" value="3"/>
+		</module>
+		<module name="NestedIfDepth">
+			<property name="max" value="3"/>
+		</module>
+		<module name="NestedTryDepth">
+			<property name="max" value="3"/>
+		</module>
+		<module name="MultipleVariableDeclarations"/>
+		<module name="RequireThis">
+			<property name="checkMethods" value="false"/>
+		</module>
+		<module name="OneStatementPerLine"/>
+
+		<!-- Imports -->
+		<module name="AvoidStarImport"/>
+		<module name="AvoidStaticImport">
+			<property name="excludes"
+					value="org.assertj.core.api.Assertions.*, org.mockito.Mockito.*, org.mockito.BDDMockito.*, org.mockito.AdditionalMatchers.*, org.mockito.Matchers.*, org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*, org.springframework.test.web.servlet.result.MockMvcResultHandlers.*, org.springframework.test.web.servlet.result.MockMvcResultMatchers.*, org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.*, org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.*, org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.*, org.springframework.hateoas.mvc.ControllerLinkBuilder.linkTo"/>
+		</module>
+		<module name="IllegalImport"/>
+		<module name="RedundantImport"/>
+		<module name="UnusedImports">
+			<property name="processJavadoc" value="true"/>
+		</module>
+		<module name="ImportOrder">
+			<property name="groups" value="java,/^javax?\./,*,org.springframework"/>
+			<property name="ordered" value="true"/>
+			<property name="separated" value="true"/>
+			<property name="option" value="bottom"/>
+			<property name="sortStaticImportsAlphabetically" value="true"/>
+		</module>
+
+		<!-- Javadoc Comments -->
+		<module name="JavadocType">
+			<property name="scope" value="package"/>
+			<property name="authorFormat" value=".+\s.+"/>
+		</module>
+		<module name="JavadocMethod">
+			<property name="allowMissingJavadoc" value="true"/>
+		</module>
+		<module name="JavadocVariable">
+			<property name="scope" value="public"/>
+		</module>
+		<module name="JavadocStyle">
+			<property name="checkEmptyJavadoc" value="true"/>
+		</module>
+		<module name="NonEmptyAtclauseDescription"/>
+		<module name="JavadocTagContinuationIndentation">
+			<property name="offset" value="0"/>
+		</module>
+		<module name="AtclauseOrder">
+			<property name="target" value="CLASS_DEF, INTERFACE_DEF, ENUM_DEF"/>
+			<property name="tagOrder" value="@param, @author, @since, @see, @version, @serial, @deprecated"/>
+		</module>
+		<module name="AtclauseOrder">
+			<property name="target" value="METHOD_DEF, CTOR_DEF, VARIABLE_DEF"/>
+			<property name="tagOrder" value="@param, @return, @throws, @since, @deprecated, @see"/>
+		</module>
+
+		<!-- Miscellaneous -->
+		<module name="CommentsIndentation"/>
+		<module name="UpperEll"/>
+		<module name="ArrayTypeStyle"/>
+		<module name="OuterTypeFilename"/>
+
+		<!-- Modifiers -->
+		<module name="RedundantModifier"/>
+
+		<!-- Regexp -->
+		<module name="RegexpSinglelineJava">
+			<property name="format" value="^\t* +\t*\S"/>
+			<property name="message" value="Line has leading space characters; indentation should be performed with tabs only."/>
+			<property name="ignoreComments" value="true"/>
+		</module>
+		<module name="RegexpSinglelineJava">
+			<property name="maximum" value="0"/>
+			<property name="format" value="org\.mockito\.Mockito\.(when|doThrow|doAnswer)"/>
+			<property name="message"
+				value="Please use BDDMockto imports."/>
+			<property name="ignoreComments" value="true"/>
+		</module>
+		<module name="RegexpSinglelineJava">
+			<property name="maximum" value="0"/>
+			<property name="format" value="org\.junit\.Assert\.assert"/>
+			<property name="message" value="Please use AssertJ imports."/>
+			<property name="ignoreComments" value="true"/>
+		</module>
+		<module name="Regexp">
+			<property name="format" value="[ \t]+$"/>
+			<property name="illegalPattern" value="true"/>
+			<property name="message" value="Trailing whitespace"/>
+		</module>
+
+		<!-- Whitespace -->
+		<module name="GenericWhitespace"/>
+		<module name="MethodParamPad"/>
+		<module name="NoWhitespaceAfter">
+			<property name="tokens" value="BNOT, DEC, DOT, INC, LNOT, UNARY_MINUS, UNARY_PLUS, ARRAY_DECLARATOR"/>
+		</module>
+		<module name="NoWhitespaceBefore"/>
+		<module name="ParenPad"/>
+		<module name="TypecastParenPad"/>
+		<module name="WhitespaceAfter"/>
+		<module name="WhitespaceAround"/>
+	</module>
+</module>
--- a/config/checkstyle/header.txt
+++ b/config/checkstyle/header.txt
@@ -5,7 +5,7 @@
 ^\Q * you may not use this file except in compliance with the License.\E$
 ^\Q * You may obtain a copy of the License at\E$
 ^\Q *\E$
-^\Q *      http://www.apache.org/licenses/LICENSE-2.0\E$
+^\Q *      https://www.apache.org/licenses/LICENSE-2.0\E$
 ^\Q *\E$
 ^\Q * Unless required by applicable law or agreed to in writing, software\E$
 ^\Q * distributed under the License is distributed on an "AS IS" BASIS,\E$
--- a/config/checkstyle/suppressions.xml
+++ b/config/checkstyle/suppressions.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0"?>
+<!DOCTYPE suppressions PUBLIC "-//Puppy Crawl//DTD Suppressions 1.1//EN"
+		"https://www.puppycrawl.com/dtds/suppressions_1_1.dtd">
+<suppressions>
+	<suppress files=".+Application\.java" checks="HideUtilityClassConstructor"/>
+	<suppress files=".+Configuration\.java" checks="HideUtilityClassConstructor"/>
+
+	<suppress files="[\\/]src[\\/]test[\\/]java[\\/]" checks="Javadoc"/>
+	<suppress files="[\\/]src[\\/]integration-test[\\/]java[\\/]" checks="Javadoc"/>
+
+	<suppress files="[\\/]docs[\\/]" checks="Javadoc"/>
+	<suppress files="[\\/]docs[\\/]" checks="CommentsIndentation"/>
+	<suppress files="[\\/]docs[\\/]" checks="InnerTypeLast"/>
+
+	<suppress files="[\\/]samples[\\/]" checks="Javadoc"/>
+	<suppress files="[\\/]samples[\\/]" checks="CommentsIndentation"/>
+	<suppress files="[\\/]samples[\\/]" checks="InnerTypeLast"/>
+</suppressions>
--- a/docs/build.gradle
+++ b/docs/build.gradle
@@ -0,0 +1,80 @@
+buildscript {
+	repositories {
+		jcenter()
+	}
+
+	dependencies {
+		classpath 'org.kordamp.gradle:livereload-gradle-plugin:0.2.1'
+	}
+}
+
+apply plugin: 'org.kordamp.gradle.livereload'
+apply from: JAVA_GRADLE
+apply plugin: 'org.asciidoctor.convert'
+
+liveReload {
+	docRoot asciidoctor.sourceDir.canonicalPath
+}
+
+repositories {
+	maven { url 'http://dist.gemstone.com/maven/release' }
+}
+
+asciidoctorj {
+
+}
+
+tasks.findByPath("artifactoryPublish")?.enabled = false
+
+dependencies {
+		testCompile project(':spring-session'),
+				project(':spring-session-data-mongo'),
+				"org.springframework.data:spring-data-gemfire:$springDataGemFireVersion",
+				"org.springframework.data:spring-data-redis:$springDataRedisVersion",
+				"org.springframework.data:spring-data-gemfire:$springDataGemFireVersion",
+				"org.springframework:spring-webmvc:${springVersion}",
+				"org.springframework:spring-websocket:${springVersion}",
+				"org.springframework:spring-messaging:${springVersion}",
+				"org.springframework:spring-jdbc:${springVersion}",
+				"org.springframework.security:spring-security-config:${springSecurityVersion}",
+				"org.springframework.security:spring-security-web:${springSecurityVersion}",
+				"org.springframework.security:spring-security-test:${springSecurityVersion}",
+				"junit:junit:$junitVersion",
+				"org.mockito:mockito-core:$mockitoVersion",
+				"org.springframework:spring-test:$springVersion",
+				"org.assertj:assertj-core:$assertjVersion",
+				"com.hazelcast:hazelcast:$hazelcastVersion",
+				"biz.paluch.redis:lettuce:$lettuceVersion",
+				"javax.servlet:javax.servlet-api:$servletApiVersion"
+}
+
+asciidoctor {
+	def ghTag = snapshotBuild ? 'master' : project.version
+	def ghUrl = "https://github.com/spring-projects/spring-session/tree/$ghTag"
+	attributes	'version-snapshot': snapshotBuild,
+			'version-milestone': milestoneBuild,
+			'version-release': releaseBuild,
+			'gh-url': ghUrl,
+			'gh-samples-url': "$ghUrl/samples/",
+			'download-url' : "https://github.com/spring-projects/spring-session/archive/${ghTag}.zip",
+			'spring-session-version' : version,
+			'spring-version' : springVersion,
+			'lettuce-version' : lettuceVersion,
+			'hazelcast-version' : hazelcastVersion,
+			'docs-itest-dir' : rootProject.projectDir.path + '/docs/src/integration-test/java/',
+			'docs-test-dir' : rootProject.projectDir.path + '/docs/src/test/java/',
+			'docs-test-resources-dir' : rootProject.projectDir.path + '/docs/src/test/resources/',
+			'samples-dir' : rootProject.projectDir.path + '/samples/',
+			'session-main-resources-dir' : rootProject.projectDir.path + '/spring-session/src/main/resources/',
+
+			'source-highlighter' : 'coderay',
+			'imagesdir':'./images',
+			'icons': 'font',
+			'sectanchors':'',
+			'idprefix':'',
+			'idseparator':'-',
+			'docinfo1':'true',
+			'revnumber' : project.version
+}
+
+eclipse.project.name = 'spring-session-docs'
--- a/docs/spring-session-docs.gradle
+++ b/docs/spring-session-docs.gradle
@@ -1,49 +0,0 @@
-apply plugin: 'io.spring.convention.docs'
-apply plugin: 'io.spring.convention.spring-test'
-
-dependencies {
-	testCompile project(':spring-session-core')
-	testCompile project(':spring-session-data-redis')
-	testCompile project(':spring-session-hazelcast')
-	testCompile project(':spring-session-jdbc')
-	testCompile 'org.springframework:spring-jdbc'
-	testCompile 'org.springframework:spring-messaging'
-	testCompile 'org.springframework:spring-webmvc'
-	testCompile 'org.springframework:spring-websocket'
-	testCompile 'org.springframework.security:spring-security-config'
-	testCompile 'org.springframework.security:spring-security-web'
-	testCompile 'org.springframework.security:spring-security-test'
-	testCompile 'junit:junit'
-	testCompile 'org.mockito:mockito-core'
-	testCompile 'org.springframework:spring-test'
-	testCompile 'org.assertj:assertj-core'
-	testCompile 'com.hazelcast:hazelcast'
-	testCompile 'io.lettuce:lettuce-core'
-	testCompile 'javax.servlet:javax.servlet-api'
-}
-
-def versions = dependencyManagement.managedVersions
-
-asciidoctor {
-	def ghTag = snapshotBuild ? 'master' : project.version
-	def ghUrl = "https://github.com/spring-projects/spring-session/tree/$ghTag"
-
-	attributes 'docs-itest-dir': "$rootProject.projectDir.path/docs/src/integration-test/java/",
-			'docs-test-dir': "$rootProject.projectDir.path/docs/src/test/java/",
-			'docs-test-resources-dir': "$rootProject.projectDir.path/docs/src/test/resources/",
-			'download-url': "https://github.com/spring-projects/spring-session/archive/${ghTag}.zip",
-			'gh-samples-url': "$ghUrl/samples/",
-			'gh-url': ghUrl,
-			'hazelcast-version': versions['com.hazelcast:hazelcast'],
-			'lettuce-version': versions['io.lettuce:lettuce-core'],
-			'samples-dir': "$rootProject.projectDir.path/samples/",
-			'session-jdbc-main-resources-dir': "${project(':spring-session-jdbc').projectDir.path}/src/main/resources/",
-			'spring-boot-version': project.springBootVersion,
-			'spring-data-redis-version': versions['org.springframework.data:spring-data-redis'],
-			'spring-framework-version': versions['org.springframework:spring-core'],
-			'spring-security-version': versions['org.springframework.security:spring-security-core'],
-			'spring-session-version': project.version,
-			'version-milestone': milestoneBuild,
-			'version-release': releaseBuild,
-			'version-snapshot': snapshotBuild
-}
--- a/docs/src/docs/asciidoc/guides/boot-findbyusername.adoc
+++ b/docs/src/docs/asciidoc/guides/boot-findbyusername.adoc
@@ -109,12 +109,11 @@ You can run the sample by obtaining the {download-url}[source code] and invoking
 [NOTE]
 ====
 For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
-Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
-Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
+Alternatively, you can update the `JedisConnectionFactory` to point to a Redis server.
 ====

 ----
-$ ./gradlew :spring-session-sample-boot-findbyusername:bootRun
+$ ./gradlew :samples:findbyusername:tomcatRun
 ----

 You should now be able to access the application at http://localhost:8080/
--- a/docs/src/docs/asciidoc/guides/boot-gemfire.adoc
+++ b/docs/src/docs/asciidoc/guides/boot-gemfire.adoc
@@ -0,0 +1,270 @@
+= Spring Session - HttpSession with GemFire Client/Server using Spring Boot
+John Blum
+:toc:
+
+This guide describes how to build a _Spring Boot_ application configured with _Spring Session_ to transparently leverage
+Pivotal GemFire to back a web application's `HttpSession`.
+
+In this sample, GemFire's client/server topology is employed using a pair of _Spring Boot_ applications, one to
+configure and run a GemFire Server and another to configure and run the client, Spring MVC-based web application
+making use of the `HttpSession`.
+
+NOTE: The completed guide can be found in the <<httpsession-gemfire-boot-sample,HttpSession with GemFire using Spring Boot Sample Application>>.
+
+== Updating Dependencies
+Before using _Spring Session_, you must ensure that the required dependencies are included.
+If you are using Maven, include the following `dependencies` in your _pom.xml_:
+
+.pom.xml
+[source,xml]
+[subs="verbatim,attributes"]
+----
+<dependencies>
+	<!-- ... -->
+
+	<dependency>
+		<groupId>org.springframework.session</groupId>
+		<artifactId>spring-session-data-gemfire</artifactId>
+		<version>{spring-session-version}</version>
+		<type>pom</type>
+	</dependency>
+	<dependency>
+		<groupId>org.springframework.boot</groupId>
+		<artifactId>spring-boot-starter-web</artifactId>
+	</dependency>
+</dependencies>
+----
+
+ifeval::["{version-snapshot}" == "true"]
+Since we are using a SNAPSHOT version, we need to add the Spring Snapshot Maven Repository.
+If you are using Maven, include the following `repository` declaration in your _pom.xml_:
+
+.pom.xml
+[source,xml]
+----
+<repositories>
+	<!-- ... -->
+
+	<repository>
+		<id>spring-snapshot</id>
+		<url>https://repo.spring.io/libs-snapshot</url>
+	</repository>
+</repositories>
+----
+endif::[]
+
+ifeval::["{version-milestone}" == "true"]
+Since we are using a Milestone version, we need to add the Spring Milestone Maven Repository.
+If you are using Maven, include the following `repository` declaration in your _pom.xml_:
+
+.pom.xml
+[source,xml]
+----
+<repositories>
+	<!-- ... -->
+
+	<repository>
+		<id>spring-milestone</id>
+		<url>https://repo.spring.io/libs-milestone</url>
+	</repository>
+</repositories>
+----
+endif::[]
+
+// tag::config[]
+[[httpsession-spring-java-configuration]]
+== Spring Boot Configuration
+
+After adding the required dependencies and repository declarations, we can create our Spring configuration
+for both the GemFire client and server using _Spring Boot_.  The Spring configuration is responsible for
+creating a Servlet Filter that replaces the `HttpSession` with an implementation backed by _Spring Session_
+and GemFire.
+
+=== Spring Boot-based GemFire Server
+
+We start with the _Spring Boot_ application for configuring and bootstrapping a GemFire Server process...
+
+[source,java]
+----
+include::{samples-dir}boot/gemfire/src/main/java/sample/server/GemFireServer.java[tags=class]
+----
+
+<1> The `@EnableGemFireHttpSession` annotation is used on the GemFire Server to mainly define the corresponding
+Region (e.g. `ClusteredSpringSessions`, the default) in which Session state information will be stored
+and managed by GemFire.  As well, we have specified an arbitrary expiration attribute (i.e. `maxInactiveIntervalInSeconds`)
+for when the Session will timeout, which is triggered by a GemFire Region entry expiration event that also invalidates
+the Session object in the Region.
+<2> Next, we define a few `Properties` that allow us to configure certain aspects of the GemFire Server using
+https://gemfire.docs.pivotal.io/docs-gemfire/reference/topics/gemfire_properties.html[GemFire's System properties].
+<3> Then, we create an instance of the GemFire `Cache` using our defined `Properties`.
+<4> Finally, we configure and start a `CacheServer` running in the GemFire Server to listen for connections
+from cache clients.  The `CacheServer's` `Socket` will be used to connect our GemFire cache client,
+_Spring Boot_ web application to the server.
+
+The sample also makes use of a `PropertySourcesPlaceholderConfigurer` bean in order to externalize the sample application
+configuration to affect GemFire and application configuration/behavior from the command-line (e.g. such as GemFire's
+`log-level` using the `gemfire.log.level` System property; more details below).
+
+=== Spring Boot-based GemFire cache client Web application
+
+Now, we create our _Spring Boot_ Web application exposing our Web service with Spring MVC, running as a
+GemFire cache client connected to our _Spring Boot_-based GemFire Server, using Spring Session backed by GemFire
+to manage Session state in a clustered, replicated fashion.
+
+[source,java]
+----
+include::{samples-dir}boot/gemfire/src/main/java/sample/client/Application.java[tags=class]
+----
+
+<1> Here, again, we use the `@EnableGemFireHttpSession` annotation to not only configure the GemFire cache client,
+but to also override the (HTTP) Web application container's `HttpSession` and replace it with a Session implementation
+backed by _Spring Session_ and GemFire.  Also notice, we did not define any Session expiration timeout with the
+`maxInactiveIntervalInSeconds` attribute this time.  That is because the Session expiration is managed by GemFire,
+on the server, which will appropriately notify the cache client when the Session times out.  Again, we have just
+resorted to using the default named Region, `ClusteredSpringSessions`.  Of course, we can change the Region name,
+but we must do so on both the client and the server.  That is a GemFire requirement, not a
+_Spring Session Data GemFire_ requirement.
+<2> Similarly to the server configuration, we set a few basic GemFire System `Properties` on the client.
+<3> Although, this time, an instance of `ClientCache` is created with the `ClientCacheFactoryBean`
+from _Spring Data GemFire_.
+<4> However, in order to connect to the GemFire Server we must define a GemFire `Pool` bean containing a
+pool of connections to the server.  Whenever a client Region entry operation corresponding to a Session update occurs,
+the client-side Region will use an existing, pooled connection to route the operation to the server.
+<5> The following _Spring_ `BeanPostProcessor` (along with some utility methods) are only needed for testing purposes
+and are not required by any production code.  Specifically, the `BeanPostProcessor` along with the code referenced in *6*
+is useful in integration test cases where the client and server processes are forked by the test framework.  It is pretty
+easy to figure out that a race condition is imminent without proper coordination between the client and the server,
+therefore, the BPP and `ClientMembershipListener` help sync the interaction between the client and the server
+on startup during automated testing.
+<6> Navigates the Web application to the home page (`index.html`), which uses **Thymeleaf** templates for server-side
+pages.
+<7> Heartbeat Web service endpoint (useful for manual testing purposes).
+<8> Web service endpoint allowing the user to add a Session attribute using the Web application UI.  In addition,
+the webapp stores an additional Session attribute (`requestCount`) to keep track of how many HTTP requests the user
+has sent during the current "session".
+
+There are many other utility methods, so please refer to the actual source code for full details.
+
+TIP: In typical GemFire deployments, where the cluster includes potentially hundreds or thousands of GemFire data nodes
+(servers), it is more common for clients to connect to one or more GemFire Locators running in the cluster.  A Locator
+passes meta-data to clients about the servers available, their load and which servers have the client's data of interest,
+which is particularly important in direct, single-hop data access and latency-sensitive operations.  See more details
+about the https://gemfire.docs.pivotal.io/docs-gemfire/latest/topologies_and_comm/cs_configuration/chapter_overview.html[Client/Server Topology in GemFire's User Guide].
+
+NOTE: For more information on configuring _Spring Data GemFire_, refer to the https://docs.spring.io/spring-data-gemfire/docs/current/reference/html/[reference guide].
+
+The `@EnableGemFireHttpSession` annotation enables a developer to configure certain aspects of both _Spring Session_
+and GemFire out-of-the-box using the following attributes:
+
+* `maxInactiveIntervalInSeconds` - controls _HttpSession_ idle-timeout expiration (defaults to **30 minutes**).
+* `regionName` - specifies the name of the GemFire Region used to store `HttpSession` state (defaults is "*ClusteredSpringSessions*").
+* `clientRegionShort` - specifies GemFire's https://gemfire.docs.pivotal.io/docs-gemfire/latest/developing/management_all_region_types/chapter_overview.html[data management policy]
+with a GemFire https://gemfire.docs.pivotal.io/docs-gemfire/latest/javadocs/japi/com/gemstone/gemfire/cache/client/ClientRegionShortcut.html[ClientRegionShortcut]
+(default is `PROXY`).  This attribute is only used when configuring client Region.
+* `poolName` - name of the dedicated GemFire Pool used to connect a client to the cluster of servers.  The attribute
+is only used when the application is a GemFire cache client.  Defaults to `gemfirePool`.
+* `serverRegionShort` - specifies GemFire's https://gemfire.docs.pivotal.io/docs-gemfire/latest/developing/management_all_region_types/chapter_overview.html[data management policy]
+using a GemFire https://data-docs-samples.cfapps.io/docs-gemfire/latest/javadocs/japi/com/gemstone/gemfire/cache/RegionShortcut.html[RegionShortcut]
+(default is `PARTITION`).  This attribute is only used when configuring server Regions, or when a p2p topology is employed.
+
+NOTE: It is important to remember that the GemFire client Region name must match a server Region by the same name if
+the client Region is a `PROXY` or `CACHING_PROXY`.  Client and server Region names are not required to match if
+the client Region used to store Spring Sessions is `LOCAL`.  However, keep in mind that your session state will not
+be propagated to the server and you lose all the benefits of using GemFire to store and manage distributed, replicated
+session state information in a cluster.
+
+[[httpsession-gemfire-boot-sample]]
+== HttpSession with GemFire using Spring Boot Sample Application
+
+=== Running the httpsession-gemfire-boot Sample Application
+
+You can run the sample by obtaining the {download-url}[source code] and invoking the following commands.
+
+First, you must run the server:
+
+----
+$ ./gradlew :samples:httpsession-gemfire-boot:run [-Dgemfire.log-level=config]
+----
+
+Then, in a separate terminal, run the client:
+
+----
+$ ./gradlew :samples:httpsession-gemfire-boot:bootRun [-Dgemfire.log-level=config]
+----
+
+You should now be able to access the application at http://localhost:8080/.  In this sample, the web application
+is the client cache and the server is standalone.
+
+=== Exploring the httpsession-gemfire-boot Sample Application
+
+Try using the application. Fill out the form with the following information:
+
+* **Attribute Name:** _username_
+* **Attribute Value:** _test_
+
+Now click the **Set Attribute** button. You should now see the attribute name and value displayed in the table
+along with an additional attribute (`requestCount`) indicating the number of Session interactions (via HTTP requests).
+
+=== How does it work?
+
+We interact with the standard `HttpSession` in the the Spring MVC web service endpoint, shown here for convenience:
+
+.src/main/java/sample/SessionServlet.java
+[source,java]
+----
+@RequestMapping(method = RequestMethod.POST, path = "/session")
+public String session(HttpSession session, ModelMap modelMap,
+		@RequestParam(name = "attributeName", required = false) String name,
+		@RequestParam(name = "attributeValue", required = false) String value) {
+
+	modelMap.addAttribute("sessionAttributes",
+		attributes(setAttribute(updateRequestCount(session), name, value)));
+
+	return INDEX_TEMPLATE_VIEW_NAME;
+}
+----
+
+Instead of using the embedded HTTP server's `HttpSession`, we are actually persisting the Session state in GemFire.
+_Spring Session_ creates a cookie named SESSION in your browser that contains the id of your session.
+Go ahead and view the cookies (click for help with https://developer.chrome.com/devtools/docs/resources#cookies[Chrome]
+or https://getfirebug.com/wiki/index.php/Cookies_Panel#Cookies_List[Firefox]).
+
+NOTE: The following instructions assume you have a local GemFire installation.  For more information on installation,
+see https://gemfire.docs.pivotal.io/docs-gemfire/latest/getting_started/installation/install_intro.html[Installing Pivotal GemFire].
+
+NOTE: In order to run the following, you must uncomment the lines in the `GemFireServer` class, `gemfireProperties` bean
+for the following GemFire System properties: `jmx-manager` and `jmx-manager-start`.
+
+If you like, you can easily remove the session using `gfsh`. For example, on a Linux-based system type the following
+at the command-line:
+
+	$ gfsh
+
+Then, enter the following commands in _Gfsh_ ensuring to replace `70002719-3c54-4c20-82c3-e7faa6b718f3` with the value
+of your SESSION cookie, or the session ID returned by the GemFire OQL query (which should match):
+
+....
+gfsh>connect --jmx-manager=localhost[1099]
+
+gfsh>query --query='SELECT * FROM /ClusteredSpringSessions.keySet'
+
+Result     : true
+startCount : 0
+endCount   : 20
+Rows       : 1
+
+Result
+------------------------------------
+70002719-3c54-4c20-82c3-e7faa6b718f3
+
+NEXT_STEP_NAME : END
+
+gfsh>remove --region=/ClusteredSpringSessions --key="70002719-3c54-4c20-82c3-e7faa6b718f3"
+....
+
+NOTE: The _GemFire User Guide_ has more detailed instructions on using https://gemfire.docs.pivotal.io/docs-gemfire/latest/tools_modules/gfsh/chapter_overview.html[gfsh].
+
+Now visit the application at http://localhost:8080/ again and observe that the attribute we added is no longer displayed.
+
+Alternatively, you can wait **20 seconds** for the session to expire and timeout, and then refresh the page.  The attribute
+we added should no longer be displayed in the table.
--- a/docs/src/docs/asciidoc/guides/boot-jdbc.adoc
+++ b/docs/src/docs/asciidoc/guides/boot-jdbc.adoc
@@ -21,40 +21,65 @@ If you are using Maven, ensure to add the following dependencies:
 	<dependency>
 		<groupId>org.springframework.session</groupId>
 		<artifactId>spring-session-jdbc</artifactId>
+		<version>{spring-session-version}</version>
+	</dependency>
+	<dependency>
+		<groupId>org.springframework.boot</groupId>
+		<artifactId>spring-boot-starter-jdbc</artifactId>
 	</dependency>
 </dependencies>
 ----

-Spring Boot provides dependency management for Spring Session modules, so there's no need to explicitly declare dependency version.
+ifeval::["{version-snapshot}" == "true"]
+Since we are using a SNAPSHOT version, we need to ensure to add the Spring Snapshot Maven Repository.
+Ensure you have the following in your pom.xml:
+
+.pom.xml
+[source,xml]
+----
+<repositories>
+
+	<!-- ... -->
+
+	<repository>
+		<id>spring-snapshot</id>
+		<url>https://repo.spring.io/libs-snapshot</url>
+	</repository>
+</repositories>
+----
+endif::[]
+
+ifeval::["{version-milestone}" == "true"]
+Since We are using a Milestone version, we need to ensure to add the Spring Milestone Maven Repository.
+Ensure you have the following in your pom.xml:
+
+.pom.xml
+[source,xml]
+----
+<repository>
+	<id>spring-milestone</id>
+	<url>https://repo.spring.io/libs-milestone</url>
+</repository>
+----
+endif::[]

 // tag::config[]

 [[httpsession-jdbc-boot-spring-configuration]]
-== Spring Boot Configuration
+== Spring Configuration

-After adding the required dependencies, we can create our Spring Boot configuration.
-Thanks to first-class auto configuration support, setting up Spring Session backed by a relational database is as simple as adding a single configuration property to your `application.properties`:
+After adding the required dependencies, we can create our Spring configuration.
+The Spring configuration is responsible for creating a Servlet Filter that replaces the `HttpSession` implementation with an implementation backed by Spring Session.
+Add the following Spring Configuration:

-.src/main/resources/application.properties
+[source,java]
 ----
-spring.session.store-type=jdbc # Session store type.
+include::{samples-dir}boot/jdbc/src/main/java/sample/config/HttpSessionConfig.java[tags=class]
 ----

-Under the hood, Spring Boot will apply configuration that is equivalent to manually adding `@EnableJdbcHttpSession` annotation.
-This creates a Spring Bean with the name of `springSessionRepositoryFilter` that implements Filter.
+<1> The `@EnableJdbcHttpSession` annotation creates a Spring Bean with the name of `springSessionRepositoryFilter` that implements Filter.
 The filter is what is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
-
-Further customization is possible using `application.properties`:
-
-.src/main/resources/application.properties
----
-server.servlet.session.timeout= # Session timeout. If a duration suffix is not specified, seconds will be used.
-spring.session.jdbc.initialize-schema=embedded # Database schema initialization mode.
-spring.session.jdbc.schema=classpath:org/springframework/session/jdbc/schema-@@platform@@.sql # Path to the SQL file to use to initialize the database schema.
-spring.session.jdbc.table-name=SPRING_SESSION # Name of the database table used to store sessions.
----
-
-For more information, refer to https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-session[Spring Session] portion of the Spring Boot documentation.
+In this instance Spring Session is backed by a relational database.

 [[httpsession-jdbc-boot-configuration]]
 == Configuring the DataSource
@@ -65,17 +90,17 @@ For example, you can include the following in your *application.properties*

 .src/main/resources/application.properties
 ----
-spring.datasource.url= # JDBC URL of the database.
-spring.datasource.username= # Login username of the database.
-spring.datasource.password= # Login password of the database.
+spring.datasource.url=jdbc:postgresql://localhost:5432/myapp
+spring.datasource.username=myapp
+spring.datasource.password=secret
 ----

-For more information, refer to https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-configure-datasource[Configure a DataSource] portion of the Spring Boot documentation.
+For more information, refer to https://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#boot-features-configure-datasource[Configure a DataSource] portion of the Spring Boot documentation.

 [[httpsession-jdbc-boot-servlet-configuration]]
 == Servlet Container Initialization

-Our <<httpsession-jdbc-boot-spring-configuration,Spring Boot Configuration>> created a Spring Bean named `springSessionRepositoryFilter` that implements `Filter`.
+Our <<httpsession-jdbc-boot-spring-configuration,Spring Configuration>> created a Spring Bean named `springSessionRepositoryFilter` that implements `Filter`.
 The `springSessionRepositoryFilter` bean is responsible for replacing the `HttpSession` with a custom implementation that is backed by Spring Session.

 In order for our `Filter` to do its magic, Spring needs to load our `Config` class.
@@ -95,7 +120,7 @@ The httpsession-jdbc-boot Sample Application demonstrates how to use Spring Sess
 You can run the sample by obtaining the {download-url}[source code] and invoking the following command:

 ----
-$ ./gradlew :spring-session-sample-boot-jdbc:bootRun
+$ ./gradlew :samples:httpsession-jdbc-boot:bootRun
 ----

 You should now be able to access the application at http://localhost:8080/
@@ -120,7 +145,7 @@ Spring Session replaces the `HttpSession` with an implementation that is backed
 When Spring Security's `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession` it is then persisted into H2 database.

 When a new `HttpSession` is created, Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
-Go ahead and view the cookies (click for help with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
+Go ahead and view the cookies (click for help with https://developer.chrome.com/devtools/docs/resources#cookies[Chrome] or https://getfirebug.com/wiki/index.php/Cookies_Panel#Cookies_List[Firefox]).

 If you like, you can easily remove the session using H2 web console available at: http://localhost:8080/h2-console/ (use `jdbc:h2:mem:testdb` for JDBC URL)

--- a/docs/src/docs/asciidoc/guides/boot-mongo.adoc
+++ b/docs/src/docs/asciidoc/guides/boot-mongo.adoc
@@ -0,0 +1,169 @@
+= Spring Session - Mongo Repositories
+Jakub Kubrynski
+:toc:
+
+This guide describes how to use Spring Session backed by Mongo.
+
+NOTE: The completed guide can be found in the <<mongo-sample, mongo sample application>>.
+
+== Updating Dependencies
+Before you use Spring Session, you must ensure to update your dependencies.
+We assume you are working with a working Spring Boot web application.
+If you are using Maven, ensure to add the following dependencies:
+
+.pom.xml
+[source,xml]
+[subs="verbatim,attributes"]
+----
+<dependencies>
+	<!-- ... -->
+
+	<dependency>
+		<groupId>org.springframework.session</groupId>
+		<artifactId>spring-session-data-mongo</artifactId>
+		<version>{spring-session-version}</version>
+		<type>pom</type>
+	</dependency>
+	<dependency>
+		<groupId>org.springframework.boot</groupId>
+		<artifactId>spring-boot-starter-data-mongodb</artifactId>
+	</dependency>
+</dependencies>
+----
+
+ifeval::["{version-snapshot}" == "true"]
+Since We are using a SNAPSHOT version, we need to ensure to add the Spring Snapshot Maven Repository.
+Ensure you have the following in your pom.xml:
+
+.pom.xml
+[source,xml]
+----
+<repositories>
+
+	<!-- ... -->
+
+	<repository>
+		<id>spring-snapshot</id>
+		<url>https://repo.spring.io/libs-snapshot</url>
+	</repository>
+</repositories>
+----
+endif::[]
+
+ifeval::["{version-milestone}" == "true"]
+Since We are using a Milestone version, we need to ensure to add the Spring Milestone Maven Repository.
+Ensure you have the following in your pom.xml:
+
+.pom.xml
+[source,xml]
+----
+<repository>
+	<id>spring-milestone</id>
+	<url>https://repo.spring.io/libs-milestone</url>
+</repository>
+----
+endif::[]
+
+[[mongo-spring-configuration]]
+== Spring Configuration
+
+After adding the required dependencies, we can create our Spring configuration.
+The Spring configuration is responsible for creating a Servlet Filter that replaces the `HttpSession` implementation with an implementation backed by Spring Session.
+
+// tag::config[]
+All you have to do is to add the following Spring Configuration:
+
+[source,java]
+----
+include::{samples-dir}boot/mongo/src/main/java/sample/config/HttpSessionConfig.java[tags=class]
+----
+
+<1> The `@EnableMongoHttpSession` annotation creates a Spring Bean with the name of `springSessionRepositoryFilter` that implements Filter.
+The filter is what is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
+In this instance Spring Session is backed by Mongo.
+
+<2> We explicitly configure `JdkMongoSessionConverter` since Spring Security's objects cannot be automatically persisted using Jackson (the default if Jackson is on the classpath).
+
+// end::config[]
+
+[[boot-mongo-configuration]]
+== Configuring the Mongo Connection
+
+Spring Boot automatically creates a `MongoClient` that connects Spring Session to a Mongo Server on localhost on port 27017 (default port).
+In a production environment you need to ensure to update your configuration to point to your Mongo server.
+For example, you can include the following in your *application.properties*
+
+.src/main/resources/application.properties
+----
+spring.data.mongodb.host=mongo-srv
+spring.data.mongodb.port=27018
+spring.data.mongodb.database=prod
+----
+
+For more information, refer to https://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#boot-features-connecting-to-mongodb[Connecting to MongoDB] portion of the Spring Boot documentation.
+
+[[boot-servlet-configuration]]
+== Servlet Container Initialization
+
+Our <<boot-spring-configuration,Spring Configuration>> created a Spring Bean named `springSessionRepositoryFilter` that implements `Filter`.
+The `springSessionRepositoryFilter` bean is responsible for replacing the `HttpSession` with a custom implementation that is backed by Spring Session.
+
+In order for our `Filter` to do its magic, Spring needs to load our `Config` class.
+Last we need to ensure that our Servlet Container (i.e. Tomcat) uses our `springSessionRepositoryFilter` for every request.
+Fortunately, Spring Boot takes care of both of these steps for us.
+
+[[mongo-sample]]
+== Mongo Sample Application
+
+The Mongo Sample Application demonstrates how to use Spring Session to transparently leverage Mongo to back a web application's `HttpSession` when using Spring Boot.
+
+[[mongo-running]]
+=== Running the Mongo Sample Application
+
+You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
+
+----
+$ ./gradlew :samples:mongo:bootRun
+----
+
+You should now be able to access the application at http://localhost:8080/
+
+[[boot-explore]]
+=== Exploring the security Sample Application
+
+Try using the application. Enter the following to log in:
+
+* **Username** _user_
+* **Password** _password_
+
+Now click the **Login** button.
+You should now see a message indicating your are logged in with the user entered previously.
+The user's information is stored in Mongo rather than Tomcat's `HttpSession` implementation.
+
+[[mongo-how]]
+=== How does it work?
+
+Instead of using Tomcat's `HttpSession`, we are actually persisting the values in Mongo.
+Spring Session replaces the `HttpSession` with an implementation that is backed by Mongo.
+When Spring Security's `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession` it is then persisted into Mongo.
+
+When a new `HttpSession` is created, Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
+Go ahead and view the cookies (click for help with https://developer.chrome.com/devtools/docs/resources#cookies[Chrome] or https://getfirebug.com/wiki/index.php/Cookies_Panel#Cookies_List[Firefox]).
+
+If you like, you can easily inspect the session using mongo client. For example, on a Linux based system you can type:
+
+[NOTE]
+====
+The sample application uses an embedded MongoDB instance that listens on a randomly allocated port.
+The port used by embedded MongoDB together with exact command to connect to it is logged during application startup.
+====
+
+	$ mongo --port ...
+	> use test
+	> db.sessions.find().pretty()
+
+Alternatively, you can also delete the explicit key. Enter the following into your terminal ensuring to replace `60f17293-839b-477c-bb92-07a9c3658843` with the value of your SESSION cookie:
+
+	> db.sessions.remove({"_id":"60f17293-839b-477c-bb92-07a9c3658843"})
+
+Now visit the application at http://localhost:8080/ and observe that we are no longer authenticated.
--- a/docs/src/docs/asciidoc/guides/boot-redis.adoc
+++ b/docs/src/docs/asciidoc/guides/boot-redis.adoc
@@ -1,5 +1,5 @@
 = Spring Session - Spring Boot
-Rob Winch, Vedran Pavić
+Rob Winch
 :toc:

 This guide describes how to use Spring Session to transparently leverage Redis to back a web application's `HttpSession` when using Spring Boot.
@@ -20,38 +20,64 @@ If you are using Maven, ensure to add the following dependencies:

 	<dependency>
 		<groupId>org.springframework.session</groupId>
-		<artifactId>spring-session-data-redis</artifactId>
+		<artifactId>spring-session</artifactId>
+		<version>{spring-session-version}</version>
+	</dependency>
+	<dependency>
+		<groupId>org.springframework.boot</groupId>
+		<artifactId>spring-boot-starter-redis</artifactId>
 	</dependency>
 </dependencies>
 ----

-Spring Boot provides dependency management for Spring Session modules, so there's no need to explicitly declare dependency version.
+ifeval::["{version-snapshot}" == "true"]
+Since We are using a SNAPSHOT version, we need to ensure to add the Spring Snapshot Maven Repository.
+Ensure you have the following in your pom.xml:
+
+.pom.xml
+[source,xml]
+----
+<repositories>
+
+	<!-- ... -->
+
+	<repository>
+		<id>spring-snapshot</id>
+		<url>https://repo.spring.io/libs-snapshot</url>
+	</repository>
+</repositories>
+----
+endif::[]
+
+ifeval::["{version-milestone}" == "true"]
+Since We are using a Milestone version, we need to ensure to add the Spring Milestone Maven Repository.
+Ensure you have the following in your pom.xml:
+
+.pom.xml
+[source,xml]
+----
+<repository>
+	<id>spring-milestone</id>
+	<url>https://repo.spring.io/libs-milestone</url>
+</repository>
+----
+endif::[]

 [[boot-spring-configuration]]
-== Spring Boot Configuration
+== Spring Configuration

-After adding the required dependencies, we can create our Spring Boot configuration.
-Thanks to first-class auto configuration support, setting up Spring Session backed by Redis is as simple as adding a single configuration property to your `application.properties`:
+After adding the required dependencies, we can create our Spring configuration.
+The Spring configuration is responsible for creating a Servlet Filter that replaces the `HttpSession` implementation with an implementation backed by Spring Session.
+Add the following Spring Configuration:

-.src/main/resources/application.properties
+[source,java]
 ----
-spring.session.store-type=redis # Session store type.
+include::{samples-dir}boot/redis/src/main/java/sample/config/HttpSessionConfig.java[tags=class]
 ----

-Under the hood, Spring Boot will apply configuration that is equivalent to manually adding `@EnableRedisHttpSession` annotation.
-This creates a Spring Bean with the name of `springSessionRepositoryFilter` that implements Filter.
+<1> The `@EnableRedisHttpSession` annotation creates a Spring Bean with the name of `springSessionRepositoryFilter` that implements Filter.
 The filter is what is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
-
-Further customization is possible using `application.properties`:
-
-.src/main/resources/application.properties
----
-server.servlet.session.timeout= # Session timeout. If a duration suffix is not specified, seconds will be used.
-spring.session.redis.flush-mode=on-save # Sessions flush mode.
-spring.session.redis.namespace=spring:session # Namespace for keys used to store sessions.
----
-
-For more information, refer to https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-session[Spring Session] portion of the Spring Boot documentation.
+In this instance Spring Session is backed by Redis.

 [[boot-redis-configuration]]
 == Configuring the Redis Connection
@@ -62,17 +88,17 @@ For example, you can include the following in your *application.properties*

 .src/main/resources/application.properties
 ----
-spring.redis.host=localhost # Redis server host.
-spring.redis.password= # Login password of the redis server.
-spring.redis.port=6379 # Redis server port.
+spring.redis.host=localhost
+spring.redis.password=secret
+spring.redis.port=6379
 ----

-For more information, refer to https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-connecting-to-redis[Connecting to Redis] portion of the Spring Boot documentation.
+For more information, refer to https://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#boot-features-connecting-to-redis[Connecting to Redis] portion of the Spring Boot documentation.

 [[boot-servlet-configuration]]
 == Servlet Container Initialization

-Our <<boot-spring-configuration,Spring Boot Configuration>> created a Spring Bean named `springSessionRepositoryFilter` that implements `Filter`.
+Our <<boot-spring-configuration,Spring Configuration>> created a Spring Bean named `springSessionRepositoryFilter` that implements `Filter`.
 The `springSessionRepositoryFilter` bean is responsible for replacing the `HttpSession` with a custom implementation that is backed by Spring Session.

 In order for our `Filter` to do its magic, Spring needs to load our `Config` class.
@@ -80,24 +106,23 @@ Last we need to ensure that our Servlet Container (i.e. Tomcat) uses our `spring
 Fortunately, Spring Boot takes care of both of these steps for us.

 [[boot-sample]]
-== Boot Sample Application
+== boot Sample Application

-The Boot Sample Application demonstrates how to use Spring Session to transparently leverage Redis to back a web application's `HttpSession` when using Spring Boot.
+The boot Sample Application demonstrates how to use Spring Session to transparently leverage Redis to back a web application's `HttpSession` when using Spring Boot.

 [[boot-running]]
-=== Running the Boot Sample Application
+=== Running the boot Sample Application

 You can run the sample by obtaining the {download-url}[source code] and invoking the following command:

 [NOTE]
 ====
 For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
-Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
-Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
+Alternatively, you can update the `JedisConnectionFactory` to point to a Redis server.
 ====

 ----
-$ ./gradlew :spring-session-sample-boot-redis:bootRun
+$ ./gradlew :samples:boot:bootRun
 ----

 You should now be able to access the application at http://localhost:8080/
@@ -122,7 +147,7 @@ Spring Session replaces the `HttpSession` with an implementation that is backed
 When Spring Security's `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession` it is then persisted into Redis.

 When a new `HttpSession` is created, Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
-Go ahead and view the cookies (click for help with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
+Go ahead and view the cookies (click for help with https://developer.chrome.com/devtools/docs/resources#cookies[Chrome] or https://getfirebug.com/wiki/index.php/Cookies_Panel#Cookies_List[Firefox]).

 If you like, you can easily remove the session using redis-cli. For example, on a Linux based system you can type:

--- a/docs/src/docs/asciidoc/guides/boot-websocket.adoc
+++ b/docs/src/docs/asciidoc/guides/boot-websocket.adoc
@@ -24,7 +24,7 @@ Please make sure you have already integrated Spring Session with the HttpSession
 [[websocket-spring-configuration]]
 == Spring Configuration

-In a typical Spring WebSocket application users would implement `WebSocketMessageBrokerConfigurer`.
+In a typical Spring WebSocket application users would extend `AbstractWebSocketMessageBrokerConfigurer`.
 For example, the configuration might look something like the following:

 [source,java]
@@ -43,7 +43,7 @@ include::{samples-dir}boot/websocket/src/main/java/sample/config/WebSocketConfig

 To hook in the Spring Session support we only need to change two things:

-<1> Instead of implementing `WebSocketMessageBrokerConfigurer` we extend `AbstractSessionWebSocketMessageBrokerConfigurer`
+<1> Instead of extending `AbstractWebSocketMessageBrokerConfigurer` we extend `AbstractSessionWebSocketMessageBrokerConfigurer`
 <2> We rename the `registerStompEndpoints` method to `configureStompEndpoints`

 What does `AbstractSessionWebSocketMessageBrokerConfigurer` do behind the scenes?
@@ -73,23 +73,23 @@ You can run the sample by obtaining the {download-url}[source code] and invoking

 [TIP]
 ====
-For the purposes of testing session expiration, you may want to change the session expiration to be 1 minute (default is 30 minutes) by adding the following configuration property starting before the application:
+For the purposes of testing session expiration, you may want to change the session expiration to be 1 minute (default is 30 minutes) by removing the comment from the following file before starting the application:

-.src/main/resources/application.properties
+.src/main/java/samples/config/WebSecurityConfig.java
+[source,java]
 ----
-server.servlet.session.timeout=1m # Session timeout. If a duration suffix is not specified, seconds will be used.
+include::{samples-dir}boot/websocket/src/main/java/sample/config/WebSecurityConfig.java[tags=enable-redis-httpsession]
 ----
 ====

 [NOTE]
 ====
 For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
-Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
-Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
+Alternatively, you can update the `LettuceConnectionFactory` to point to a Redis server.
 ====

 ----
-$ ./gradlew :spring-session-sample-boot-websocket:bootRun
+$ ./gradlew :samples:websocket:bootRun
 ----

 You should now be able to access the application at http://localhost:8080/
--- a/docs/src/docs/asciidoc/guides/grails3.adoc
+++ b/docs/src/docs/asciidoc/guides/grails3.adoc
@@ -70,7 +70,7 @@ spring:
    port: 6397
 ----

-For more information, refer to https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-connecting-to-redis[Connecting to Redis] portion of the Spring Boot documentation.
+For more information, refer to https://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#boot-features-connecting-to-redis[Connecting to Redis] portion of the Spring Boot documentation.

 [[grails3-sample]]
 == Grails 3 Sample Application
@@ -85,12 +85,11 @@ You can run the sample by obtaining the {download-url}[source code] and invoking
 [NOTE]
 ====
 For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
-Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
-Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
+Alternatively, you can update the `JedisConnectionFactory` to point to a Redis server.
 ====

 ----
-$ ./gradlew :spring-session-sample-misc-grails3:bootRun
+$ ./gradlew :samples:grails3:bootRun
 ----

 You should now be able to access the application at http://localhost:8080/test/index
@@ -115,7 +114,7 @@ Spring Session replaces the `HttpSession` with an implementation that is backed
 When Spring Security's `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession` it is then persisted into Redis.

 When a new `HttpSession` is created, Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
-Go ahead and view the cookies (click for help with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
+Go ahead and view the cookies (click for help with https://developer.chrome.com/devtools/docs/resources#cookies[Chrome] or https://getfirebug.com/wiki/index.php/Cookies_Panel#Cookies_List[Firefox]).

 If you like, you can easily remove the session using redis-cli. For example, on a Linux based system you can type:

@@ -128,6 +127,3 @@ Alternatively, you can also delete the explicit key. Enter the following into yo
 	$ redis-cli del spring:session:sessions:7e8383a4-082c-4ffe-a4bc-c40fd3363c5e

 Now visit the application at http://localhost:8080/test/index and observe that we are no longer authenticated.
-
-NOTE: Spring Session will not work with grails flash scope without additional work. +
-See this answer for an explanation: https://stackoverflow.com/a/43311427
--- a/docs/src/docs/asciidoc/guides/java-custom-cookie.adoc
+++ b/docs/src/docs/asciidoc/guides/java-custom-cookie.adoc
@@ -27,7 +27,7 @@ This allows sharing a session across domains and applications.
 If the regular expression does not match, no domain is set and the existing domain will be used.
 If the regular expression matches, the first https://docs.oracle.com/javase/tutorial/essential/regex/groups.html[grouping] will be used as the domain.
 This means that a request to https://child.example.com will set the domain to example.com.
-However, a request to http://localhost:8080/ or http://192.168.1.100:8080/ will leave the cookie unset and thus still work in development without any changes necessary for production.
+However, a request to http://localhost:8080/ or https://192.168.1.100:8080/ will leave the cookie unset and thus still work in development without any changes necessary for production.

 [WARNING]
 ====
@@ -79,12 +79,11 @@ You can run the sample by obtaining the {download-url}[source code] and invoking
 [NOTE]
 ====
 For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
-Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
-Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
+Alternatively, you can update the `LettuceConnectionFactory` to point to a Redis server.
 ====

 ----
-$ ./gradlew :spring-session-sample-javaconfig-custom-cookie:tomcatRun
+$ ./gradlew :samples:custom-cookie:tomcatRun
 ----

 You should now be able to access the application at http://localhost:8080/
--- a/docs/src/docs/asciidoc/guides/java-gemfire-clientserver.adoc
+++ b/docs/src/docs/asciidoc/guides/java-gemfire-clientserver.adoc
@@ -0,0 +1,272 @@
+= Spring Session - HttpSession with GemFire Client/Server (Quick Start)
+John Blum
+:toc:
+
+This guide describes how to configure Spring Session to transparently leverage Pivotal GemFire to back a web application's
+`HttpSession` using Java Configuration.
+
+NOTE: The completed guide can be found in the <<httpsession-gemfire-clientserver-java-sample-app,HttpSession with GemFire (Client/Server) Sample Application>>.
+
+== Updating Dependencies
+Before using Spring Session, you must ensure that the required dependencies are included.
+If you are using Maven, include the following `dependencies` in your _pom.xml_:
+
+.pom.xml
+[source,xml]
+[subs="verbatim,attributes"]
+----
+<dependencies>
+	<!-- ... -->
+
+	<dependency>
+		<groupId>org.springframework.session</groupId>
+		<artifactId>spring-session-data-gemfire</artifactId>
+		<version>{spring-session-version}</version>
+		<type>pom</type>
+	</dependency>
+	<dependency>
+		<groupId>org.springframework</groupId>
+		<artifactId>spring-web</artifactId>
+		<version>{spring-version}</version>
+	</dependency>
+</dependencies>
+----
+
+ifeval::["{version-snapshot}" == "true"]
+Since we are using a SNAPSHOT version, we need to add the Spring Snapshot Maven Repository.
+If you are using Maven, include the following `repository` declaration in your _pom.xml_:
+
+.pom.xml
+[source,xml]
+----
+<repositories>
+	<!-- ... -->
+
+	<repository>
+		<id>spring-snapshot</id>
+		<url>https://repo.spring.io/libs-snapshot</url>
+	</repository>
+</repositories>
+----
+endif::[]
+
+ifeval::["{version-milestone}" == "true"]
+Since we are using a Milestone version, we need to add the Spring Milestone Maven Repository.
+If you are using Maven, include the following `repository` declaration in your _pom.xml_:
+
+.pom.xml
+[source,xml]
+----
+<repositories>
+	<!-- ... -->
+
+	<repository>
+		<id>spring-milestone</id>
+		<url>https://repo.spring.io/libs-milestone</url>
+	</repository>
+</repositories>
+----
+endif::[]
+
+// tag::config[]
+[[httpsession-spring-java-configuration]]
+== Spring Java Configuration
+
+After adding the required dependencies and repository declarations, we can create our Spring configuration.
+The Spring configuration is responsible for creating a Servlet Filter that replaces the `HttpSession`
+with an implementation backed by Spring Session and GemFire.
+
+Add the following Spring Configuration:
+
+[source,java]
+----
+include::{samples-dir}javaconfig/gemfire-clientserver/src/main/java/sample/ClientConfig.java[tags=class]
+----
+
+<1> The `@EnableGemFireHttpSession` annotation creates a Spring bean named `springSessionRepositoryFilter` that
+implements `Filter`. The filter is what replaces the `HttpSession` with an implementation backed by Spring Session
+and GemFire.
+<2> Next, we register a `Properties` bean that allows us to configure certain aspects of the GemFire client cache
+using https://gemfire.docs.pivotal.io/docs-gemfire/reference/topics/gemfire_properties.html[GemFire's System properties].
+<3> We use the `Properties` to configure an instance of a GemFire `ClientCache`.
+<4> Then, we configure a `Pool` of client connections to talk to the GemFire Server in our Client/Server topology. In our
+configuration, we have used sensible settings for timeouts, number of connections and so on. Also, the `Pool` has been
+configured to connect directly to a server. Learn more about various `Pool` configuration settings from the
+https://gemfire.docs.pivotal.io/docs-gemfire/latest/javadocs/japi/com/gemstone/gemfire/cache/client/PoolFactory.html[PoolFactory API].
+<5> Finally, we include a Spring `BeanPostProcessor` to block the client until our GemFire Server is up and running,
+listening for and accepting client connections.
+
+The `gemfireCacheServerReadyBeanPostProcessor` is necessary in order to coordinate the client and server in
+an automated fashion during testing, but unnecessary in situations where the GemFire cluster is already presently
+running, such as in production.
+
+The `BeanPostProcessor` uses a GemFire https://gemfire.docs.pivotal.io/docs-gemfire/latest/javadocs/japi/com/gemstone/gemfire/management/membership/ClientMembershipListener.html[ClientMembershipListener]
+that will be notified when the client has successfully connected to the server. Once a connection has been established,
+the listener releases the latch that the `BeanPostProcessor` will wait on (up to the specified timeout) in the
+`postProcessAfterInitialization` callback to block the client.
+
+TIP: In typical GemFire deployments, where the cluster includes potentially hundreds of GemFire data nodes (servers),
+it is more common for clients to connect to one or more GemFire Locators running in the cluster. A Locator passes meta-data
+to clients about the servers available, load and which servers have the client's data of interest, which is particularly
+important for single-hop, direct data access.  See more details about the https://gemfire.docs.pivotal.io/docs-gemfire/latest/topologies_and_comm/cs_configuration/chapter_overview.html[Client/Server Topology in GemFire's User Guide].
+
+NOTE: For more information on configuring _Spring Data GemFire_, refer to the https://docs.spring.io/spring-data-gemfire/docs/current/reference/html/[reference guide].
+
+The `@EnableGemFireHttpSession` annotation enables a developer to configure certain aspects of both Spring Session
+and GemFire out-of-the-box using the following attributes:
+
+* `maxInactiveIntervalInSeconds` - controls _HttpSession_ idle-timeout expiration (defaults to **30 minutes**).
+* `regionName` - specifies the name of the GemFire Region used to store `HttpSession` state (defaults is "*ClusteredSpringSessions*").
+* `clientRegionShort` - specifies GemFire's https://gemfire.docs.pivotal.io/docs-gemfire/latest/developing/management_all_region_types/chapter_overview.html[data management policy]
+with a GemFire https://gemfire.docs.pivotal.io/docs-gemfire/latest/javadocs/japi/com/gemstone/gemfire/cache/client/ClientRegionShortcut.html[ClientRegionShortcut]
+(default is `PROXY`).  This attribute is only used when configuring client Region.
+* `poolName` - name of the dedicated GemFire Pool used to connect a client to the cluster of servers.  The attribute
+is only used when the application is a GemFire cache client.  Defaults to `gemfirePool`.
+* `serverRegionShort` - specifies GemFire's https://gemfire.docs.pivotal.io/docs-gemfire/latest/developing/management_all_region_types/chapter_overview.html[data management policy]
+using a GemFire https://data-docs-samples.cfapps.io/docs-gemfire/latest/javadocs/japi/com/gemstone/gemfire/cache/RegionShortcut.html[RegionShortcut]
+(default is `PARTITION`).  This attribute is only used when configuring server Regions, or when a p2p topology is employed.
+
+NOTE: It is important to note that the GemFire client Region name must match a server Region by the same name if
+the client Region is a `PROXY` or `CACHING_PROXY`.  Names are not required to match if the client Region used to
+store Spring Sessions is `LOCAL`, however, keep in mind that your session state will not be propagated to the server
+and you lose all benefits of using GemFire to store and manage distributed, replicated session state information
+in a cluster.
+
+NOTE: `serverRegionShort` is ignored in a client/server cache configuration and only applies when
+a peer-to-peer (P2P) topology, and more specifically, a GemFire peer cache is used.
+
+=== Server Configuration
+
+We have only covered one side of the equation.  We also need a GemFire Server for our client to talk to and send
+session state to the server to manage.
+
+In this sample, we will use the following GemFire Server Java Configuration:
+
+[source,java]
+----
+include::{samples-dir}javaconfig/gemfire-clientserver/src/main/java/sample/ServerConfig.java[tags=class]
+----
+
+<1> On the server, we also configure Spring Session using the `@EnableGemFireHttpSession` annotation. This ensures
+the Region names on both the client and server match (in this sample, we use the default "_ClusteredSpringSessions_").
+We have also set the session timeout to **30 seconds**. Later, we will see how this timeout is used.
+<2> Next, we configure the GemFire Server using GemFire System Properties very much like our P2P samples.
+With the `mcast-port` set to 0 and no `locators` property specified, our server will be standalone. We also allow a
+JMX client (e.g. _Gfsh_) to connect to our server with the use of the GemFire-specific JMX System properties.
+<3> Then, we create an instance of a GemFire peer `Cache` initialized with our GemFire System Properties.
+<4> We also setup a GemFire `CacheServer` instance running on **localhost**, listening to port **12480**,
+ready to accept our client connection.
+<5> Finally, we declare a `main` method as an entry point for launching and running our GemFire Server
+from the command-line.
+
+== Java Servlet Container Initialization
+
+Our <<httpsession-spring-java-configuration,Spring Java Configuration>> created a Spring bean named `springSessionRepositoryFilter`
+that implements `Filter`. The `springSessionRepositoryFilter` bean is responsible for replacing the `HttpSession`
+with a custom implementation backed by Spring Session and GemFire.
+
+In order for our `Filter` to do its magic, Spring needs to load our `ClientConfig` class. We also need to ensure our
+Servlet Container (i.e. Tomcat) uses our `springSessionRepositoryFilter` for every request. Fortunately, Spring Session
+provides a utility class named `AbstractHttpSessionApplicationInitializer` to make both of these steps extremely easy.
+
+You can find an example below:
+
+.src/main/java/sample/Initializer.java
+[source,java]
+----
+include::{samples-dir}javaconfig/gemfire-clientserver/src/main/java/sample/Initializer.java[tags=class]
+----
+
+NOTE: The name of our class (`Initializer`) does not matter. What is important is that we extend `AbstractHttpSessionApplicationInitializer`.
+
+<1> The first step is to extend `AbstractHttpSessionApplicationInitializer`.
+This ensures that a Spring bean named `springSessionRepositoryFilter` is registered with our Servlet Container
+and used for every request.
+<2> `AbstractHttpSessionApplicationInitializer` also provides a mechanism to easily allow Spring to load our `ClientConfig`.
+// end::config[]
+
+[[httpsession-gemfire-clientserver-java-sample-app]]
+== HttpSession with GemFire (Client/Server) Sample Application
+
+
+=== Running the httpsession-gemfire-clientserver Sample Application
+
+You can run the sample by obtaining the {download-url}[source code] and invoking the following commands.
+
+First, you need to run the server using:
+
+----
+$ ./gradlew :samples:httpsession-gemfire-clientserver:run [-Dsample.httpsession.gemfire.log-level=info]
+----
+
+Then, in a separate terminal, you run the client using:
+
+----
+$ ./gradlew :samples:httpsession-gemfire-clientserver:tomcatRun [-Dsample.httpsession.gemfire.log-level=info]
+----
+
+You should now be able to access the application at http://localhost:8080/.  In this sample, the web application
+is the client cache and the server is standalone.
+
+=== Exploring the httpsession-gemfire-clientserver Sample Application
+
+Try using the application. Fill out the form with the following information:
+
+* **Attribute Name:** _username_
+* **Attribute Value:** _john_
+
+Now click the **Set Attribute** button. You should now see the values displayed in the table.
+
+=== How does it work?
+
+We interact with the standard `HttpSession` in the `SessionServlet` shown below:
+
+.src/main/java/sample/SessionServlet.java
+[source,java]
+----
+include::{samples-dir}javaconfig/gemfire-clientserver/src/main/java/sample/SessionServlet.java[tags=class]
+----
+
+Instead of using Tomcat's `HttpSession`, we are actually persisting the values in GemFire.
+Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
+Go ahead and view the cookies (click for help with https://developer.chrome.com/devtools/docs/resources#cookies[Chrome]
+or https://getfirebug.com/wiki/index.php/Cookies_Panel#Cookies_List[Firefox]).
+
+NOTE: The following instructions assume you have a local GemFire installation.  For more information on installation,
+see https://gemfire.docs.pivotal.io/docs-gemfire/latest/getting_started/installation/install_intro.html[Installing Pivotal GemFire].
+
+If you like, you can easily remove the session using `gfsh`. For example, on a Linux-based system type the following
+at the command-line:
+
+	$ gfsh
+
+Then, enter the following commands in _Gfsh_ ensuring to replace `70002719-3c54-4c20-82c3-e7faa6b718f3` with the value
+of your SESSION cookie, or the session ID returned by the GemFire OQL query (which should match):
+
+....
+gfsh>connect --jmx-manager=localhost[1099]
+
+gfsh>query --query='SELECT * FROM /ClusteredSpringSessions.keySet'
+
+Result     : true
+startCount : 0
+endCount   : 20
+Rows       : 1
+
+Result
+------------------------------------
+70002719-3c54-4c20-82c3-e7faa6b718f3
+
+NEXT_STEP_NAME : END
+
+gfsh>remove --region=/ClusteredSpringSessions --key="70002719-3c54-4c20-82c3-e7faa6b718f3"
+....
+
+NOTE: The _GemFire User Guide_ has more detailed instructions on using https://gemfire.docs.pivotal.io/docs-gemfire/latest/tools_modules/gfsh/chapter_overview.html[gfsh].
+
+Now visit the application at http://localhost:8080/ again and observe that the attribute we added is no longer displayed.
+
+Alternatively, you can wait **30 seconds** for the session to expire and timeout, and then refresh the page.  The attribute
+we added should no longer be displayed in the table. However, keep in mind, that by refreshing the page, you will inadvertently
+create a new (empty) session.  If you run the query again, you will also see two session IDs, the new and the old,
+since GemFire keeps a "tombstone" of the old session around.
--- a/docs/src/docs/asciidoc/guides/java-gemfire-p2p.adoc
+++ b/docs/src/docs/asciidoc/guides/java-gemfire-p2p.adoc
@@ -0,0 +1,209 @@
+= Spring Session - HttpSession with GemFire P2P (Quick Start)
+John Blum, Rob Winch
+:toc:
+
+This guide describes how to configure Pivotal GemFire as a provider in Spring Session to transparently back
+a web application's `HttpSession` using Java Configuration.
+
+NOTE: The completed guide can be found in the <<httpsession-gemfire-p2p-java-sample-app,HttpSession with GemFire (P2P) Sample Application>>.
+
+== Updating Dependencies
+Before using Spring Session, you must ensure that the required dependencies are included.
+If you are using Maven, include the following `dependencies` in your _pom.xml_:
+
+.pom.xml
+[source,xml]
+[subs="verbatim,attributes"]
+----
+<dependencies>
+	<!-- ... -->
+
+	<dependency>
+		<groupId>org.springframework.session</groupId>
+		<artifactId>spring-session-data-gemfire</artifactId>
+		<version>{spring-session-version}</version>
+		<type>pom</type>
+	</dependency>
+	<dependency>
+		<groupId>org.springframework</groupId>
+		<artifactId>spring-web</artifactId>
+		<version>{spring-version}</version>
+	</dependency>
+</dependencies>
+----
+
+ifeval::["{version-snapshot}" == "true"]
+Since we are using a SNAPSHOT version, we need to add the Spring Snapshot Maven Repository.
+If you are using Maven, include the following `repository` declaration in your _pom.xml_:
+
+.pom.xml
+[source,xml]
+----
+<repositories>
+	<!-- ... -->
+
+	<repository>
+		<id>spring-snapshot</id>
+		<url>https://repo.spring.io/libs-snapshot</url>
+	</repository>
+</repositories>
+----
+endif::[]
+
+ifeval::["{version-milestone}" == "true"]
+Since we are using a Milestone version, we need to add the Spring Milestone Maven Repository.
+If you are using Maven, include the following `repository` declaration in your _pom.xml_:
+
+.pom.xml
+[source,xml]
+----
+<repositories>
+	<!-- ... -->
+
+	<repository>
+		<id>spring-milestone</id>
+		<url>https://repo.spring.io/libs-milestone</url>
+	</repository>
+</repositories>
+----
+endif::[]
+
+// tag::config[]
+[[httpsession-spring-java-configuration]]
+== Spring Java Configuration
+
+After adding the required dependencies and repository declarations, we can create our Spring configuration.
+The Spring configuration is responsible for creating a Servlet Filter that replaces the `HttpSession`
+with an implementation backed by Spring Session and GemFire.
+
+Add the following Spring Configuration:
+
+[source,java]
+----
+include::{samples-dir}javaconfig/gemfire-p2p/src/main/java/sample/Config.java[tags=class]
+----
+
+<1> The `@EnableGemFireHttpSession` annotation creates a Spring bean named `springSessionRepositoryFilter` that
+implements `Filter`. The filter is what replaces the `HttpSession` with an implementation backed by Spring Session.
+In this instance, Spring Session is backed by GemFire.
+<2> Then, we configure a GemFire peer cache using standard GemFire System properties.  We give the GemFire data node
+a name using the `name` property and set `mcast-port` to 0.  With the absence of a `locators` property, this data node
+will be a standalone server. GemFire's `log-level` is set using an application-specific System property (`sample.httpsession.gemfire.log-level`)
+that a user can specify on the command-line when running this sample application using either Maven or Gradle (default is "_warning_").
+<3> Finally, we create an instance of the GemFire peer cache that embeds GemFire in the same JVM process as the running
+Spring Session sample application.
+
+TIP: Additionally, we have configured this data node (server) as a GemFire Manager as well using GemFire-specific
+JMX System properties that enable JMX client (e.g. _Gfsh_) to connect to this running data node.
+
+NOTE: For more information on configuring _Spring Data GemFire_, refer to the https://docs.spring.io/spring-data-gemfire/docs/current/reference/html/[reference guide].
+
+The `@EnableGemFireHttpSession` annotation enables a developer to configure certain aspects of Spring Session
+and GemFire out-of-the-box using the following attributes:
+
+* `maxInactiveIntervalInSeconds` - controls HttpSession idle-timeout expiration (defaults to **30 minutes**).
+* `regionName` - specifies the name of the GemFire Region used to store `HttpSession` state (defaults is "_ClusteredSpringSessions_").
+* `serverRegionShort` - specifies GemFire https://gemfire.docs.pivotal.io/docs-gemfire/latest/developing/management_all_region_types/chapter_overview.html[data management policies]
+with a GemFire https://gemfire.docs.pivotal.io/docs-gemfire/latest/javadocs/japi/com/gemstone/gemfire/cache/RegionShortcut.html[RegionShortcut]
+(default is `PARTITION`).
+
+NOTE: `clientRegionShort` is ignored in a peer cache configuration and only applies when a client-server topology,
+and more specifically, a GemFire client cache is used.
+
+== Java Servlet Container Initialization
+
+Our <<httpsession-spring-java-configuration,Spring Java Configuration>> created a Spring bean named `springSessionRepositoryFilter`
+that implements `Filter`. The `springSessionRepositoryFilter` bean is responsible for replacing the `HttpSession`
+with a custom implementation backed by Spring Session and GemFire.
+
+In order for our `Filter` to do its magic, Spring needs to load our `Config` class. We also need to ensure our
+Servlet Container (i.e. Tomcat) uses our `springSessionRepositoryFilter` for every request. Fortunately, Spring Session
+provides a utility class named `AbstractHttpSessionApplicationInitializer` to make both of these steps extremely easy.
+
+You can find an example below:
+
+.src/main/java/sample/Initializer.java
+[source,java]
+----
+include::{samples-dir}javaconfig/gemfire-p2p/src/main/java/sample/Initializer.java[tags=class]
+----
+
+NOTE: The name of our class (`Initializer`) does not matter. What is important is that we extend `AbstractHttpSessionApplicationInitializer`.
+
+<1> The first step is to extend `AbstractHttpSessionApplicationInitializer`.
+This ensures that a Spring bean named `springSessionRepositoryFilter` is registered with our Servlet Container
+and used for every request.
+<2> `AbstractHttpSessionApplicationInitializer` also provides a mechanism to easily allow Spring to load our `Config`.
+// end::config[]
+
+[[httpsession-gemfire-p2p-java-sample-app]]
+== HttpSession with GemFire (P2P) Sample Application
+
+
+=== Running the httpsession-gemfire-p2p Sample Application
+
+You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
+
+----
+$ ./gradlew :samples:httpsession-gemfire-p2p:tomcatRun [-Dsample.httpsession.gemfire.log-level=info]
+----
+
+You should now be able to access the application at http://localhost:8080/
+
+=== Exploring the httpsession-gemfire-p2p Sample Application
+
+Try using the application. Fill out the form with the following information:
+
+* **Attribute Name:** _username_
+* **Attribute Value:** _john_
+
+Now click the **Set Attribute** button. You should now see the values displayed in the table.
+
+=== How does it work?
+
+We interact with the standard `HttpSession` in the `SessionServlet` shown below:
+
+.src/main/java/sample/SessionServlet.java
+[source,java]
+----
+include::{samples-dir}javaconfig/gemfire-p2p/src/main/java/sample/SessionServlet.java[tags=class]
+----
+
+Instead of using Tomcat's `HttpSession`, we are actually persisting the values in GemFire.
+Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
+Go ahead and view the cookies (click for help with https://developer.chrome.com/devtools/docs/resources#cookies[Chrome]
+or https://getfirebug.com/wiki/index.php/Cookies_Panel#Cookies_List[Firefox]).
+
+NOTE: The following instructions assume you have a local GemFire installation.  For more information on installation,
+see https://gemfire.docs.pivotal.io/docs-gemfire/latest/getting_started/installation/install_intro.html[Installing Pivotal GemFire].
+
+If you like, you can easily remove the session using `gfsh`. For example, on a Linux-based system type the following
+at the command-line:
+
+	$ gfsh
+
+Then, enter the following into _Gfsh_ ensuring to replace `70002719-3c54-4c20-82c3-e7faa6b718f3` with the value
+of your SESSION cookie, or the session ID returned by the GemFire OQL query (which should match):
+
+....
+gfsh>connect --jmx-manager=localhost[1099]
+
+gfsh>query --query='SELECT * FROM /ClusteredSpringSessions.keySet'
+
+Result     : true
+startCount : 0
+endCount   : 20
+Rows       : 1
+
+Result
+------------------------------------
+70002719-3c54-4c20-82c3-e7faa6b718f3
+
+NEXT_STEP_NAME : END
+
+gfsh>remove --region=/ClusteredSpringSessions --key="70002719-3c54-4c20-82c3-e7faa6b718f3"
+....
+
+NOTE: The _GemFire User Guide_ has more detailed instructions on using https://gemfire.docs.pivotal.io/docs-gemfire/latest/tools_modules/gfsh/chapter_overview.html[gfsh].
+
+Now visit the application at http://localhost:8080/ and observe that the attribute we added is no longer displayed.
--- a/docs/src/docs/asciidoc/guides/java-hazelcast.adoc
+++ b/docs/src/docs/asciidoc/guides/java-hazelcast.adoc
@@ -26,7 +26,7 @@ If you are using Maven, ensure to add the following dependencies:
 	<dependency>
 		<groupId>org.springframework</groupId>
 		<artifactId>spring-web</artifactId>
-		<version>{spring-framework-version}</version>
+		<version>{spring-version}</version>
 	</dependency>
 </dependencies>
 ----
@@ -85,7 +85,7 @@ In this instance Spring Session is backed by Hazelcast.
 Spring Session provides `PrincipalNameExtractor` for this purpose.
 <3> We create a `HazelcastInstance` that connects Spring Session to Hazelcast.
 By default, an embedded instance of Hazelcast is started and connected to by the application.
-For more information on configuring Hazelcast, refer to the http://docs.hazelcast.org/docs/{hazelcast-version}/manual/html-single/index.html#hazelcast-configuration[reference documentation].
+For more information on configuring Hazelcast, refer to the https://docs.hazelcast.org/docs/latest/manual/html-single/index.html#hazelcast-configuration[reference documentation].

 == Servlet Container Initialization

@@ -130,11 +130,11 @@ You can run the sample by obtaining the {download-url}[source code] and invoking
 ====
 Hazelcast will run in embedded mode with your application by default, but if you want to connect
 to a stand alone instance instead, you can configure it by following the instructions in the
-http://docs.hazelcast.org/docs/{hazelcast-version}/manual/html-single/index.html#hazelcast-configuration[reference documentation].
+https://docs.hazelcast.org/docs/latest/manual/html-single/index.html#hazelcast-configuration[reference documentation].
 ====

 ----
-$ ./gradlew :spring-session-sample-javaconfig-hazelcast:tomcatRun
+$ ./gradlew :samples:hazelcast-spring:tomcatRun
 ----

 You should now be able to access the application at http://localhost:8080/
@@ -157,13 +157,13 @@ Spring Session replaces the `HttpSession` with an implementation that is backed
 When Spring Security's `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession` it is then persisted into Hazelcast.

 When a new `HttpSession` is created, Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
-Go ahead and view the cookies (click for help with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
+Go ahead and view the cookies (click for help with https://developer.chrome.com/devtools/docs/resources#cookies[Chrome] or https://getfirebug.com/wiki/index.php/Cookies_Panel#Cookies_List[Firefox]).

 === Interact with the data store

-If you like, you can remove the session using http://docs.hazelcast.org/docs/{hazelcast-version}/manual/html-single/index.html#hazelcast-java-client[a Java client],
-http://docs.hazelcast.org/docs/{hazelcast-version}/manual/html-single/index.html#other-client-implementations[one of the other clients], or the
-http://docs.hazelcast.org/docs/{hazelcast-version}/manual/html-single/index.html#management-center[management center].
+If you like, you can remove the session using https://docs.hazelcast.org/docs/latest/manual/html-single/index.html#hazelcast-java-client[a Java client],
+https://docs.hazelcast.org/docs/latest/manual/html-single/index.html#other-client-implementations[one of the other clients], or the
+https://docs.hazelcast.org/docs/latest/manual/html-single/index.html#management-center[management center].

 ==== Using the console

@@ -172,7 +172,7 @@ For example, using the management center console after connecting to your Hazelc
 	default> ns spring:session:sessions
 	spring:session:sessions> m.clear

-TIP: The Hazelcast documentation has instructions for http://docs.hazelcast.org/docs/{hazelcast-version}/manual/html-single/index.html#executing-console-commands[the console].
+TIP: The Hazelcast documentation has instructions for https://docs.hazelcast.org/docs/latest/manual/html-single/index.html#executing-console-commands[the console].

 Alternatively, you can also delete the explicit key. Enter the following into the console ensuring to replace `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your SESSION cookie:

@@ -183,7 +183,7 @@ Now visit the application at http://localhost:8080/ and observe that we are no l
 ==== Using the REST API

 As described in the other clients section of the documentation, there is a 
-http://docs.hazelcast.org/docs/{hazelcast-version}/manual/html-single/index.html#rest-client[REST API]
+https://docs.hazelcast.org/docs/latest/manual/html-single/index.html#rest-client[REST API]
 provided by the Hazelcast node(s).

 For example, you could delete an individual key as follows (replacing `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your SESSION cookie):
--- a/docs/src/docs/asciidoc/guides/java-jdbc.adoc
+++ b/docs/src/docs/asciidoc/guides/java-jdbc.adoc
@@ -26,7 +26,7 @@ If you are using Maven, ensure to add the following dependencies:
 	<dependency>
 		<groupId>org.springframework</groupId>
 		<artifactId>spring-web</artifactId>
-		<version>{spring-framework-version}</version>
+		<version>{spring-version}</version>
 	</dependency>
 </dependencies>
 ----
@@ -85,7 +85,7 @@ In this instance Spring Session is backed by a relational database.
 We configure the H2 database to create database tables using the SQL script which is included in Spring Session.
 <3> We create a `transactionManager` that manages transactions for previously configured `dataSource`.

-For additional information on how to configure data access related concerns, please refer to the https://docs.spring.io/spring/docs/{spring-framework-version}/spring-framework-reference/data-access.html[Spring Framework Reference Documentation].
+For additional information on how to configure data access related concerns, please refer to the https://docs.spring.io/spring/docs/current/spring-framework-reference/html/spring-data-tier.html[Spring Framework Reference Documentation].

 == Java Servlet Container Initialization

@@ -119,7 +119,7 @@ This ensures that the Spring Bean by the name `springSessionRepositoryFilter` is
 You can run the sample by obtaining the {download-url}[source code] and invoking the following command:

 ----
-$ ./gradlew :spring-session-sample-javaconfig-jdbc:tomcatRun
+$ ./gradlew :samples:httpsession-jdbc:tomcatRun
 ----

 You should now be able to access the application at http://localhost:8080/
@@ -145,7 +145,7 @@ include::{samples-dir}javaconfig/jdbc/src/main/java/sample/SessionServlet.java[t

 Instead of using Tomcat's `HttpSession`, we are actually persisting the values in H2 database.
 Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
-Go ahead and view the cookies (click for help with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
+Go ahead and view the cookies (click for help with https://developer.chrome.com/devtools/docs/resources#cookies[Chrome] or https://getfirebug.com/wiki/index.php/Cookies_Panel#Cookies_List[Firefox]).

 If you like, you can easily remove the session using H2 web console available at: http://localhost:8080/h2-console/ (use `jdbc:h2:mem:testdb` for JDBC URL)

--- a/docs/src/docs/asciidoc/guides/java-redis.adoc
+++ b/docs/src/docs/asciidoc/guides/java-redis.adoc
@@ -24,14 +24,14 @@ If you are using Maven, ensure to add the following dependencies:
 		<type>pom</type>
 	</dependency>
 	<dependency>
-		<groupId>io.lettuce</groupId>
-		<artifactId>lettuce-core</artifactId>
+		<groupId>biz.paluch.redis</groupId>
+		<artifactId>lettuce</artifactId>
 		<version>{lettuce-version}</version>
 	</dependency>
 	<dependency>
 		<groupId>org.springframework</groupId>
 		<artifactId>spring-web</artifactId>
-		<version>{spring-framework-version}</version>
+		<version>{spring-version}</version>
 	</dependency>
 </dependencies>
 ----
@@ -88,7 +88,7 @@ The filter is what is in charge of replacing the `HttpSession` implementation to
 In this instance Spring Session is backed by Redis.
 <2> We create a `RedisConnectionFactory` that connects Spring Session to the Redis Server.
 We configure the connection to connect to localhost on the default port (6379)
-For more information on configuring Spring Data Redis, refer to the https://docs.spring.io/spring-data/data-redis/docs/{spring-data-redis-version}/reference/html/[reference documentation].
+For more information on configuring Spring Data Redis, refer to the https://docs.spring.io/spring-data/data-redis/docs/current/reference/html/[reference documentation].

 == Java Servlet Container Initialization

@@ -126,12 +126,11 @@ You can run the sample by obtaining the {download-url}[source code] and invoking
 [NOTE]
 ====
 For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
-Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
-Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
+Alternatively, you can update the `LettuceConnectionFactory` to point to a Redis server.
 ====

 ----
-$ ./gradlew :spring-session-sample-javaconfig-redis:tomcatRun
+$ ./gradlew :samples:httpsession:tomcatRun
 ----

 You should now be able to access the application at http://localhost:8080/
@@ -157,7 +156,7 @@ include::{samples-dir}javaconfig/redis/src/main/java/sample/SessionServlet.java[

 Instead of using Tomcat's `HttpSession`, we are actually persisting the values in Redis.
 Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
-Go ahead and view the cookies (click for help with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
+Go ahead and view the cookies (click for help with https://developer.chrome.com/devtools/docs/resources#cookies[Chrome] or https://getfirebug.com/wiki/index.php/Cookies_Panel#Cookies_List[Firefox]).

 If you like, you can easily remove the session using redis-cli. For example, on a Linux based system you can type:

--- a/docs/src/docs/asciidoc/guides/java-rest.adoc
+++ b/docs/src/docs/asciidoc/guides/java-rest.adoc
@@ -24,14 +24,14 @@ If you are using Maven, ensure to add the following dependencies:
 		<type>pom</type>
 	</dependency>
 	<dependency>
-		<groupId>io.lettuce</groupId>
-		<artifactId>lettuce-core</artifactId>
+		<groupId>biz.paluch.redis</groupId>
+		<artifactId>lettuce</artifactId>
 		<version>{lettuce-version}</version>
 	</dependency>
 	<dependency>
 		<groupId>org.springframework</groupId>
 		<artifactId>spring-web</artifactId>
-		<version>{spring-framework-version}</version>
+		<version>{spring-version}</version>
 	</dependency>
 </dependencies>
 ----
@@ -88,7 +88,7 @@ The filter is what is in charge of replacing the `HttpSession` implementation to
 In this instance Spring Session is backed by Redis.
 <2> We create a `RedisConnectionFactory` that connects Spring Session to the Redis Server.
 We configure the connection to connect to localhost on the default port (6379)
-For more information on configuring Spring Data Redis, refer to the https://docs.spring.io/spring-data/data-redis/docs/{spring-data-redis-version}/reference/html/[reference documentation].
+For more information on configuring Spring Data Redis, refer to the https://docs.spring.io/spring-data/data-redis/docs/current/reference/html/[reference documentation].
 <3> We customize Spring Session's HttpSession integration to use HTTP headers to convey the current session information instead of cookies.

 == Servlet Container Initialization
@@ -127,12 +127,11 @@ You can run the sample by obtaining the {download-url}[source code] and invoking
 [NOTE]
 ====
 For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
-Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
-Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
+Alternatively, you can update the `LettuceConnectionFactory` to point to a Redis server.
 ====

 ----
-$ ./gradlew :spring-session-sample-javaconfig-rest:tomcatRun
+$ ./gradlew :samples:rest:tomcatRun
 ----

 You should now be able to access the application at http://localhost:8080/
--- a/docs/src/docs/asciidoc/guides/java-security.adoc
+++ b/docs/src/docs/asciidoc/guides/java-security.adoc
@@ -25,14 +25,14 @@ If you are using Maven, ensure to add the following dependencies:
 		<type>pom</type>
 	</dependency>
 	<dependency>
-		<groupId>io.lettuce</groupId>
-		<artifactId>lettuce-core</artifactId>
+		<groupId>biz.paluch.redis</groupId>
+		<artifactId>lettuce</artifactId>
 		<version>{lettuce-version}</version>
 	</dependency>
 	<dependency>
 		<groupId>org.springframework</groupId>
 		<artifactId>spring-web</artifactId>
-		<version>{spring-framework-version}</version>
+		<version>{spring-version}</version>
 	</dependency>
 </dependencies>
 ----
@@ -87,7 +87,7 @@ The filter is what is in charge of replacing the `HttpSession` implementation to
 In this instance Spring Session is backed by Redis.
 <2> We create a `RedisConnectionFactory` that connects Spring Session to the Redis Server.
 We configure the connection to connect to localhost on the default port (6379)
-For more information on configuring Spring Data Redis, refer to the https://docs.spring.io/spring-data/data-redis/docs/{spring-data-redis-version}/reference/html/[reference documentation].
+For more information on configuring Spring Data Redis, refer to the https://docs.spring.io/spring-data/data-redis/docs/current/reference/html/[reference documentation].

 == Servlet Container Initialization

@@ -131,12 +131,11 @@ You can run the sample by obtaining the {download-url}[source code] and invoking
 [NOTE]
 ====
 For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
-Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
-Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
+Alternatively, you can update the `LettuceConnectionFactory` to point to a Redis server.
 ====

 ----
-$ ./gradlew :spring-session-sample-javaconfig-security:tomcatRun
+$ ./gradlew :samples:security:tomcatRun
 ----

 You should now be able to access the application at http://localhost:8080/
@@ -159,7 +158,7 @@ Spring Session replaces the `HttpSession` with an implementation that is backed
 When Spring Security's `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession` it is then persisted into Redis.

 When a new `HttpSession` is created, Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
-Go ahead and view the cookies (click for help with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
+Go ahead and view the cookies (click for help with https://developer.chrome.com/devtools/docs/resources#cookies[Chrome] or https://getfirebug.com/wiki/index.php/Cookies_Panel#Cookies_List[Firefox]).

 If you like, you can easily remove the session using redis-cli. For example, on a Linux based system you can type:

--- a/docs/src/docs/asciidoc/guides/java-users.adoc
+++ b/docs/src/docs/asciidoc/guides/java-users.adoc
@@ -0,0 +1,161 @@
+= Spring Session - Multiple Sessions
+Rob Winch
+:toc:
+
+This guide describes how to use Spring Session to manage multiple simultaneous browser sessions (i.e Google Accounts).
+
+== Integrating with Spring Session
+
+The steps to integrate with Spring Session are exactly the same as those outline in the link:httpsession.html[HttpSession Guide], so we will skip to running the sample application.
+
+[[users-sample]]
+== users Sample Application
+
+The users application demonstrates how to allow an application to manage multiple simultaneous browser sessions (i.e. Google Accounts).
+
+=== Running the users Sample Application
+
+You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
+
+[NOTE]
+====
+For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
+Alternatively, you can update the `LettuceConnectionFactory` to point to a Redis server.
+====
+
+----
+$ ./gradlew :samples:users:tomcatRun
+----
+
+You should now be able to access the application at http://localhost:8080/
+
+=== Exploring the users Sample Application
+
+Try using the application. Authenticate with the following information:
+
+* **Username** _rob_
+* **Password** _rob_
+
+Now click the **Login** button. You should now be authenticated as the user **rob**.
+
+We can click on links and our user information is preserved.
+
+* Click on the **Link** link in the navigation bar at the top
+* Observe we are still authenticated as **rob**
+
+Let's add an another account.
+
+* Return to the *Home* page
+* Click on the arrow next to *rob* in the upper right hand corner
+* Click **Add Account**
+
+The log in form is displayed again. Authenticate with the following information:
+
+* **Username** _luke_
+* **Password** _luke_
+
+Now click the **Login** button. You should now be authenticated as the user **luke**.
+
+We can click on links and our user information is preserved.
+
+* Click on the **Link** link in the navigation bar at the top
+* Observe we are still authenticated as **luke**
+
+Where did our original user go? Let's switch to our original account.
+
+* Click on the arrow next to *luke* in the upper right hand corner.
+* Click on **Switch Account** -> *rob*
+
+We are now using the session associated with *rob*.
+
+== How does it work?
+
+// tag::how-does-it-work[]
+
+Let's take a look at how Spring Session keeps track of multiple sessions.
+
+=== Managing a Single Session
+
+Spring Session keeps track of the `HttpSession` by adding a value to a cookie named SESSION.
+For example, the SESSION cookie might have a value of:
+
+	7e8383a4-082c-4ffe-a4bc-c40fd3363c5e
+
+=== Adding a Session
+
+We can add another session by requesting a URL that contains a special parameter in it.
+By default the parameter name is *_s*. For example, the following URL would create a new session:
+
+http://localhost:8080/?_s=1
+
+NOTE: The parameter value does not indicate the actual session id.
+This is important because we never want to allow the session id to be determined by a client to avoid https://www.owasp.org/index.php/Session_fixation[session fixation attacks].
+Additionally, we do not want the session id to be leaked since it is sent as a query parameter.
+Remember sensitive information should only be transmitted as a header or in the body of the request.
+
+Rather than creating the URL ourselves, we can utilize the `HttpSessionManager` to do this for us.
+We can obtain the `HttpSessionManager` from the `HttpServletRequest` using the following:
+
+.src/main/java/sample/UserAccountsFilter.java
+[source,java,indent=0]
+----
+include::{samples-dir}javaconfig/users/src/main/java/sample/UserAccountsFilter.java[tags=HttpSessionManager]
+----
+
+We can now use it to create a URL to add another session.
+
+.src/main/java/sample/UserAccountsFilter.java
+[source,java,indent=0]
+----
+include::{samples-dir}javaconfig/users/src/main/java/sample/UserAccountsFilter.java[tags=addAccountUrl]
+----
+
+<1> We have an existing variable named `unauthenticatedAlias`.
+The value is an alias that points to an existing unauthenticated session.
+If no such session exists, the value is null.
+This ensures if we have an existing unauthenticated session that we use it instead of creating a new session.
+<2> If all of our sessions are already associated to a user, we create a new session alias.
+<3> If there is an existing session that is not associated to a user, we use its session alias.
+<4> Finally, we create the add account URL.
+The URL contains a session alias that either points to an existing unauthenticated session or is an alias that is unused thus signaling to create a new session associated to that alias.
+
+Now our SESSION cookie looks something like this:
+
+	0 7e8383a4-082c-4ffe-a4bc-c40fd3363c5e 1 1d526d4a-c462-45a4-93d9-84a39b6d44ad
+
+Such that:
+
+* There is a session with the id *7e8383a4-082c-4ffe-a4bc-c40fd3363c5e*
+** The alias for this session is  *0*.
+For example, if the URL is http://localhost:8080/?_s=0 this alias would be used.
+** This is the default session.
+This means that if no session alias is specified, then this session is used.
+For example, if the URL is http://localhost:8080/ this session would be used.
+* There is a session with the id *1d526d4a-c462-45a4-93d9-84a39b6d44ad*
+** The alias for this session is *1*.
+If the session alias is *1*, then this session is used.
+For example, if the URL is http://localhost:8080/?_s=1 this alias would be used.
+
+=== Automatic Session Alias Inclusion with encodeURL
+
+The nice thing about specifying the session alias in the URL is that we can have multiple tabs open with different active sessions.
+The bad thing is that we need to include the session alias in every URL of our application.
+Fortunately, Spring Session will automatically include the session alias in any URL that passes through https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletResponse.html#encodeURL(java.lang.String)[HttpServletResponse#encodeURL(java.lang.String)]
+
+This means that if you are using standard tag libraries the session alias is automatically included in the URL.
+For example, if we are currently using the session with the alias of *1*, then the following:
+
+.src/main/webapp/index.jsp
+[source,xml,indent=0]
+----
+include::{samples-dir}javaconfig/users/src/main/webapp/index.jsp[tags=link]
+----
+
+will output a link of:
+
+[source,html]
+----
+<a id="navLink" href="/link.jsp?_s=1">Link</a>
+----
+
+// end::how-does-it-work[]
--- a/docs/src/docs/asciidoc/guides/xml-gemfire-clientserver.adoc
+++ b/docs/src/docs/asciidoc/guides/xml-gemfire-clientserver.adoc
@@ -0,0 +1,273 @@
+= Spring Session - HttpSession with GemFire Client/Server using XML (Quick Start)
+John Blum
+:toc:
+
+This guide describes how to configure Spring Session to transparently leverage Pivotal GemFire to back a web application's
+`HttpSession` using XML Configuration.
+
+NOTE: The completed guide can be found in the <<httpsession-gemfire-clientserver-xml-sample-app,HttpSession with GemFire (Client/Server) using XML Sample Application>>.
+
+== Updating Dependencies
+Before using Spring Session, you must ensure that the required dependencies are included.
+If you are using Maven, include the following `dependencies` in your _pom.xml_:
+
+.pom.xml
+[source,xml]
+[subs="verbatim,attributes"]
+----
+<dependencies>
+	<!-- ... -->
+
+	<dependency>
+		<groupId>org.springframework.session</groupId>
+		<artifactId>spring-session-data-gemfire</artifactId>
+		<version>{spring-session-version}</version>
+		<type>pom</type>
+	</dependency>
+	<dependency>
+		<groupId>org.springframework</groupId>
+		<artifactId>spring-web</artifactId>
+		<version>{spring-version}</version>
+	</dependency>
+</dependencies>
+----
+
+ifeval::["{version-snapshot}" == "true"]
+Since we are using a SNAPSHOT version, we need to add the Spring Snapshot Maven Repository.
+If you are using Maven, include the following `repository` declaration in your _pom.xml_:
+
+.pom.xml
+[source,xml]
+----
+<repositories>
+	<!-- ... -->
+
+	<repository>
+		<id>spring-snapshot</id>
+		<url>https://repo.spring.io/libs-snapshot</url>
+	</repository>
+</repositories>
+----
+endif::[]
+
+ifeval::["{version-milestone}" == "true"]
+Since we are using a Milestone version, we need to add the Spring Milestone Maven Repository.
+If you are using Maven, include the following `repository` declaration in your _pom.xml_:
+
+.pom.xml
+[source,xml]
+----
+<repositories>
+	<!-- ... -->
+
+	<repository>
+		<id>spring-milestone</id>
+		<url>https://repo.spring.io/libs-milestone</url>
+	</repository>
+</repositories>
+----
+endif::[]
+
+// tag::config[]
+[[httpsession-spring-xml-configuration]]
+== Spring XML Configuration
+
+After adding the required dependencies and repository declarations, we can create our Spring configuration.
+The Spring configuration is responsible for creating a Servlet Filter that replaces the `HttpSession`
+with an implementation backed by Spring Session and GemFire.
+
+Add the following Spring Configuration:
+
+[source,xml]
+----
+include::{samples-dir}xml/gemfire-clientserver/src/main/webapp/WEB-INF/spring/session-client.xml[tags=beans]
+----
+
+<1> Spring annotation configuration support is enabled with `<context:annotation-config/>` element so that any
+Spring beans declared in the XML config that are annotated with either Spring or Standard Java annotations supported
+by Spring will be configured appropriately.
+<2> The `META-INF/spring/application.properties` file are used along with the `PropertySourcesPlaceholderConfigurer`
+bean to replace placeholders in the Spring XML configuration meta-data with the approrpriate property values.
+<3> Then the `GemFireCacheSeverReadyBeanPostProcessor`is registered to determine whether a GemFire Server
+at the designated host/port is running and listening for client connections, blocking client startup until
+the server is available and ready.
+<4> Next, we include a `Properties` bean to configure certain aspects of the GemFire client cache using
+https://gemfire.docs.pivotal.io/docs-gemfire/reference/topics/gemfire_properties.html[GemFire's System Properties].
+In this case, we are just setting GemFire's `log-level` from a application-specific System property, defaulting
+to `warning` if unspecified.
+<5> Then we create a instance of a GemFire `ClientCache` initialized with our `gemfireProperties`.
+<6> We configure a Pool of client connections to talk to the GemFire Server in our Client/Server topology.
+In our configuration, we use sensible settings for timeouts, number of connections and so on. Also, our `Pool`
+has been configured to connect directly to a server.
+<7> Finally, the `GemFireHttpSessionConfiguration` is registered to enable Spring Session functionality.
+
+TIP: In typical GemFire deployments, where the cluster includes potentially hundreds of GemFire data nodes (servers),
+it is more common for clients to connect to one or more GemFire Locators running in the cluster. A Locator passes meta-data
+to clients about the servers available, load and which servers have the client's data of interest, which is particularly
+important for single-hop, direct data access.  See more details about the https://gemfire.docs.pivotal.io/docs-gemfire/latest/topologies_and_comm/cs_configuration/chapter_overview.html[Client/Server Topology in GemFire's User Guide].
+
+NOTE: For more information on configuring _Spring Data GemFire_, refer to the https://docs.spring.io/spring-data-gemfire/docs/current/reference/html/[reference guide].
+
+=== Server Configuration
+
+We have only covered one side of the equation.  We also need a GemFire Server for our client to talk to and send
+session state information to the server to manage.
+
+In this sample, we will use the following GemFire Server Java Configuration:
+
+[source,xml]
+----
+include::{samples-dir}xml/gemfire-clientserver/src/main/resources/META-INF/spring/session-server.xml[tags=beans]
+----
+
+<1> First, we enable Spring annotation config support with the `<context:annotation-config>` element so that any
+Spring beans declared in the XML config that are annotated with either Spring or Standard Java annotations supported
+by Spring will be configured appropriately.
+<2> A `PropertySourcesPlaceholderConfigurer` is registered to replace placeholders in our Spring XML configuration
+meta-data with property values in the `META-INF/spring/application.properties` file.
+<3> Next, we configure the GemFire Server using GemFire System Properties very much like our P2P samples.
+With the `mcast-port` set to 0 and no `locators` property specified, our server will be standalone. We also allow a
+JMX client (e.g. _Gfsh_) to connect to our server with the use of the GemFire-specific JMX System properties.
+<4> Then we create an instance of a GemFire peer `Cache` initialized with our GemFire System Properties.
+<5> We also setup a GemFire `CacheServer` instance running on *localhost*, listening to port **11235**,
+ready to accept our client connection.
+<6> Finally, we enable the same Spring Session functionality we used on the client by registering an instance of
+`GemFireHttpSessionConfiguration`, except that we set the session expiration timeout to **30 seconds**.
+We will explain later what this means.
+
+The GemFire Server configuration gets bootstrapped with the following:
+
+[source,java]
+----
+include::{samples-dir}xml/gemfire-clientserver/src/main/java/sample/Application.java[tags=class]
+----
+
+TIP: Instead of a simple Java class with a main method, you could also use _Spring Boot_.
+
+<1> The `@Configuration` annotation designates this Java class as a source for Spring configuration meta-data using
+Spring's annotation configuration support.
+<2> Primarily, the configuration comes from the `META-INF/spring/session-server.xml` file, which is also the reason
+why _Spring Boot_ was not used in this sample, since using XML seemingly defeats the purpose and benefits
+of using Spring Boot. However, this sample is about demonstrating how to use Spring XML to configure
+the GemFire client and server.
+
+== XML Servlet Container Initialization
+
+Our <<httpsession-spring-xml-configuration,Spring XML Configuration>> created a Spring bean named `springSessionRepositoryFilter`
+that implements `Filter`. The `springSessionRepositoryFilter` bean is responsible for replacing the `HttpSession` with
+a custom implementation that is backed by Spring Session and GemFire.
+
+In order for our `Filter` to do its magic, we need to instruct Spring to load our `session-client.xml` configuration file.
+We do this with the following configuration:
+
+.src/main/webapp/WEB-INF/web.xml
+[source,xml,indent=0]
+----
+include::{samples-dir}xml/gemfire-clientserver/src/main/webapp/WEB-INF/web.xml[tags=context-param]
+include::{samples-dir}xml/gemfire-clientserver/src/main/webapp/WEB-INF/web.xml[tags=listeners]
+----
+
+The https://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle/#context-create[ContextLoaderListener]
+reads the `contextConfigLocation` context parameter value and picks up our _session-client.xml_ configuration file.
+
+Finally, we need to ensure that our Servlet Container (i.e. Tomcat) uses our `springSessionRepositoryFilter`
+for every request.
+
+The following snippet performs this last step for us:
+
+.src/main/webapp/WEB-INF/web.xml
+[source,xml,indent=0]
+----
+include::{samples-dir}xml/gemfire-clientserver/src/main/webapp/WEB-INF/web.xml[tags=springSessionRepositoryFilter]
+----
+
+The https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/web/filter/DelegatingFilterProxy.html[DelegatingFilterProxy]
+will look up a bean by the name of `springSessionRepositoryFilter` and cast it to a `Filter`. For every request that `DelegatingFilterProxy`
+is invoked, the `springSessionRepositoryFilter` will be invoked.
+// end::config[]
+
+[[httpsession-gemfire-clientserver-xml-sample-app]]
+== HttpSession with GemFire (Client/Server) using XML Sample Application
+
+
+=== Running the httpsession-gemfire-clientserver-xml Sample Application
+
+You can run the sample by obtaining the {download-url}[source code] and invoking the following commands.
+
+First, you need to run the server using:
+
+----
+$ ./gradlew :samples:httpsession-gemfire-clientserver-xml:run [-Dsample.httpsession.gemfire.log-level=info]
+----
+
+Now, in a separate terminal, you can run the client using:
+
+----
+$ ./gradlew :samples:httpsession-gemfire-clientserver-xml:tomcatRun [-Dsample.httpsession.gemfire.log-level=info]
+----
+
+You should now be able to access the application at http://localhost:8080/.  In this sample, the web application
+is the client cache and the server is standalone.
+
+=== Exploring the httpsession-gemfire-clientserver-xml Sample Application
+
+Try using the application. Fill out the form with the following information:
+
+* **Attribute Name:** _username_
+* **Attribute Value:** _john_
+
+Now click the **Set Attribute** button. You should now see the values displayed in the table.
+
+=== How does it work?
+
+We interact with the standard `HttpSession` in the `SessionServlet` shown below:
+
+.src/main/java/sample/SessionServlet.java
+[source,java]
+----
+include::{samples-dir}xml/gemfire-clientserver/src/main/java/sample/SessionServlet.java[tags=class]
+----
+
+Instead of using Tomcat's `HttpSession`, we are actually persisting the values in GemFire.
+Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
+Go ahead and view the cookies (click for help with https://developer.chrome.com/devtools/docs/resources#cookies[Chrome]
+or https://getfirebug.com/wiki/index.php/Cookies_Panel#Cookies_List[Firefox]).
+
+NOTE: The following instructions assume you have a local GemFire installation.  For more information on installation,
+see https://gemfire.docs.pivotal.io/docs-gemfire/latest/getting_started/installation/install_intro.html[Installing Pivotal GemFire].
+
+If you like, you can easily remove the session using `gfsh`. For example, on a Linux-based system type the following
+at the command-line:
+
+	$ gfsh
+
+Then, enter the following commands in _Gfsh_ ensuring to replace `70002719-3c54-4c20-82c3-e7faa6b718f3` with the value
+of your SESSION cookie, or the session ID returned by the GemFire OQL query (which should match):
+
+....
+gfsh>connect --jmx-manager=localhost[1099]
+
+gfsh>query --query='SELECT * FROM /ClusteredSpringSessions.keySet'
+
+Result     : true
+startCount : 0
+endCount   : 20
+Rows       : 1
+
+Result
+------------------------------------
+70002719-3c54-4c20-82c3-e7faa6b718f3
+
+NEXT_STEP_NAME : END
+
+gfsh>remove --region=/ClusteredSpringSessions --key="70002719-3c54-4c20-82c3-e7faa6b718f3"
+....
+
+NOTE: The _GemFire User Guide_ has more detailed instructions on using https://gemfire.docs.pivotal.io/docs-gemfire/latest/tools_modules/gfsh/chapter_overview.html[gfsh].
+
+Now visit the application at http://localhost:8080/ again and observe that the attribute we added is no longer displayed.
+
+Alternatively, you can wait *30 seconds* for the session to timeout (i.e. expire) and refresh the page.  Again, the
+attribute we added should no longer be displayed in the table. However, keep in mind, that by refreshing the page,
+you will inadvertently create a new (empty) session.  If you run the query again, you will also see two session IDs,
+the new and the old, since GemFire keeps a "tombstone" of the old session around.
--- a/docs/src/docs/asciidoc/guides/xml-gemfire-p2p.adoc
+++ b/docs/src/docs/asciidoc/guides/xml-gemfire-p2p.adoc
@@ -0,0 +1,210 @@
+= Spring Session - HttpSession with GemFire P2P using XML (Quick Start)
+John Blum, Rob Winch
+:toc:
+
+This guide describes how to configure Pivotal GemFire as a provider in Spring Session to transparently back
+a web application's `HttpSession` using XML Configuration.
+
+NOTE: The completed guide can be found in the <<httpsession-gemfire-p2p-xml-sample-app,HttpSession with GemFire (P2P) using XML Sample Application>>.
+
+== Updating Dependencies
+Before using Spring Session, you must ensure that the required dependencies are included.
+If you are using Maven, include the following `dependencies` in your _pom.xml_:
+
+.pom.xml
+[source,xml]
+[subs="verbatim,attributes"]
+----
+<dependencies>
+	<!-- ... -->
+
+	<dependency>
+		<groupId>org.springframework.session</groupId>
+		<artifactId>spring-session-data-gemfire</artifactId>
+		<version>{spring-session-version}</version>
+		<type>pom</type>
+	</dependency>
+	<dependency>
+		<groupId>org.springframework</groupId>
+		<artifactId>spring-web</artifactId>
+		<version>{spring-version}</version>
+	</dependency>
+</dependencies>
+----
+
+ifeval::["{version-snapshot}" == "true"]
+Since we are using a SNAPSHOT version, we need to add the Spring Snapshot Maven Repository.
+If you are using Maven, include the following `repository` declaration in your _pom.xml_:
+
+.pom.xml
+[source,xml]
+----
+<repositories>
+	<!-- ... -->
+
+	<repository>
+		<id>spring-snapshot</id>
+		<url>https://repo.spring.io/libs-snapshot</url>
+	</repository>
+</repositories>
+----
+endif::[]
+
+ifeval::["{version-milestone}" == "true"]
+Since we are using a Milestone version, we need to add the Spring Milestone Maven Repository.
+If you are using Maven, include the following `repository` declaration in your _pom.xml_:
+
+.pom.xml
+[source,xml]
+----
+<repositories>
+	<!-- ... -->
+
+	<repository>
+		<id>spring-milestone</id>
+		<url>https://repo.spring.io/libs-milestone</url>
+	</repository>
+</repositories>
+----
+endif::[]
+
+// tag::config[]
+[[httpsession-spring-xml-configuration]]
+== Spring XML Configuration
+
+After adding the required dependencies and repository declarations, we can create our Spring configuration.
+The Spring configuration is responsible for creating a Servlet Filter that replaces the `HttpSession`
+with an implementation backed by Spring Session and GemFire.
+
+Add the following Spring Configuration:
+
+.src/main/webapp/WEB-INF/spring/session.xml
+[source,xml,indent=0]
+----
+include::{samples-dir}xml/gemfire-p2p/src/main/webapp/WEB-INF/spring/session.xml[tags=beans]
+----
+
+<1> We use the combination of `<context:annotation-config/>` and `GemFireHttpSessionConfiguration` because Spring Session
+does not yet provide XML Namespace support (see https://github.com/spring-projects/spring-session/issues/104[gh-104]).
+This creates a Spring bean with the name of `springSessionRepositoryFilter` that implements `Filter`. The filter is what
+replaces the `HttpSession` with an implementation backed by Spring Session.
+In this instance, Spring Session is backed by GemFire.
+<2> Then, we configure a GemFire peer cache using standard GemFire System properties.  We give the GemFire data node
+a name using the `name` property and set `mcast-port` to 0.  With the absence of a `locators` property, this data node
+will be a standalone server. GemFire's `log-level` is set using an application-specific System property
+(`sample.httpsession.gemfire.log-level`) that a user can specify on the command-line when running this application
+using either Maven or Gradle (default is "_warning_").
+<3> Finally, we create an instance of the GemFire peer cache that embeds GemFire in the same JVM process as the running
+Spring Session sample application.
+
+TIP: Additionally, we have configured this data node (server) as a GemFire Manager as well using GemFire-specific
+JMX System properties that enable JMX client (e.g. _Gfsh_) to connect to this running data node.
+
+NOTE: For more information on configuring _Spring Data GemFire_, refer to the https://docs.spring.io/spring-data-gemfire/docs/current/reference/html/[reference guide].
+
+== XML Servlet Container Initialization
+
+Our <<httpsession-spring-xml-configuration,Spring XML Configuration>> created a Spring bean named `springSessionRepositoryFilter`
+that implements `Filter`. The `springSessionRepositoryFilter` bean is responsible for replacing the `HttpSession` with
+a custom implementation that is backed by Spring Session and GemFire.
+
+In order for our `Filter` to do its magic, we need to instruct Spring to load our `session.xml` configuration file.
+We do this with the following configuration:
+
+.src/main/webapp/WEB-INF/web.xml
+[source,xml,indent=0]
+----
+include::{samples-dir}xml/gemfire-p2p/src/main/webapp/WEB-INF/web.xml[tags=context-param]
+include::{samples-dir}xml/gemfire-p2p/src/main/webapp/WEB-INF/web.xml[tags=listeners]
+----
+
+The https://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle/#context-create[ContextLoaderListener]
+reads the `contextConfigLocation` context parameter value and picks up our _session.xml_ configuration file.
+
+Finally, we need to ensure that our Servlet Container (i.e. Tomcat) uses our `springSessionRepositoryFilter`
+for every request.
+
+The following snippet performs this last step for us:
+
+.src/main/webapp/WEB-INF/web.xml
+[source,xml,indent=0]
+----
+include::{samples-dir}xml/gemfire-p2p/src/main/webapp/WEB-INF/web.xml[tags=springSessionRepositoryFilter]
+----
+
+The https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/web/filter/DelegatingFilterProxy.html[DelegatingFilterProxy]
+will look up a bean by the name of `springSessionRepositoryFilter` and cast it to a `Filter`. For every request that `DelegatingFilterProxy`
+is invoked, the `springSessionRepositoryFilter` will be invoked.
+// end::config[]
+
+[[httpsession-gemfire-p2p-xml-sample-app]]
+== HttpSession with GemFire (P2P) using XML Sample Application
+
+
+=== Running the httpsession-gemfire-p2p-xml Sample Application
+
+You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
+
+----
+$ ./gradlew :samples:httpsession-gemfire-p2p-xml:tomcatRun [-Dsample.httpsession.gemfire.log-level=info]
+----
+
+You should now be able to access the application at http://localhost:8080/
+
+=== Exploring the httpsession-gemfire-p2p-xml Sample Application
+
+Try using the application. Fill out the form with the following information:
+
+* **Attribute Name:** _username_
+* **Attribute Value:** _john_
+
+Now click the **Set Attribute** button. You should now see the values displayed in the table.
+
+=== How does it work?
+
+We interact with the standard `HttpSession` in the `SessionServlet` shown below:
+
+.src/main/java/sample/SessionServlet.java
+[source,java]
+----
+include::{samples-dir}xml/gemfire-p2p/src/main/java/sample/SessionServlet.java[tags=class]
+----
+
+Instead of using Tomcat's `HttpSession`, we are actually persisting the values in GemFire.
+Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
+Go ahead and view the cookies (click for help with https://developer.chrome.com/devtools/docs/resources#cookies[Chrome]
+or https://getfirebug.com/wiki/index.php/Cookies_Panel#Cookies_List[Firefox]).
+
+NOTE: The following instructions assume you have a local GemFire installation.  For more information on installation,
+see https://gemfire.docs.pivotal.io/docs-gemfire/latest/getting_started/installation/install_intro.html[Installing Pivotal GemFire].
+
+If you like, you can easily remove the session using `gfsh`. For example, on a Linux-based system type the following
+at the command-line:
+
+	$ gfsh
+
+Then, enter the following into _Gfsh_ ensuring to replace `70002719-3c54-4c20-82c3-e7faa6b718f3` with the value
+of your SESSION cookie, or the session ID returned by the GemFire OQL query (which should match):
+
+....
+gfsh>connect --jmx-manager=localhost[1099]
+
+gfsh>query --query='SELECT * FROM /ClusteredSpringSessions.keySet'
+
+Result     : true
+startCount : 0
+endCount   : 20
+Rows       : 1
+
+Result
+------------------------------------
+70002719-3c54-4c20-82c3-e7faa6b718f3
+
+NEXT_STEP_NAME : END
+
+gfsh>remove --region=/ClusteredSpringSessions --key="70002719-3c54-4c20-82c3-e7faa6b718f3"
+....
+
+NOTE: The _GemFire User Guide_ has more detailed instructions on using https://gemfire.docs.pivotal.io/docs-gemfire/latest/tools_modules/gfsh/chapter_overview.html[gfsh].
+
+Now visit the application at http://localhost:8080/ and observe that the attribute we added is no longer displayed.
--- a/docs/src/docs/asciidoc/guides/xml-jdbc.adoc
+++ b/docs/src/docs/asciidoc/guides/xml-jdbc.adoc
@@ -26,7 +26,7 @@ If you are using Maven, ensure to add the following dependencies:
 	<dependency>
 		<groupId>org.springframework</groupId>
 		<artifactId>spring-web</artifactId>
-		<version>{spring-framework-version}</version>
+		<version>{spring-version}</version>
 	</dependency>
 </dependencies>
 ----
@@ -87,7 +87,7 @@ In this instance Spring Session is backed by a relational database.
 We configure the H2 database to create database tables using the SQL script which is included in Spring Session.
 <3> We create a `transactionManager` that manages transactions for previously configured `dataSource`.

-For additional information on how to configure data access related concerns, please refer to the https://docs.spring.io/spring/docs/{spring-framework-version}/spring-framework-reference/data-access.html[Spring Framework Reference Documentation].
+For additional information on how to configure data access related concerns, please refer to the https://docs.spring.io/spring/docs/current/spring-framework-reference/html/spring-data-tier.html[Spring Framework Reference Documentation].

 == XML Servlet Container Initialization

@@ -105,7 +105,7 @@ include::{samples-dir}xml/jdbc/src/main/webapp/WEB-INF/web.xml[tags=context-para
 include::{samples-dir}xml/jdbc/src/main/webapp/WEB-INF/web.xml[tags=listeners]
 ----

-The https://docs.spring.io/spring/docs/{spring-framework-version}/spring-framework-reference/core.html#context-create[ContextLoaderListener] reads the contextConfigLocation and picks up our session.xml configuration.
+The https://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle/#context-create[ContextLoaderListener] reads the contextConfigLocation and picks up our session.xml configuration.

 Last we need to ensure that our Servlet Container (i.e. Tomcat) uses our `springSessionRepositoryFilter` for every request.
 The following snippet performs this last step for us:
@@ -116,7 +116,7 @@ The following snippet performs this last step for us:
 include::{samples-dir}xml/jdbc/src/main/webapp/WEB-INF/web.xml[tags=springSessionRepositoryFilter]
 ----

-The https://docs.spring.io/spring-framework/docs/{spring-framework-version}/javadoc-api/org/springframework/web/filter/DelegatingFilterProxy.html[DelegatingFilterProxy] will look up a Bean by the name of `springSessionRepositoryFilter` and cast it to a `Filter`.
+The https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/web/filter/DelegatingFilterProxy.html[DelegatingFilterProxy] will look up a Bean by the name of `springSessionRepositoryFilter` and cast it to a `Filter`.
 For every request that `DelegatingFilterProxy` is invoked, the `springSessionRepositoryFilter` will be invoked.

 // end::config[]
@@ -129,7 +129,7 @@ For every request that `DelegatingFilterProxy` is invoked, the `springSessionRep
 You can run the sample by obtaining the {download-url}[source code] and invoking the following command:

 ----
-$ ./gradlew :spring-session-sample-xml-jdbc:tomcatRun
+$ ./gradlew :samples:httpsession-jdbc-xml:tomcatRun
 ----

 You should now be able to access the application at http://localhost:8080/
@@ -155,7 +155,7 @@ include::{samples-dir}xml/jdbc/src/main/java/sample/SessionServlet.java[tags=cla

 Instead of using Tomcat's `HttpSession`, we are actually persisting the values in H2 database.
 Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
-Go ahead and view the cookies (click for help with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
+Go ahead and view the cookies (click for help with https://developer.chrome.com/devtools/docs/resources#cookies[Chrome] or https://getfirebug.com/wiki/index.php/Cookies_Panel#Cookies_List[Firefox]).

 If you like, you can easily remove the session using H2 web console available at: http://localhost:8080/h2-console/ (use `jdbc:h2:mem:testdb` for JDBC URL)

--- a/docs/src/docs/asciidoc/guides/xml-redis.adoc
+++ b/docs/src/docs/asciidoc/guides/xml-redis.adoc
@@ -24,14 +24,14 @@ If you are using Maven, ensure to add the following dependencies:
 		<type>pom</type>
 	</dependency>
 	<dependency>
-		<groupId>io.lettuce</groupId>
-		<artifactId>lettuce-core</artifactId>
+		<groupId>biz.paluch.redis</groupId>
+		<artifactId>lettuce</artifactId>
 		<version>{lettuce-version}</version>
 	</dependency>
 	<dependency>
 		<groupId>org.springframework</groupId>
 		<artifactId>spring-web</artifactId>
-		<version>{spring-framework-version}</version>
+		<version>{spring-version}</version>
 	</dependency>
 </dependencies>
 ----
@@ -90,7 +90,7 @@ The filter is what is in charge of replacing the `HttpSession` implementation to
 In this instance Spring Session is backed by Redis.
 <2> We create a `RedisConnectionFactory` that connects Spring Session to the Redis Server.
 We configure the connection to connect to localhost on the default port (6379)
-For more information on configuring Spring Data Redis, refer to the https://docs.spring.io/spring-data/data-redis/docs/{spring-data-redis-version}/reference/html/[reference documentation].
+For more information on configuring Spring Data Redis, refer to the https://docs.spring.io/spring-data/data-redis/docs/current/reference/html/[reference documentation].

 == XML Servlet Container Initialization

@@ -108,7 +108,7 @@ include::{samples-dir}xml/redis/src/main/webapp/WEB-INF/web.xml[tags=context-par
 include::{samples-dir}xml/redis/src/main/webapp/WEB-INF/web.xml[tags=listeners]
 ----

-The https://docs.spring.io/spring/docs/{spring-framework-version}/spring-framework-reference/core.html#context-create[ContextLoaderListener] reads the contextConfigLocation and picks up our session.xml configuration.
+The https://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle/#context-create[ContextLoaderListener] reads the contextConfigLocation and picks up our session.xml configuration.

 Last we need to ensure that our Servlet Container (i.e. Tomcat) uses our `springSessionRepositoryFilter` for every request.
 The following snippet performs this last step for us:
@@ -119,7 +119,7 @@ The following snippet performs this last step for us:
 include::{samples-dir}xml/redis/src/main/webapp/WEB-INF/web.xml[tags=springSessionRepositoryFilter]
 ----

-The https://docs.spring.io/spring-framework/docs/{spring-framework-version}/javadoc-api/org/springframework/web/filter/DelegatingFilterProxy.html[DelegatingFilterProxy] will look up a Bean by the name of `springSessionRepositoryFilter` and cast it to a `Filter`.
+The https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/web/filter/DelegatingFilterProxy.html[DelegatingFilterProxy] will look up a Bean by the name of `springSessionRepositoryFilter` and cast it to a `Filter`.
 For every request that `DelegatingFilterProxy` is invoked, the `springSessionRepositoryFilter` will be invoked.

 // end::config[]
@@ -134,12 +134,11 @@ You can run the sample by obtaining the {download-url}[source code] and invoking
 [NOTE]
 ====
 For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
-Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
-Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
+Alternatively, you can update the `LettuceConnectionFactory` to point to a Redis server.
 ====

 ----
-$ ./gradlew :spring-session-sample-xml-redis:tomcatRun
+$ ./gradlew :samples:httpsession-xml:tomcatRun
 ----

 You should now be able to access the application at http://localhost:8080/
@@ -165,7 +164,7 @@ include::{samples-dir}xml/redis/src/main/java/sample/SessionServlet.java[tags=cl

 Instead of using Tomcat's `HttpSession`, we are actually persisting the values in Redis.
 Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
-Go ahead and view the cookies (click for help with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
+Go ahead and view the cookies (click for help with https://developer.chrome.com/devtools/docs/resources#cookies[Chrome] or https://getfirebug.com/wiki/index.php/Cookies_Panel#Cookies_List[Firefox]).

 If you like, you can easily remove the session using redis-cli. For example, on a Linux based system you can type:

--- a/docs/src/docs/asciidoc/index.adoc
+++ b/docs/src/docs/asciidoc/index.adoc
@@ -1,5 +1,6 @@
+
 = Spring Session
-Rob Winch, Vedran Pavić
+Rob Winch, Vedran Pavić, Jakub Kubrynski
 :doctype: book
 :indexdoc-tests: {docs-test-dir}docs/IndexDocTests.java
 :websocketdoc-test-dir: {docs-test-dir}docs/websocket/
@@ -12,31 +13,30 @@ Spring Session provides an API and implementations for managing a user's session
 [[introduction]]
 == Introduction

-Spring Session provides an API and implementations for managing a user's session information, while also making it trivial to support clustered sessions without being tied to an application container specific solution.
-It also provides transparent integration with:
+Spring Session provides an API and implementations for managing a user's session information. It also provides transparent integration with:
+
+* <<httpsession,HttpSession>> - allows replacing the HttpSession in an application container (i.e. Tomcat) neutral way.
+Additional features include:
+** **Clustered Sessions** - Spring Session makes it trivial to support <<httpsession-redis,clustered sessions>> without being tied to an application container specific solution.
+** **Multiple Browser Sessions** - Spring Session supports <<httpsession-multi,managing multiple users' sessions>> in a single browser instance (i.e. multiple authenticated accounts similar to Google).
+** **RESTful APIs** - Spring Session allows providing session ids in headers to work with <<httpsession-rest,RESTful APIs>>

-* <<httpsession,HttpSession>> - allows replacing the `HttpSession` in an application container (i.e. Tomcat) neutral way, with support for providing session IDs in headers to work with RESTful APIs.
 * <<websocket,WebSocket>> - provides the ability to keep the `HttpSession` alive when receiving WebSocket messages
-* <<websession,WebSession>> - allows replacing the Spring WebFlux's `WebSession` in an application container neutral way.

-== What's New in 2.0
+== What's New in 1.3

-Below are the highlights of what is new in Spring Session 2.0. You can find a complete list of what's new by referring to the changelogs of
-https://github.com/spring-projects/spring-session/milestone/17?closed=1[2.0.0.M1],
-https://github.com/spring-projects/spring-session/milestone/22?closed=1[2.0.0.M2],
-https://github.com/spring-projects/spring-session/milestone/23?closed=1[2.0.0.M3],
-https://github.com/spring-projects/spring-session/milestone/24?closed=1[2.0.0.M4],
-https://github.com/spring-projects/spring-session/milestone/25?closed=1[2.0.0.M5],
-https://github.com/spring-projects/spring-session/milestone/26?closed=1[2.0.0.RC1],
-https://github.com/spring-projects/spring-session/milestone/27?closed=1[2.0.0.RC2], and
-https://github.com/spring-projects/spring-session/milestone/30?closed=1[2.0.0.RELEASE].
+Below are the highlights of what is new in Spring Session 1.3. You can find a complete list of what's new by referring to the changelogs of
+https://github.com/spring-projects/spring-session/milestone/6?closed=1[1.3.0.M1],
+https://github.com/spring-projects/spring-session/milestone/18?closed=1[1.3.0.M2],
+https://github.com/spring-projects/spring-session/milestone/16?closed=1[1.3.0.RC1], and
+https://github.com/spring-projects/spring-session/milestone/19?closed=1[1.3.0.RELEASE].

-* Upgraded to Java 8 and Spring Framework 5 as baseline
-* https://github.com/spring-projects/spring-session/issues/683[Added support for managing Spring WebFlux's `WebSession`] with https://github.com/spring-projects/spring-session/issues/816[Redis `ReactiveSessionRepository`]
-* https://github.com/spring-projects/spring-session/issues/768[Extracted `SessionRepository` implementations to separate modules]
-* Improved https://github.com/spring-projects/spring-session/issues/682[`Session`] and https://github.com/spring-projects/spring-session/issues/809[`SessionRepository`] APIs
-* Improved and harmonized configuration support for all supported session stores
-* https://github.com/spring-projects/spring-session/pull/713[Added support for configuring default `CookieSerializer` using `SessionCookieConfig`]
+* First class support for https://docs.spring.io/spring-session/docs/1.3.0.RELEASE/reference/html5/#httpsession-hazelcast[Hazelcast]
+* First class support for https://docs.spring.io/spring-session/docs/1.3.0.RELEASE/reference/html5/#spring-security-concurrent-sessions-how[Spring Security's concurrent session management]
+* Added https://github.com/maseev/spring-session-orientdb[OrientDB Community Extension]
+* https://github.com/spring-projects/spring-session/tree/1.3.0.RELEASE/samples/httpsession-redis-json[GenericJackson2JsonRedisSerializer sample] with Spring Security's new Jackson Support
+* Guides now https://github.com/spring-projects/spring-session/pull/652[use Lettuce]
+* `spring.session.cleanup.cron.expression` can be used to override the cleanup task’s cron expression
 * Lots of performance improvements and bug fixes

 [[samples]]
@@ -52,6 +52,14 @@ If you are looking to get started with Spring Session, the best place to start i
 | Demonstrates how to use Spring Session to replace the `HttpSession` with Redis.
 | link:guides/boot-redis.html[HttpSession with Redis Guide]

+| {gh-samples-url}boot/gemfire[HttpSession with GemFire]
+| Demonstrates how to use Spring Session to replace the `HttpSession` with GemFire using a Client/Server topology.
+| link:guides/boot-gemfire.html[HttpSession with GemFire Guide]
+
+| {gh-samples-url}boot/mongo[HttpSession with Mongo]
+| Demonstrates how to use Spring Session to replace the `HttpSession` with Mongo.
+| link:guides/boot-mongo.html[HttpSession with Mongo Guide]
+
 | {gh-samples-url}boot/jdbc[HttpSession with JDBC]
 | Demonstrates how to use Spring Session to replace the `HttpSession` with a relational database store.
 | link:guides/boot-jdbc.html[HttpSession with JDBC Guide]
@@ -64,10 +72,6 @@ If you are looking to get started with Spring Session, the best place to start i
 | Demonstrates how to use Spring Session with WebSockets.
 | link:guides/boot-websocket.html[WebSockets Guide]

-| {gh-samples-url}boot/webflux[WebFlux]
-| Demonstrates how to use Spring Session to replace the Spring WebFlux's `WebSession` with Redis.
-| TBD
-
 | {gh-samples-url}boot/redis-json[HttpSession with Redis JSON serialization]
 | Demonstrates how to use Spring Session to replace the `HttpSession` with Redis using JSON serialization.
 | TBD
@@ -82,6 +86,14 @@ If you are looking to get started with Spring Session, the best place to start i
 | Demonstrates how to use Spring Session to replace the `HttpSession` with Redis.
 | link:guides/java-redis.html[HttpSession with Redis Guide]

+| {gh-samples-url}javaconfig/gemfire-clientserver[HttpSession with GemFire (Client/Server)]
+| Demonstrates how to use Spring Session to replace the `HttpSession` with GemFire using a Client/Server topology.
+| link:guides/java-gemfire-clientserver.html[HttpSession with GemFire (Client/Server) Guide]
+
+| {gh-samples-url}javaconfig/gemfire-p2p[HttpSession with GemFire (P2P)]
+| Demonstrates how to use Spring Session to replace the `HttpSession` with GemFire using a P2P topology.
+| link:guides/java-gemfire-p2p.html[HttpSession with GemFire (P2P) Guide]
+
 | {gh-samples-url}javaconfig/jdbc[HttpSession with JDBC]
 | Demonstrates how to use Spring Session to replace the `HttpSession` with a relational database store.
 | link:guides/java-jdbc.html[HttpSession with JDBC Guide]
@@ -102,6 +114,10 @@ If you are looking to get started with Spring Session, the best place to start i
 | Demonstrates how to use Spring Session in a REST application to support authenticating with a header.
 | link:guides/java-rest.html[REST Guide]

+| {gh-samples-url}javaconfig/users[Multiple Users]
+| Demonstrates how to use Spring Session to manage multiple simultaneous browser sessions (i.e Google Accounts).
+| link:guides/java-users.html[Multiple Users Guide]
+
 |===

 .Sample Applications using Spring XML based configuration
@@ -112,6 +128,14 @@ If you are looking to get started with Spring Session, the best place to start i
 | Demonstrates how to use Spring Session to replace the `HttpSession` with a Redis store.
 | link:guides/xml-redis.html[HttpSession with Redis Guide]

+| {gh-samples-url}xml/gemfire-clientserver[HttpSession with GemFire (Client/Server)]
+| Demonstrates how to use Spring Session to replace the `HttpSession` with GemFire using a Client/Server topology.
+| link:guides/xml-gemfire-clientserver.html[HttpSession with GemFire (Client/Server) Guide]
+
+| {gh-samples-url}xml/gemfire-p2p[HttpSession with GemFire (P2P)]
+| Demonstrates how to use Spring Session to replace the `HttpSession` with GemFire using a P2P topology.
+| link:guides/xml-gemfire-p2p.html[HttpSession with GemFire (P2P) Guide]
+
 | {gh-samples-url}xml/jdbc[HttpSession with JDBC]
 | Demonstrates how to use Spring Session to replace the `HttpSession` with a relational database store.
 | link:guides/xml-jdbc.html[HttpSession with JDBC Guide]
@@ -132,28 +156,6 @@ If you are looking to get started with Spring Session, the best place to start i

 |===

-[[modules]]
-== Spring Session Modules
-
-In Spring Session 1.x all of the Spring Session's `SessionRepository` implementations were available within the `spring-session` artifact.
-While convenient, this approach wasn't sustainable long-term as more features and `SessionRepository` implementations were added to the project.
-
-Starting with Spring Session 2.0, the project has been split up to Spring Session Core module, and several other modules that carry `SessionRepository` implementations and functionality related to the specific data store.
-The users of Spring Data will find this arrangement familiar, with Spring Session Core module taking a role equivalent to Spring Data Commons and providing core functionalities and APIs with other modules containing data store specific implementations.
-As a part of this split, the Spring Session Data MongoDB and Spring Session Data GemFire modules were moved to separate repositories so the situation with project's repositories/modules is a follows:
-
-* https://github.com/spring-projects/spring-session[`spring-session` repository]
-** Hosts Spring Session Core, Spring Session Data Redis, Spring Session JDBC and Spring Session Hazelcast modules
-* https://github.com/spring-projects/spring-session-data-mongodb[`spring-session-data-mongodb` repository]
-** Hosts Spring Session Data MongoDB module
-* https://github.com/spring-projects/spring-session-data-geode[`spring-session-data-geode` repository]
-** Hosts Spring Session Data Geode and Spring Session Data Geode modules
-
-Finally, Spring Session now also provides a Maven BOM (as in "bill of materials") module in order to help users with version management concerns:
-
-* https://github.com/spring-projects/spring-session-bom[`spring-session-bom` repository]
-** Hosts Spring Session BOM module
-
 [[httpsession]]
 == HttpSession Integration

@@ -166,7 +168,8 @@ This means that developers can switch the `HttpSession` implementation out with
 We have already mentioned that Spring Session provides transparent integration with `HttpSession`, but what benefits do we get out of this?

 * **Clustered Sessions** - Spring Session makes it trivial to support <<httpsession-redis,clustered sessions>> without being tied to an application container specific solution.
-* **RESTful APIs** - Spring Session allows providing session IDs in headers to work with <<httpsession-rest,RESTful APIs>>
+* **Multiple Browser Sessions** - Spring Session supports <<httpsession-multi,managing multiple users' sessions>> in a single browser instance (i.e. multiple authenticated accounts similar to Google).
+* **RESTful APIs** - Spring Session allows providing session ids in headers to work with <<httpsession-rest,RESTful APIs>>

 [[httpsession-redis]]
 === HttpSession with Redis
@@ -197,6 +200,110 @@ You can read the basic steps for integration below, but you are encouraged to fo

 include::guides/xml-redis.adoc[tags=config,leveloffset=+3]

+[[httpsession-gemfire]]
+=== HttpSession with Pivotal GemFire
+
+When https://pivotal.io/big-data/pivotal-gemfire[Pivotal GemFire] is used with Spring Session, a web application's
+`HttpSession` can be replaced with a **clustered** implementation managed by GemFire and conveniently accessed
+with Spring Session's API.
+
+The two most common topologies to manage Spring Sessions using GemFire include:
+
+* <<httpsession-gemfire-clientserver,Client-Server>>
+* <<httpsession-gemfire-p2p,Peer-To-Peer (P2P)>>
+
+Additionally, GemFire supports site-to-site replication using https://gemfire.docs.pivotal.io/docs-gemfire/topologies_and_comm/multi_site_configuration/chapter_overview.html[WAN functionality].
+The ability to configure and use GemFire's WAN support is independent of Spring Session, and is beyond the scope
+of this document. More details on GemFire WAN functionality can be found https://docs.spring.io/spring-data-gemfire/docs/current/reference/html/#bootstrap:gateway[here].
+
+[[httpsession-gemfire-clientserver]]
+==== GemFire Client-Server
+
+The https://gemfire.docs.pivotal.io/docs-gemfire/latest/topologies_and_comm/cs_configuration/chapter_overview.html[Client-Server]
+topology will probably be the more common configuration preference for users when using GemFire as a provider in
+Spring Session since a GemFire server will have significantly different and unique JVM heap requirements when compared
+to the application. Using a client-server topology enables an application to manage (e.g. replicate) application state
+independently from other application processes.
+
+In a client-server topology, an application using Spring Session will open a client cache connection to a (remote)
+GemFire server cluster to manage and provide consistent access to all `HttpSession` state.
+
+You can configure a Client-Server topology with either:
+
+* <<httpsession-gemfire-clientserver-java,Java-based Configuration>>
+* <<httpsession-gemfire-clientserver-xml,XML-based Configuration>>
+
+[[httpsession-gemfire-clientserver-java]]
+===== GemFire Client-Server Java-based Configuration
+
+This section describes how to use GemFire's Client-Server topology to back an `HttpSession` with Java-based configuration.
+
+NOTE: The <<samples,HttpSession with GemFire (Client-Server) Sample>> provides a working sample on how to integrate
+Spring Session and GemFire to replace the HttpSession using Java configuration. You can read the basic steps for
+integration below, but you are encouraged to follow along with the detailed HttpSession with GemFire (Client-Server)
+Guide when integrating with your own application.
+
+include::guides/java-gemfire-clientserver.adoc[tags=config,leveloffset=+3]
+
+[[http-session-gemfire-clientserver-xml]]
+===== GemFire Client-Server XML-based Configuration
+
+This section describes how to use GemFire's Client-Server topology to back an `HttpSession` with XML-based configuration.
+
+NOTE: The <<samples,HttpSession with GemFire (Client-Server) using XML Sample>> provides a working sample on how to
+integrate Spring Session and GemFire to replace the `HttpSession` using XML configuration. You can read the basic steps
+for integration below, but you are encouraged to follow along with the detailed HttpSession with GemFire (Client-Server)
+using XML Guide when integrating with your own application.
+
+include::guides/xml-gemfire-clientserver.adoc[tags=config,leveloffset=+3]
+
+[[httpsession-gemfire-p2p]]
+==== GemFire Peer-To-Peer (P2P)
+
+Perhaps less common would be to configure the Spring Session application as a peer member in the GemFire cluster using
+the https://gemfire.docs.pivotal.io/docs-gemfire/latest/topologies_and_comm/p2p_configuration/chapter_overview.html[Peer-To-Peer (P2P)] topology.
+In this configuration, a Spring Session application would be an actual data node (server) in the GemFire cluster,
+and **not** a cache client as before.
+
+One advantage to this approach is the proximity of the application to the application's state (i.e. it's data). However,
+there are other effective means of accomplishing similar data dependent computations, such as using GemFire's
+https://gemfire.docs.pivotal.io/docs-gemfire/latest/developing/function_exec/chapter_overview.html[Function Execution].
+Any of GemFire's other https://gemfire.docs.pivotal.io/docs-gemfire/latest/getting_started/product_intro.html[features]
+can be used when GemFire is serving as a provider in Spring Session.
+
+P2P is very useful for both testing purposes as well as smaller, more focused and self-contained applications,
+such as those found in a microservices architecture, and will most certainly improve on your application's latency,
+throughput and consistency needs.
+
+You can configure a Peer-To-Peer (P2P) topology with either:
+
+* <<httpsession-gemfire-p2p-java,Java-based Configuration>>
+* <<httpsession-gemfire-p2p-xml,XML-based Configuration>>
+
+[[httpsession-gemfire-p2p-java]]
+===== GemFire Peer-To-Peer (P2P) Java-based Configuration
+
+This section describes how to use GemFire's Peer-To-Peer (P2P) topology to back an `HttpSession` using Java-based configuration.
+
+NOTE: The <<samples, HttpSession with GemFire (P2P) Sample>> provides a working sample on how to integrate
+Spring Session and GemFire to replace the `HttpSession` using Java configuration. You can read the basic steps
+for integration below, but you are encouraged to follow along with the detailed HttpSession with GemFire (P2P) Guide
+when integrating with your own application.
+
+include::guides/java-gemfire-p2p.adoc[tags=config,leveloffset=+3]
+
+[[httpsession-gemfire-p2p-xml]]
+===== GemFire Peer-To-Peer (P2P) XML-based Configuration
+
+This section describes how to use GemFire's Peer-To-Peer (P2P) topology to back an `HttpSession` using XML-based configuration.
+
+NOTE: The <<samples, HttpSession with GemFire (P2P) using XML Sample>> provides a working sample on how to integrate
+Spring Session and GemFire to replace the `HttpSession` using XML configuration. You can read the basic steps for
+integration below, but you are encouraged to follow along with the detailed HttpSession with GemFire (P2P) using XML
+Guide when integrating with your own application.
+
+include::guides/xml-gemfire-p2p.adoc[tags=config,leveloffset=+3]
+
 [[httpsession-jdbc]]
 === HttpSession with JDBC

@@ -237,6 +344,57 @@ You can read the basic steps for integration below, but you are encouraged to fo

 include::guides/boot-jdbc.adoc[tags=config,leveloffset=+3]

+[[httpsession-mongo]]
+=== HttpSession with Mongo
+
+Using Spring Session with `HttpSession` is enabled by adding a Servlet Filter before anything that uses the `HttpSession`.
+
+This section describes how to use Mongo to back `HttpSession` using Java based configuration.
+
+NOTE: The <<samples, HttpSession Mongo Sample>> provides a working sample on how to integrate Spring Session and `HttpSession` using Java configuration.
+You can read the basic steps for integration below, but you are encouraged to follow along with the detailed HttpSession Guide when integrating with your own application.
+
+include::guides/boot-mongo.adoc[tags=config,leveloffset=+3]
+
+==== Session serialization mechanisms
+
+To be able to persist session objects in MongoDB we need to provide the serialization/deserialization mechanism.
+Depending on your classpath Spring Session will choose one of two build-in converters:
+
+* `JacksonMongoSessionConverter` when `ObjectMapper` class is available, or
+* `JdkMongoSessionConverter` otherwise.
+
+===== JacksonMongoSessionConverter
+
+This mechanism uses Jackson to serialize session objects to/from JSON.
+`JacksonMongoSessionConverter` will be the default when Jackson is detected on the classpath and the user has not explicitly registered a `AbstractMongoSessionConverter` Bean.
+
+If you would like to provide custom Jackson modules you can do it by explicitly registering `JacksonMongoSessionConverter`:
+
+[source,java,indent=0]
+----
+include::{docs-test-dir}docs/http/MongoJacksonSessionConfiguration.java[tags=config]
+----
+
+==== JdkMongoSessionConverter
+
+`JdkMongoSessionConverter` uses standard Java serialization to persist session attributes map to MongoDB in a binary form.
+However, standard session elements like id, access time, etc are still written as a plain Mongo objects and can be read and queried without additional effort.
+`JdkMongoSessionConverter` is used if Jackson is not on the classpath and no explicit `AbstractMongoSessionConverter` Bean has been defined.
+You can explicitly register `JdkMongoSessionConverter` by defining it as a Bean.
+
+[source,java,indent=0]
+----
+include::{docs-test-dir}docs/http/MongoJdkSessionConfiguration.java[tags=config]
+----
+
+There is also a constructor taking `Serializer` and `Deserializer` objects, allowing you to pass custom implementations, which is especially important when you want to use non-default classloader.
+
+==== Using custom converters
+
+You can create your own session converter by extending `AbstractMongoSessionConverter` class.
+The implementation will be used for serializing, deserializing your objects and for providing queries to access the session.
+
 [[httpsession-hazelcast]]
 === HttpSession with Hazelcast

@@ -305,6 +463,17 @@ public class SessionRepositoryFilter implements Filter {
 By passing in a custom `HttpServletRequest` implementation into the `FilterChain` we ensure that anything invoked after our `Filter` uses the custom `HttpSession` implementation.
 This highlights why it is important that Spring Session's `SessionRepositoryFilter` must be placed before anything that interacts with the `HttpSession`.

+[[httpsession-multi]]
+=== Multiple HttpSessions in Single Browser
+
+Spring Session has the ability to support multiple sessions in a single browser instance.
+This provides the ability to support authenticating with multiple users in the same browser instance (i.e. Google Accounts).
+
+NOTE: The <<samples,Manage Multiple Users Guide>> provides a complete working example of managing multiple users in the same browser instance.
+You can follow the basic steps for integration below, but you are encouraged to follow along with the detailed Manage Multiple Users Guide when integrating with your own application.
+
+include::guides/java-users.adoc[tags=how-does-it-work,leveloffset=+1]
+
 [[httpsession-rest]]
 === HttpSession & RESTful APIs

@@ -375,116 +544,6 @@ Before using WebSocket integration, you should be sure that you have <<httpsessi

 include::guides/boot-websocket.adoc[tags=config,leveloffset=+2]

-[[websession]]
-== WebSession Integration
-
-Spring Session provides transparent integration with Spring WebFlux's `WebSession`.
-This means that developers can switch the `WebSession` implementation out with an implementation that is backed by Spring Session.
-
-[[websession-why]]
-=== Why Spring Session & WebSession?
-
-We have already mentioned that Spring Session provides transparent integration with Spring WebFlux's `WebSession`, but what benefits do we get out of this?
-As with `HttpSession`, Spring Session makes it trivial to support <<websession-redis,clustered sessions>> without being tied to an application container specific solution.
-
-[[websession-redis]]
-=== WebSession with Redis
-
-Using Spring Session with `WebSession` is enabled by simply registering a `WebSessionManager` implementation backed by Spring Session's `ReactiveSessionRepository`.
-The Spring configuration is responsible for creating a `WebSessionManager` that replaces the `WebSession` implementation with an implementation backed by Spring Session.
-Add the following Spring Configuration:
-
-[source, java]
----
-@EnableRedisWebSession // <1>
-public class SessionConfiguration {
-
-	@Bean
-	public LettuceConnectionFactory redisConnectionFactory() {
-		return new LettuceConnectionFactory(); // <2>
-	}
-
-}
----
-
-<1> The `@EnableRedisWebSession` annotation creates a Spring Bean with the name of `webSessionManager` that implements the `WebSessionManager`.
-This is what is in charge of replacing the `WebSession` implementation to be backed by Spring Session.
-In this instance Spring Session is backed by Redis.
-<2> We create a `RedisConnectionFactory` that connects Spring Session to the Redis Server.
-We configure the connection to connect to localhost on the default port (6379)
-For more information on configuring Spring Data Redis, refer to the https://docs.spring.io/spring-data/data-redis/docs/{spring-data-redis-version}/reference/html/[reference documentation].
-
-[[websession-how]]
-=== How WebSession Integration Works
-
-With Spring WebFlux and it's `WebSession` things are considerably simpler for Spring Session to integrate with, compared to Servlet API and it's `HttpSession`.
-Spring WebFlux provides `WebSessionStore` API which presents a strategy for persisting `WebSession`.
-
-NOTE: This section describes how Spring Session provides transparent integration with `WebSession`. The intent is so that user's can understand what is happening under the covers. This functionality is already integrated and you do NOT need to implement this logic yourself.
-
-First we create a custom `SpringSessionWebSession` that delegates to Spring Session's `Session`.
-It looks something like the following:
-
-[source, java]
----
-public class SpringSessionWebSession implements WebSession {
-
-	enum State {
-		NEW, STARTED
-	}
-
-	private final S session;
-
-	private AtomicReference<State> state = new AtomicReference<>();
-
-	SpringSessionWebSession(S session, State state) {
-		this.session = session;
-		this.state.set(state);
-	}
-
-	@Override
-	public void start() {
-		this.state.compareAndSet(State.NEW, State.STARTED);
-	}
-
-	@Override
-	public boolean isStarted() {
-		State value = this.state.get();
-		return (State.STARTED.equals(value)
-				|| (State.NEW.equals(value) && !this.session.getAttributes().isEmpty()));
-	}
-
-	@Override
-	public Mono<Void> changeSessionId() {
-		return Mono.defer(() -> {
-			this.session.changeSessionId();
-			return save();
-		});
-	}
-
-	// ... other methods delegate to the original Session
-}
----
-
-Next, we create a custom `WebSessionStore` that delegates to the `ReactiveSessionRepository` and wraps `Session` into custom `WebSession` implementation:
-
-[source, java]
----
-public class SpringSessionWebSessionStore<S extends Session> implements WebSessionStore {
-
-	private final ReactiveSessionRepository<S> sessions;
-
-	public SpringSessionWebSessionStore(ReactiveSessionRepository<S> reactiveSessionRepository) {
-		this.sessions = reactiveSessionRepository;
-	}
-
-	// ...
-}
----
-
-In order to be detected by Spring WebFlux, this custom `WebSessionStore` needs to be registered with `ApplicationContext` as bean named `webSessionManager`.
-For additional information on Spring WebFlux, refer to the https://docs.spring.io/spring/docs/{spring-framework-version}/spring-framework-reference/web-reactive.html[Spring Framework Reference Documentation].
-
 [[spring-security]]
 == Spring Security Integration

@@ -493,7 +552,7 @@ Spring Session provides integration with Spring Security.
 [[spring-security-rememberme]]
 === Spring Security Remember-Me Support

-Spring Session provides integration with https://docs.spring.io/spring-security/site/docs/{spring-security-version}/reference/htmlsingle/#remember-me[Spring Security's Remember-Me Authentication].
+Spring Session provides integration with https://docs.spring.io/spring-security/site/docs/4.2.x/reference/htmlsingle/#remember-me[Spring Security's Remember-Me Authentication].
 The support will:

 * Change the session expiration length
@@ -536,7 +595,7 @@ include::{docs-test-dir}docs/security/SecurityConfiguration.java[tags=class]
 ----

 This assumes that you've also configured Spring Session to provide a `FindByIndexNameSessionRepository` that
-returns `Session` instances.
+returns `ExpiringSession` instances.

 When using XML configuration, it would look something like this:
 [source,xml,indent=0]
@@ -545,7 +604,7 @@ include::{docs-test-resources-dir}docs/security/security-config.xml[tags=config]
 ----

 This assumes that your Spring Session `SessionRegistry` bean is called `sessionRegistry`, which is the name used by all
-`SpringHttpSessionConfiguration` subclasses.
+`SpringHttpSessionConfiguration` subclasses except for the one for MongoDB: there it's called `mongoSessionRepository`.

 [[spring-security-concurrent-sessions-limitations]]
 === Limitations
@@ -578,7 +637,11 @@ include::{indexdoc-tests}[tags=repository-demo]
 <5> We retrieve the `Session` from the `SessionRepository`.
 <6> We obtain the persisted `User` from our `Session` without the need for explicitly casting our attribute.

-`Session` API also provides attributes related to the `Session` instance's expiration.
+[[api-expiringsession]]
+=== ExpiringSession
+
+An `ExpiringSession` extends a `Session` by providing attributes related to the `Session` instance's expiration.
+If there is no need to interact with the expiration information, prefer using the more simple `Session` API.

 Typical usage might look like the following:

@@ -587,17 +650,17 @@ Typical usage might look like the following:
 include::{indexdoc-tests}[tags=expire-repository-demo]
 ----

-<1> We create a `SessionRepository` instance with a generic type, `S`, that extends `Session`. The generic type is defined in our class.
-<2> We create a new `Session` using our `SessionRepository` and assign it to a variable of type `S`.
-<3> We interact with the `Session`.
-In our example, we demonstrate updating the amount of time the `Session` can be inactive before it expires.
-<4> We now save the `Session`.
+<1> We create a `SessionRepository` instance with a generic type, `S`, that extends `ExpiringSession`. The generic type is defined in our class.
+<2> We create a new `ExpiringSession` using our `SessionRepository` and assign it to a variable of type `S`.
+<3> We interact with the `ExpiringSession`.
+In our example, we demonstrate updating the amount of time the `ExpiringSession` can be inactive before it expires.
+<4> We now save the `ExpiringSession`.
 This is why we needed the generic type `S`.
-The `SessionRepository` only allows saving `Session` instances that were created or retrieved using the same `SessionRepository`.
+The `SessionRepository` only allows saving `ExpiringSession` instances that were created or retrieved using the same `SessionRepository`.
 This allows for the `SessionRepository` to make implementation specific optimizations (i.e. only writing attributes that have changed).
-The last accessed time is automatically updated when the `Session` is saved.
-<5> We retrieve the `Session` from the `SessionRepository`.
-If the `Session` were expired, the result would be null.
+The last accessed time is automatically updated when the `ExpiringSession` is saved.
+<5> We retrieve the `ExpiringSession` from the `SessionRepository`.
+If the `ExpiringSession` were expired, the result would be null.

 [[api-sessionrepository]]
 === SessionRepository
@@ -639,14 +702,6 @@ Once the session is indexed, it can be found using the following:
 include::{docs-test-dir}docs/FindByIndexNameSessionRepositoryTests.java[tags=findby-username]
 ----

-[[api-reactivesessionrepository]]
-=== ReactiveSessionRepository
-
-A `ReactiveSessionRepository` is in charge of creating, retrieving, and persisting `Session` instances in a non-blocking and reactive manner.
-
-If possible, developers should not interact directly with a `ReactiveSessionRepository` or a `Session`.
-Instead, developers should prefer interacting with `ReactiveSessionRepository` and `Session` indirectly through the <<websession,WebSession>> integration.
-
 [[api-enablespringhttpsession]]
 === EnableSpringHttpSession

@@ -663,22 +718,6 @@ It is important to note that no infrastructure for session expirations is config
 This is because things like session expiration are highly implementation dependent.
 This means if you require cleaning up expired sessions, you are responsible for cleaning up the expired sessions.

-[[api-enablespringwebsession]]
-=== EnableSpringWebSession
-
-The `@EnableSpringWebSession` annotation can be added to an `@Configuration` class to expose the `WebSessionManager` as a bean named "webSessionManager".
-In order to leverage the annotation, a single `ReactiveSessionRepository` bean must be provided.
-For example:
-
-[source,java,indent=0]
----
-include::{docs-test-dir}docs/SpringWebSessionConfig.java[tags=class]
----
-
-It is important to note that no infrastructure for session expirations is configured for you out of the box.
-This is because things like session expiration are highly implementation dependent.
-This means if you require cleaning up expired sessions, you are responsible for cleaning up the expired sessions.
-
 [[api-redisoperationssessionrepository]]
 === RedisOperationsSessionRepository

@@ -706,7 +745,7 @@ Complete example usage can be found in the <<samples>>
 You can use the following attributes to customize the configuration:

 * **maxInactiveIntervalInSeconds** - the amount of time before the session will expire in seconds
-* **redisNamespace** - allows configuring an application specific namespace for the sessions. Redis keys and channel IDs will start with the prefix of `<redisNamespace>:`.
+* **redisNamespace** - allows configuring an application specific namespace for the sessions. Redis keys and channel ids will start with the prefix of `spring:session:<redisNamespace>:`.
 * **redisFlushMode** - allows specifying when data will be written to Redis. The default is only when `save` is invoked on `SessionRepository`.
 A value of `RedisFlushMode.IMMEDIATE` will write to Redis as soon as possible.

@@ -718,7 +757,7 @@ You can customize the serialization by creating a Bean named `springSessionDefau

 `RedisOperationsSessionRepository` is subscribed to receive events from redis using a `RedisMessageListenerContainer`.
 You can customize the way those events are dispatched, by creating a Bean named `springSessionRedisTaskExecutor` and/or a Bean `springSessionRedisSubscriptionExecutor`.
-More details on configuring redis task executors can be found https://docs.spring.io/spring-data-redis/docs/{spring-data-redis-version}/reference/html/#redis:pubsub:subscribe:containers[here].
+More details on configuring redis task executors can be found https://docs.spring.io/spring-data-redis/docs/current/reference/html/#redis:pubsub:subscribe:containers[here].

 [[api-redisoperationssessionrepository-storage]]
 ==== Storage Details
@@ -757,7 +796,7 @@ HMSET spring:session:sessions:33fdd1b6-b496-4b33-9f7d-df96679d32fe creationTime

 In this example, the session following statements are true about the session:

-* The session ID is 33fdd1b6-b496-4b33-9f7d-df96679d32fe
+* The session id is 33fdd1b6-b496-4b33-9f7d-df96679d32fe
 * The session was created at 1404360000000 in milliseconds since midnight of 1/1/1970 GMT.
 * The session expires in 1800 seconds (30 minutes).
 * The session was last accessed at 1404360000000 in milliseconds since midnight of 1/1/1970 GMT.
@@ -780,7 +819,7 @@ HMSET spring:session:sessions:33fdd1b6-b496-4b33-9f7d-df96679d32fe sessionAttr:a
 [[api-redisoperationssessionrepository-expiration]]
 ===== Session Expiration

-An expiration is associated to each session using the EXPIRE command based upon the `Session.getMaxInactiveInterval()`.
+An expiration is associated to each session using the EXPIRE command based upon the `ExpiringSession.getMaxInactiveInterval()`.
 For example:

 ----
@@ -793,7 +832,7 @@ An expiration is set on the session itself five minutes after it actually expire

 [NOTE]
 ====
-The `SessionRepository.findById(String)` method ensures that no expired sessions will be returned.
+The `SessionRepository.getSession(String)` method ensures that no expired sessions will be returned.
 This means there is no need to check the expiration before using a session.
 ====

@@ -810,12 +849,12 @@ EXPIRE spring:session:sessions:expires:33fdd1b6-b496-4b33-9f7d-df96679d32fe 1800

 When a session expires key is deleted or expires, the keyspace notification triggers a lookup of the actual session and a SessionDestroyedEvent is fired.

-One problem with relying on Redis expiration exclusively is that Redis makes no guarantee of when the expired event will be fired if the key has not been accessed.
+One problem with relying on Redis expiration exclusively is that Redis makes no guarantee of when the expired event will be fired if they key has not been accessed.
 Specifically the background task that Redis uses to clean up expired keys is a low priority task and may not trigger the key expiration.
 For additional details see https://redis.io/topics/notifications[Timing of expired events] section in the Redis documentation.

 To circumvent the fact that expired events are not guaranteed to happen we can ensure that each key is accessed when it is expected to expire.
-This means that if the TTL is expired on the key, Redis will remove the key and fire the expired event when we try to access the key.
+This means that if the TTL is expired on the key, Redis will remove the key and fire the expired event when we try to access they key.

 For this reason, each session expiration is also tracked to the nearest minute.
 This allows a background task to access the potentially expired sessions to ensure that Redis expired events are fired in a more deterministic fashion.
@@ -827,7 +866,7 @@ EXPIRE spring:session:expirations1439245080000 2100
 ----

 The background task will then use these mappings to explicitly request each key.
-By accessing the key, rather than deleting it, we ensure that Redis deletes the key for us only if the TTL is expired.
+By accessing they key, rather than deleting it, we ensure that Redis deletes the key for us only if the TTL is expired.

 [NOTE]
 ====
@@ -879,7 +918,7 @@ include::{docs-test-resources-dir}docs/HttpSessionConfigurationNoOpConfigureRedi
 ==== SessionCreatedEvent

 When a session is created an event is sent to Redis with the channel of `spring:session:channel:created:33fdd1b6-b496-4b33-9f7d-df96679d32fe`
-such that `33fdd1b6-b496-4b33-9f7d-df96679d32fe` is the session ID. The body of the event will be the session that was created.
+such that `33fdd1b6-b496-4b33-9f7d-df96679d32fe` is the session id. The body of the event will be the session that was created.

 If registered as a MessageListener (default), then `RedisOperationsSessionRepository` will then translate the Redis message into a `SessionCreatedEvent`.

@@ -898,7 +937,7 @@ redis 127.0.0.1:6379> keys *
 ----

 <1> The suffix of this key is the session identifier of the Spring Session.
-<2> This key contains all the session IDs that should be deleted at the time `1418772300000`.
+<2> This key contains all the session ids that should be deleted at the time `1418772300000`.

 You can also view the attributes of each session.

@@ -913,73 +952,93 @@ redis 127.0.0.1:6379> hget spring:session:sessions:4fc39ce3-63b3-4e17-b1c4-5e1ed
 "\xac\xed\x00\x05t\x00\x03rob"
 ----

-[[api-reactiveredisoperationssessionrepository]]
-=== ReactiveRedisOperationsSessionRepository
+[[api-gemfireoperationssessionrepository]]
+=== GemFireOperationsSessionRepository

-`ReactiveRedisOperationsSessionRepository` is a `ReactiveSessionRepository` that is implemented using Spring Data's `ReactiveRedisOperations`.
-In a web environment, this is typically used in combination with `WebSessionStore`.
+`GemFireOperationsSessionRepository` is a `SessionRepository` that is implemented using Spring Data's `GemFireOperationsSessionRepository`.
+In a web environment, this is typically used in combination with `SessionRepositoryFilter`.
+The implementation supports `SessionDestroyedEvent` and `SessionCreatedEvent` through `SessionMessageListener`.

-[[api-reactiveredisoperationssessionrepository-new]]
-==== Instantiating a ReactiveRedisOperationsSessionRepository
+[[api-gemfireoperationssessionrepository-indexing]]
+==== Using Indexes with GemFire

-A typical example of how to create a new instance can be seen below:
+While best practices concerning the proper definition of indexes that positively impact GemFire's performance is beyond
+the scope of this document, it is important to realize that Spring Session Data GemFire creates and uses indexes to
+query and find Sessions efficiently.
+
+Out-of-the-box, Spring Session Data GemFire creates 1 Hash-typed Index on the principal name. There are two different buit in
+strategies for finding the principal name. The first strategy is that the value of the session attribute with the name
+`FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME` will be indexed to the same index name. For example:

 [source,java,indent=0]
 ----
-include::{indexdoc-tests}[tags=new-reactiveredisoperationssessionrepository]
+include::{docs-itest-dir}docs/http/HttpSessionGemFireIndexingITests.java[tags=findbyindexname-set]
+include::{docs-itest-dir}docs/http/HttpSessionGemFireIndexingITests.java[tags=findbyindexname-get]
 ----

-For additional information on how to create a `ReactiveRedisConnectionFactory`, refer to the Spring Data Redis Reference.
+[[api-gemfireoperationssessionrepository-indexing-security]]
+==== Using Indexes with GemFire & Spring Security

-[[api-reactiveredisoperationssessionrepository-config]]
-==== EnableRedisWebSession
+Alternatively, Spring Session Data GemFire will map Spring Security's current `Authentication#getName()` to the index
+`FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME`. For example, if you are using Spring Security you can
+find the current user's sessions using:

-In a web environment, the simplest way to create a new `ReactiveRedisOperationsSessionRepository` is to use `@EnableRedisWebSession`.
-You can use the following attributes to customize the configuration:
-
-* **maxInactiveIntervalInSeconds** - the amount of time before the session will expire in seconds
-* **redisNamespace** - allows configuring an application specific namespace for the sessions. Redis keys and channel IDs will start with the prefix of `<redisNamespace>:`.
-* **redisFlushMode** - allows specifying when data will be written to Redis. The default is only when `save` is invoked on `ReactiveSessionRepository`.
-A value of `RedisFlushMode.IMMEDIATE` will write to Redis as soon as possible.
-
-[[api-reactiveredisoperationssessionrepository-writes]]
-===== Optimized Writes
-
-The `Session` instances managed by `ReactiveRedisOperationsSessionRepository` keeps track of the properties that have changed and only updates those.
-This means if an attribute is written once and read many times we only need to write that attribute once.
-
-[[api-reactiveredisoperationssessionrepository-cli]]
-==== Viewing the Session in Redis
-
-After https://redis.io/topics/quickstart[installing redis-cli], you can inspect the values in Redis https://redis.io/commands#hash[using the redis-cli].
-For example, enter the following into a terminal:
-
-[source,bash]
+[source,java,indent=0]
 ----
-$ redis-cli
-redis 127.0.0.1:6379> keys *
-1) "spring:session:sessions:4fc39ce3-63b3-4e17-b1c4-5e1ed96fb021" <1>
+include::{docs-itest-dir}docs/http/HttpSessionGemFireIndexingITests.java[tags=findbyspringsecurityindexname-context]
+include::{docs-itest-dir}docs/http/HttpSessionGemFireIndexingITests.java[tags=findbyspringsecurityindexname-get]
 ----

-<1> The suffix of this key is the session identifier of the Spring Session.
+[[api-gemfireoperationssessionrepository-indexing-custom]]
+==== Using Custom Indexes with GemFire

-You can also view the attributes of each session.
+This enables developers using the `GemFireOperationsSessionRepository` programmatically to query and find all Sessions
+with a given principal name efficiently.

-[source,bash]
+Additionally, Spring Session Data GemFire will create a Range-based Index on the implementing Session's Map-type
+`attributes` property (i.e. on any arbitrary Session attribute) when a developer identifies 1 or more named Session
+attributes that should be indexed by GemFire.
+
+Sessions attributes to index can be specified with the `indexableSessionAttributes` attribute on the `@EnableGemFireHttpSession`
+annotation.  A developer adds this annotation to their Spring application `@Configuration` class when s/he wishes to
+enable Spring Session support for HttpSession backed by GemFire.
+
+For example, the following configuration:
+
+[source,java,indent=0]
 ----
-redis 127.0.0.1:6379> hkeys spring:session:sessions:4fc39ce3-63b3-4e17-b1c4-5e1ed96fb021
-1) "lastAccessedTime"
-2) "creationTime"
-3) "maxInactiveInterval"
-4) "sessionAttr:username"
-redis 127.0.0.1:6379> hget spring:session:sessions:4fc39ce3-63b3-4e17-b1c4-5e1ed96fb021 sessionAttr:username
-"\xac\xed\x00\x05t\x00\x03rob"
+include::{docs-itest-dir}docs/http/gemfire/indexablesessionattributes/GemFireHttpSessionConfig.java[tags=class-start]
+	// ...
+}
 ----

+will allow searching for sessions using the following:
+
+[source,java,indent=0]
+----
+include::{docs-itest-dir}docs/http/gemfire/indexablesessionattributes/HttpSessionGemFireIndexingCustomITests.java[tags=findbyindexname-set]
+include::{docs-itest-dir}docs/http/gemfire/indexablesessionattributes/HttpSessionGemFireIndexingCustomITests.java[tags=findbyindexname-get]
+----
+
+NOTE: Only Session attribute names identified in the `@EnableGemFireHttpSession` annotation's `indexableSessionAttributes`
+attribute will have an Index defined.  All other Session attributes will not be indexed.
+
+However, there is one caveat. Any values stored in indexable Session attributes must implement the `java.lang.Comparable<T>`
+interface. If those object values do not implement `Comparable`, then GemFire will throw an error on startup when the
+Index is defined for Regions with persistent Session data, or when an attempt is made at runtime to assign the indexable
+Session attribute a value that is not `Comparable` and the Session is saved to GemFire.
+
+NOTE: Any Session attribute that is not indexed may store non-`Comparable` values.
+
+To learn more about GemFire's Range-based Indexes, see https://gemfire.docs.pivotal.io/docs-gemfire/latest/developing/query_index/creating_map_indexes.html[Creating Indexes on Map Fields].
+
+To learn more about GemFire Indexing in general, see https://gemfire.docs.pivotal.io/docs-gemfire/latest/developing/query_index/query_index.html[Working with Indexes].
+
+
 [[api-mapsessionrepository]]
 === MapSessionRepository

-The `MapSessionRepository` allows for persisting `Session` in a `Map` with the key being the `Session` ID and the value being the `Session`.
+The `MapSessionRepository` allows for persisting `ExpiringSession` in a `Map` with the key being the `ExpiringSession` id and the value being the `ExpiringSession`.
 The implementation can be used with a `ConcurrentHashMap` as a testing or convenience mechanism.
 Alternatively, it can be used with distributed `Map` implementations. For example, it can be used with Hazelcast.

@@ -1010,13 +1069,6 @@ To run it use the following:

 	./gradlew :samples:hazelcast-spring:tomcatRun

-[[api-reactivemapsessionrepository]]
-=== ReactiveMapSessionRepository
-
-The `ReactiveMapSessionRepository` allows for persisting `Session` in a `Map` with the key being the `Session` ID and the value being the `Session`.
-The implementation can be used with a `ConcurrentHashMap` as a testing or convenience mechanism.
-Alternatively, it can be used with distributed `Map` implementations with the requirement that the supplied `Map` must be a non-blocking.
-
 [[api-jdbcoperationssessionrepository]]
 === JdbcOperationsSessionRepository

@@ -1034,7 +1086,7 @@ A typical example of how to create a new instance can be seen below:
 include::{indexdoc-tests}[tags=new-jdbcoperationssessionrepository]
 ----

-For additional information on how to create and configure `JdbcTemplate` and `PlatformTransactionManager`, refer to the https://docs.spring.io/spring/docs/{spring-framework-version}/spring-framework-reference/data-access.html[Spring Framework Reference Documentation].
+For additional information on how to create and configure `JdbcTemplate` and `PlatformTransactionManager`, refer to the https://docs.spring.io/spring/docs/current/spring-framework-reference/html/spring-data-tier.html[Spring Framework Reference Documentation].

 [[api-jdbcoperationssessionrepository-config]]
 ==== EnableJdbcHttpSession
@@ -1070,14 +1122,14 @@ For example, with PostgreSQL database you would use the following schema script:

 [source,sql,indent=0]
 ----
-include::{session-jdbc-main-resources-dir}org/springframework/session/jdbc/schema-postgresql.sql[]
+include::{session-main-resources-dir}org/springframework/session/jdbc/schema-postgresql.sql[]
 ----

 And with MySQL database:

 [source,sql,indent=0]
 ----
-include::{session-jdbc-main-resources-dir}org/springframework/session/jdbc/schema-mysql.sql[]
+include::{session-main-resources-dir}org/springframework/session/jdbc/schema-mysql.sql[]
 ----

 ==== Transaction management
@@ -1101,7 +1153,7 @@ A typical example of how to create a new instance can be seen below:
 include::{indexdoc-tests}[tags=new-hazelcastsessionrepository]
 ----

-For additional information on how to create and configure Hazelcast instance, refer to the http://docs.hazelcast.org/docs/{hazelcast-version}/manual/html-single/index.html#hazelcast-configuration[Hazelcast documentation].
+For additional information on how to create and configure Hazelcast instance, refer to the https://docs.hazelcast.org/docs/latest/manual/html-single/index.html#hazelcast-configuration[Hazelcast documentation].

 [[api-enablehazelcasthttpsession]]
 ==== EnableHazelcastHttpSession
@@ -1138,70 +1190,6 @@ Note that if you use Hazelcast's `MapStore` to persist your sessions `IMap` ther
 * reload triggers `EntryAddedListener` which results in `SessionCreatedEvent` being re-published
 * reload uses default TTL for a given `IMap` which results in sessions losing their original TTL

-[[custom-sessionrepository]]
-== Custom SessionRepository
-
-Implementing a custom <<api-sessionrepository,`SessionRepository`>> API should be a fairly straightforward task.
-Coupling the custom implementation with <<api-enablespringhttpsession,`@EnableSpringHttpSession`>> support allow to easily reuse existing Spring Session configuration facilities and infrastructure.
-There are however a couple of aspects that deserve a closer consideration.
-
-During a lifecycle of an HTTP request, the `HttpSession` is typically is persisted to `SessionRepository` twice.
-First to ensure that the session is available to the clients as soon as the client has access to the session ID, and it is also necessary to write after the session is committed because further modifications to the session might be made.
-Having this in mind, it is generally recommended for a `SessionRepository` implementation to keep track of changes to ensure that only deltas are saved.
-This is in particular very important in highly concurrent environments, where multiple requests operate on the same `HttpSession` and therefore cause race conditions, with requests overriding each others changes to session attributes.
-All of the `SessionRepository` implementations provided by Spring Session use the described approach to persisting session changes and can be used for guidance while implementing custom `SessionRepository`.
-
-Note that the same recommendations apply for implementing a custom <<api-reactivesessionrepository,`ReactiveSessionRepository`>> as well.
-Of course, in this case the <<api-enablespringwebsession,`@EnableSpringWebSession`>> should be used.
-
-[[upgrading-2.0]]
-== Upgrading to 2.x
-
-With the new major release version, the Spring Session team took the opportunity to make some non-passive changes.
-The focus of these changes is to improve and harmonize Spring Session's APIs, as well as remove the deprecated components.
-
-=== Baseline update
-
-Spring Session 2.0 requires Java 8 and Spring Framework 5.0 as a baseline, since its entire codebase is now based on Java 8 source code.
-Refer to guide for https://github.com/spring-projects/spring-framework/wiki/Upgrading-to-Spring-Framework-5.x[Upgrading to Spring Framework 5.x] for reference on upgrading Spring Framework.
-
-=== Replaced and Removed Modules
-
-As a part of the project's split the modules, the existing `spring-session` has been replaced with `spring-session-core` module.
-The `spring-session-core` module holds only the common set of APIs and components while other modules contain the implementation of appropriate `SessionRepository` and functionality related to that data store.
-This applies to several existing that were previously a simple dependency aggregator helper modules but with new module arrangement actually carry the implementation:
-
-* Spring Session Data Redis
-* Spring Session JDBC
-* Spring Session Hazelcast
-
-Also the following modules were removed from the main project repository:
-
-* Spring Session Data MongoDB
-* Spring Session Data GemFire
-
-Note that these two have moved to separate repositories, and will continue to be available albeit under a changed artifact names:
-
-* https://github.com/spring-projects/spring-session-data-mongodb[`spring-session-data-mongodb`]
-* https://github.com/spring-projects/spring-session-data-geode[`spring-session-data-geode`]
-
-=== Replaced and Removed Packages, Classes and Methods
-
-* `ExpiringSession` API has been merged into `Session` API
-* `Session` API has been enhanced to make full use of Java 8
-* `Session` API has been extended with `changeSessionId` support
-* `SessionRepository` API has been updated to better align with Spring Data method naming conventions
-* `AbstractSessionEvent` and its subclasses are no longer constructable without an underlying `Session` object
-* Redis namespace used by `RedisOperationsSessionRepository` is now fully configurable, instead of being partial configurable
-* Redis configuration support has been updated to avoid registering a Spring Session specific `RedisTemplate` bean
-* JDBC configuration support has been updated to avoid registering a Spring Session specific `JdbcTemplate` bean
-* Previously deprecated classes and methods have been removed across the codebase
-
-=== Dropped Support
-
-As a part of the changes to `HttpSessionStrategy` and it's alignment to the counterpart from the reactive world, the support for managing multiple users' sessions in a single browser instance has been removed.
-The introduction of a new API to replace this functionality is under consideration for future releases.
-
 [[community]]
 == Spring Session Community

@@ -1217,12 +1205,12 @@ Similarly we encourage helping others by answering questions on StackOverflow.
 [[community-source]]
 === Source Code

-Our source code can be found on GitHub at https://github.com/spring-projects/spring-session/
+Our source code can be found on github at https://github.com/spring-projects/spring-session/

 [[community-issues]]
 === Issue Tracking

-We track issues in GitHub issues at https://github.com/spring-projects/spring-session/issues
+We track issues in github issues at https://github.com/spring-projects/spring-session/issues

 [[community-contributing]]
 === Contributing
@@ -1232,35 +1220,26 @@ We appreciate https://help.github.com/articles/using-pull-requests/[Pull Request
 [[community-license]]
 === License

-Spring Session is Open Source software released under the https://www.apache.org/licenses/LICENSE-2.0[Apache 2.0 license].
+Spring Session is Open Source software released under the https://www.apache.org/licenses/LICENSE-2.0.html[Apache 2.0 license].

 [[community-extensions]]
 === Community Extensions
-
-|===
-| Name | Location
-
-| Spring Session OrientDB
-| https://github.com/maseev/spring-session-orientdb
-
-| Spring Session Infinispan
-| http://infinispan.org/docs/dev/user_guide/user_guide.html#externalizing_session_using_spring_session
-
-|===
+https://github.com/maseev/spring-session-orientdb[Spring Session OrientDB]
+https://infinispan.org/docs/dev/user_guide/user_guide.html#externalizing_session_using_spring_session[Spring Session Infinispan]

 [[minimum-requirements]]
 == Minimum Requirements

 The minimum requirements for Spring Session are:

-* Java 8+
-* If you are running in a Servlet Container (not required), Servlet 3.1+
-* If you are using other Spring libraries (not required), the minimum required version is Spring 5.0.x.
+* Java 5+
+* If you are running in a Servlet Container (not required), Servlet 2.5+
+* If you are using other Spring libraries (not required), the minimum required version is Spring 3.2.14.
+While we re-run all unit tests against Spring 3.2.x, we recommend using the latest Spring 4.x version when possible.
 * `@EnableRedisHttpSession` requires Redis 2.8+. This is necessary to support <<api-redisoperationssessionrepository-expiration,Session Expiration>>
-* `@EnableHazelcastHttpSession` requires Hazelcast 3.6+. This is necessary to support <<api-enablehazelcasthttpsession-storage,`FindByIndexNameSessionRepository`>>

 [NOTE]
 ====
-At its core Spring Session only has a required dependency on `spring-jcl`.
+At its core Spring Session only has a required dependency on commons-logging.
 For an example of using Spring Session without any other Spring dependencies, refer to the <<samples,hazelcast sample>> application.
 ====
--- a/docs/src/integration-test/java/docs/AbstractGemFireIntegrationTests.java
+++ b/docs/src/integration-test/java/docs/AbstractGemFireIntegrationTests.java
@@ -0,0 +1,465 @@
+/*
+ * Copyright 2014-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package docs;
+
+import java.io.File;
+import java.io.IOException;
+import java.net.Socket;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Set;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.atomic.AtomicBoolean;
+
+import com.gemstone.gemfire.cache.Cache;
+import com.gemstone.gemfire.cache.CacheClosedException;
+import com.gemstone.gemfire.cache.DataPolicy;
+import com.gemstone.gemfire.cache.ExpirationAction;
+import com.gemstone.gemfire.cache.ExpirationAttributes;
+import com.gemstone.gemfire.cache.GemFireCache;
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.client.ClientCache;
+import com.gemstone.gemfire.cache.client.ClientCacheFactory;
+import com.gemstone.gemfire.cache.query.Index;
+import com.gemstone.gemfire.cache.server.CacheServer;
+import org.junit.Before;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationListener;
+import org.springframework.session.ExpiringSession;
+import org.springframework.session.data.gemfire.GemFireOperationsSessionRepository;
+import org.springframework.session.data.gemfire.support.GemFireUtils;
+import org.springframework.session.events.AbstractSessionEvent;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * AbstractGemFireIntegrationTests is an abstract base class encapsulating common
+ * operations for writing Spring Session GemFire integration tests.
+ *
+ * @author John Blum
+ * @since 1.1.0
+ * @see org.springframework.session.ExpiringSession
+ * @see org.springframework.session.events.AbstractSessionEvent
+ * @see com.gemstone.gemfire.cache.Cache
+ * @see com.gemstone.gemfire.cache.DataPolicy
+ * @see com.gemstone.gemfire.cache.ExpirationAttributes
+ * @see com.gemstone.gemfire.cache.GemFireCache
+ * @see com.gemstone.gemfire.cache.Region
+ * @see com.gemstone.gemfire.cache.client.ClientCache
+ * @see com.gemstone.gemfire.cache.server.CacheServer
+ */
+public class AbstractGemFireIntegrationTests {
+	public static final String GEMFIRE_LOG_LEVEL = System
+			.getProperty("spring.session.data.gemfire.log-level", "warning");
+
+	protected static final boolean DEFAULT_ENABLE_QUERY_DEBUGGING = false;
+	protected static final boolean GEMFIRE_QUERY_DEBUG = Boolean
+			.getBoolean("spring.session.data.gemfire.query.debug");
+
+	protected static final long DEFAULT_WAIT_DURATION = TimeUnit.SECONDS.toMillis(20);
+	protected static final long DEFAULT_WAIT_INTERVAL = 500L;
+
+	protected static final File WORKING_DIRECTORY = new File(
+			System.getProperty("user.dir"));
+
+	protected static final String DEFAULT_PROCESS_CONTROL_FILENAME = "process.ctl";
+
+	protected static final String GEMFIRE_LOG_FILE_NAME = System
+			.getProperty("spring.session.data.gemfire.log-file", "gemfire-server.log");
+
+	@Autowired
+	protected Cache gemfireCache;
+
+	@Autowired
+	protected GemFireOperationsSessionRepository sessionRepository;
+
+	@Before
+	public void setup() {
+		System.setProperty("gemfire.Query.VERBOSE",
+				String.valueOf(isQueryDebuggingEnabled()));
+	}
+
+	/* (non-Javadoc) */
+	protected static File createDirectory(String pathname) {
+		File directory = new File(WORKING_DIRECTORY, pathname);
+
+		assertThat(directory.isDirectory() || directory.mkdirs())
+				.as(String.format("Failed to create directory (%1$s)", directory))
+				.isTrue();
+
+		directory.deleteOnExit();
+
+		return directory;
+	}
+
+	/* (non-Javadoc) */
+	protected static List<String> createJavaProcessCommandLine(Class<?> type,
+			String... args) {
+		List<String> commandLine = new ArrayList<String>();
+
+		String javaHome = System.getProperty("java.home");
+		String javaExe = new File(new File(javaHome, "bin"), "java").getAbsolutePath();
+
+		commandLine.add(javaExe);
+		commandLine.add("-server");
+		commandLine.add("-ea");
+		commandLine.add(String.format("-Dgemfire.log-file=%1$s", GEMFIRE_LOG_FILE_NAME));
+		commandLine.add(String.format("-Dgemfire.log-level=%1$s", GEMFIRE_LOG_LEVEL));
+		commandLine
+				.add(String.format("-Dgemfire.Query.VERBOSE=%1$s", GEMFIRE_QUERY_DEBUG));
+		commandLine.addAll(extractJvmArguments(args));
+		commandLine.add("-classpath");
+		commandLine.add(System.getProperty("java.class.path"));
+		commandLine.add(type.getName());
+		commandLine.addAll(extractProgramArguments(args));
+
+		// System.err.printf("Java process command-line is (%1$s)%n", commandLine);
+
+		return commandLine;
+	}
+
+	/* (non-Javadoc) */
+	protected static List<String> extractJvmArguments(final String... args) {
+		List<String> jvmArgs = new ArrayList<String>(args.length);
+
+		for (String arg : args) {
+			if (arg.startsWith("-")) {
+				jvmArgs.add(arg);
+			}
+		}
+
+		return jvmArgs;
+	}
+
+	/* (non-Javadoc) */
+	protected static List<String> extractProgramArguments(final String... args) {
+		List<String> jvmArgs = new ArrayList<String>(args.length);
+
+		for (String arg : args) {
+			if (!arg.startsWith("-")) {
+				jvmArgs.add(arg);
+			}
+		}
+
+		return jvmArgs;
+	}
+
+	/* (non-Javadoc) */
+	protected static Process run(Class<?> type, File directory, String... args)
+			throws IOException {
+		return new ProcessBuilder().command(createJavaProcessCommandLine(type, args))
+				.directory(directory).start();
+	}
+
+	/* (non-Javadoc) */
+	protected static boolean waitForCacheServerToStart(CacheServer cacheServer) {
+		return waitForCacheServerToStart(cacheServer, DEFAULT_WAIT_DURATION);
+	}
+
+	/* (non-Javadoc) */
+	protected static boolean waitForCacheServerToStart(CacheServer cacheServer,
+			long duration) {
+		return waitForCacheServerToStart(cacheServer.getBindAddress(),
+				cacheServer.getPort(), duration);
+	}
+
+	/* (non-Javadoc) */
+	protected static boolean waitForCacheServerToStart(String host, int port) {
+		return waitForCacheServerToStart(host, port, DEFAULT_WAIT_DURATION);
+	}
+
+	/* (non-Javadoc) */
+	protected static boolean waitForCacheServerToStart(final String host, final int port,
+			long duration) {
+		return waitOnCondition(new Condition() {
+			AtomicBoolean connected = new AtomicBoolean(false);
+
+			public boolean evaluate() {
+				Socket socket = null;
+
+				try {
+					if (!connected.get()) {
+						socket = new Socket(host, port);
+						connected.set(true);
+					}
+				}
+				catch (IOException ignore) {
+				}
+				finally {
+					GemFireUtils.close(socket);
+				}
+
+				return connected.get();
+			}
+		}, duration);
+	}
+
+	// NOTE this method would not be necessary except Spring Sessions' build does not fork
+	// the test JVM
+	// for every test class.
+	/* (non-Javadoc) */
+	protected static boolean waitForClientCacheToClose() {
+		return waitForClientCacheToClose(DEFAULT_WAIT_DURATION);
+	}
+
+	/* (non-Javadoc) */
+	protected static boolean waitForClientCacheToClose(long duration) {
+		try {
+			final ClientCache clientCache = ClientCacheFactory.getAnyInstance();
+
+			clientCache.close();
+
+			waitOnCondition(new Condition() {
+				public boolean evaluate() {
+					return clientCache.isClosed();
+				}
+			}, duration);
+
+			return clientCache.isClosed();
+		}
+		catch (CacheClosedException ignore) {
+			return true;
+		}
+
+	}
+
+	/* (non-Javadoc) */
+	protected static boolean waitForProcessToStart(Process process, File directory) {
+		return waitForProcessToStart(process, directory, DEFAULT_WAIT_DURATION);
+	}
+
+	/* (non-Javadoc) */
+	@SuppressWarnings("all")
+	protected static boolean waitForProcessToStart(Process process, File directory,
+			long duration) {
+		final File processControl = new File(directory, DEFAULT_PROCESS_CONTROL_FILENAME);
+
+		waitOnCondition(new Condition() {
+			public boolean evaluate() {
+				return processControl.isFile();
+			}
+		}, duration);
+
+		return process.isAlive();
+	}
+
+	/* (non-Javadoc) */
+	protected static int waitForProcessToStop(Process process, File directory) {
+		return waitForProcessToStop(process, directory, DEFAULT_WAIT_DURATION);
+	}
+
+	/* (non-Javadoc) */
+	protected static int waitForProcessToStop(Process process, File directory,
+			long duration) {
+		final long timeout = (System.currentTimeMillis() + duration);
+
+		try {
+			while (process.isAlive() && System.currentTimeMillis() < timeout) {
+				if (process.waitFor(DEFAULT_WAIT_INTERVAL, TimeUnit.MILLISECONDS)) {
+					return process.exitValue();
+				}
+			}
+		}
+		catch (InterruptedException e) {
+			Thread.currentThread().interrupt();
+		}
+
+		return (process.isAlive() ? -1 : process.exitValue());
+	}
+
+	/* (non-Javadoc) */
+	protected static boolean waitOnCondition(Condition condition) {
+		return waitOnCondition(condition, DEFAULT_WAIT_DURATION);
+	}
+
+	/* (non-Javadoc) */
+	@SuppressWarnings("all")
+	protected static boolean waitOnCondition(Condition condition, long duration) {
+		final long timeout = (System.currentTimeMillis() + duration);
+
+		try {
+			while (!condition.evaluate() && System.currentTimeMillis() < timeout) {
+				synchronized (condition) {
+					TimeUnit.MILLISECONDS.timedWait(condition, DEFAULT_WAIT_INTERVAL);
+				}
+			}
+		}
+		catch (InterruptedException e) {
+			Thread.currentThread().interrupt();
+		}
+
+		return condition.evaluate();
+	}
+
+	/* (non-Javadoc) */
+	protected static File writeProcessControlFile(File path) throws IOException {
+		assertThat(path != null && path.isDirectory()).isTrue();
+
+		File processControl = new File(path, DEFAULT_PROCESS_CONTROL_FILENAME);
+
+		assertThat(processControl.createNewFile()).isTrue();
+
+		processControl.deleteOnExit();
+
+		return processControl;
+	}
+
+	/* (non-Javadoc) */
+	protected void assertRegion(Region<?, ?> actualRegion, String expectedName,
+			DataPolicy expectedDataPolicy) {
+		assertThat(actualRegion).isNotNull();
+		assertThat(actualRegion.getName()).isEqualTo(expectedName);
+		assertThat(actualRegion.getFullPath())
+				.isEqualTo(GemFireUtils.toRegionPath(expectedName));
+		assertThat(actualRegion.getAttributes()).isNotNull();
+		assertThat(actualRegion.getAttributes().getDataPolicy())
+				.isEqualTo(expectedDataPolicy);
+	}
+
+	/* (non-Javadoc) */
+	protected void assertIndex(Index index, String expectedExpression,
+			String expectedFromClause) {
+		assertThat(index).isNotNull();
+		assertThat(index.getIndexedExpression()).isEqualTo(expectedExpression);
+		assertThat(index.getFromClause()).isEqualTo(expectedFromClause);
+	}
+
+	/* (non-Javadoc) */
+	protected void assertEntryIdleTimeout(Region<?, ?> region,
+			ExpirationAction expectedAction, int expectedTimeout) {
+		assertEntryIdleTimeout(region.getAttributes().getEntryIdleTimeout(),
+				expectedAction, expectedTimeout);
+	}
+
+	/* (non-Javadoc) */
+	protected void assertEntryIdleTimeout(ExpirationAttributes actualExpirationAttributes,
+			ExpirationAction expectedAction, int expectedTimeout) {
+		assertThat(actualExpirationAttributes).isNotNull();
+		assertThat(actualExpirationAttributes.getAction()).isEqualTo(expectedAction);
+		assertThat(actualExpirationAttributes.getTimeout()).isEqualTo(expectedTimeout);
+	}
+
+	/* (non-Javadoc) */
+	protected boolean enableQueryDebugging() {
+		return DEFAULT_ENABLE_QUERY_DEBUGGING;
+	}
+
+	/* (non-Javadoc) */
+	protected boolean isQueryDebuggingEnabled() {
+		return (GEMFIRE_QUERY_DEBUG || enableQueryDebugging());
+	}
+
+	/* (non-Javadoc) */
+	protected List<String> listRegions(GemFireCache gemfireCache) {
+		Set<Region<?, ?>> regions = gemfireCache.rootRegions();
+
+		List<String> regionList = new ArrayList<String>(regions.size());
+
+		for (Region<?, ?> region : regions) {
+			regionList.add(region.getFullPath());
+		}
+
+		return regionList;
+	}
+
+	/* (non-Javadoc) */
+	@SuppressWarnings("unchecked")
+	protected <T extends ExpiringSession> T createSession() {
+		T expiringSession = (T) this.sessionRepository.createSession();
+		assertThat(expiringSession).isNotNull();
+		return expiringSession;
+	}
+
+	/* (non-Javadoc) */
+	@SuppressWarnings("unchecked")
+	protected <T extends ExpiringSession> T createSession(String principalName) {
+		GemFireOperationsSessionRepository.GemFireSession session = createSession();
+		session.setPrincipalName(principalName);
+		return (T) session;
+	}
+
+	/* (non-Javadoc) */
+	protected <T extends ExpiringSession> T expire(T session) {
+		session.setLastAccessedTime(0L);
+		return session;
+	}
+
+	/* (non-Javadoc) */
+	@SuppressWarnings("unchecked")
+	protected <T extends ExpiringSession> T get(String sessionId) {
+		return (T) this.sessionRepository.getSession(sessionId);
+	}
+
+	/* (non-Javadoc) */
+	protected <T extends ExpiringSession> T save(T session) {
+		this.sessionRepository.save(session);
+		return session;
+	}
+
+	/* (non-Javadoc) */
+	protected <T extends ExpiringSession> T touch(T session) {
+		session.setLastAccessedTime(System.currentTimeMillis());
+		return session;
+	}
+
+	/**
+	 * The SessionEventListener class is a Spring {@link ApplicationListener} listening
+	 * for Spring HTTP Session application events.
+	 *
+	 * @see org.springframework.context.ApplicationListener
+	 * @see org.springframework.session.events.AbstractSessionEvent
+	 */
+	public static class SessionEventListener
+			implements ApplicationListener<AbstractSessionEvent> {
+
+		private volatile AbstractSessionEvent sessionEvent;
+
+		/* (non-Javadoc) */
+		@SuppressWarnings("unchecked")
+		public <T extends AbstractSessionEvent> T getSessionEvent() {
+			T sessionEvent = (T) this.sessionEvent;
+			this.sessionEvent = null;
+			return sessionEvent;
+		}
+
+		/* (non-Javadoc) */
+		public void onApplicationEvent(AbstractSessionEvent event) {
+			this.sessionEvent = event;
+		}
+
+		/* (non-Javadoc) */
+		public <T extends AbstractSessionEvent> T waitForSessionEvent(long duration) {
+			waitOnCondition(new Condition() {
+				public boolean evaluate() {
+					return (SessionEventListener.this.sessionEvent != null);
+				}
+			}, duration);
+
+			return getSessionEvent();
+		}
+	}
+
+	/**
+	 * The Condition interface defines a logical condition that must be satisfied before
+	 * it is safe to proceed.
+	 */
+	protected interface Condition {
+		boolean evaluate();
+	}
+
+}
--- a/docs/src/integration-test/java/docs/http/HttpSessionGemFireIndexingITests.java
+++ b/docs/src/integration-test/java/docs/http/HttpSessionGemFireIndexingITests.java
@@ -0,0 +1,123 @@
+/*
+ * Copyright 2014-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package docs.http;
+
+import java.util.Map;
+import java.util.Properties;
+
+import docs.AbstractGemFireIntegrationTests;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.gemfire.CacheFactoryBean;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.test.context.support.WithMockUser;
+import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
+import org.springframework.session.ExpiringSession;
+import org.springframework.session.FindByIndexNameSessionRepository;
+import org.springframework.session.data.gemfire.config.annotation.web.http.EnableGemFireHttpSession;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * @author Rob Winch
+ *
+ */
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration
+public class HttpSessionGemFireIndexingITests extends AbstractGemFireIntegrationTests {
+
+	@Test
+	public void findByIndexName() {
+		ExpiringSession session = sessionRepository.createSession();
+		String username = "HttpSessionGemFireIndexingITests-findByIndexName-username";
+
+		// tag::findbyindexname-set[]
+		String indexName = FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME;
+		session.setAttribute(indexName, username);
+		// end::findbyindexname-set[]
+
+		sessionRepository.save(session);
+
+		// tag::findbyindexname-get[]
+		Map<String, ExpiringSession> idToSessions = sessionRepository
+				.findByIndexNameAndIndexValue(indexName, username);
+		// end::findbyindexname-get[]
+
+		assertThat(idToSessions.keySet()).containsOnly(session.getId());
+
+		sessionRepository.delete(session.getId());
+	}
+
+	@Test
+	@WithMockUser("HttpSessionGemFireIndexingITests-findBySpringSecurityIndexName")
+	public void findBySpringSecurityIndexName() {
+		ExpiringSession session = sessionRepository.createSession();
+
+		// tag::findbyspringsecurityindexname-context[]
+		SecurityContext context = SecurityContextHolder.getContext();
+		Authentication authentication = context.getAuthentication();
+		// end::findbyspringsecurityindexname-context[]
+
+		session.setAttribute(
+				HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
+				context);
+		sessionRepository.save(session);
+
+		// tag::findbyspringsecurityindexname-get[]
+		String indexName = FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME;
+		Map<String, ExpiringSession> idToSessions = sessionRepository
+				.findByIndexNameAndIndexValue(indexName, authentication.getName());
+		// end::findbyspringsecurityindexname-get[]
+
+		assertThat(idToSessions.keySet()).containsOnly(session.getId());
+
+		sessionRepository.delete(session.getId());
+	}
+
+	@Configuration
+	@EnableGemFireHttpSession
+	static class Config {
+
+		@Bean
+		Properties gemfireProperties() {
+			Properties gemfireProperties = new Properties();
+
+			gemfireProperties.setProperty("name", Config.class.getName());
+			gemfireProperties.setProperty("mcast-port", "0");
+			gemfireProperties.setProperty("log-level", GEMFIRE_LOG_LEVEL);
+
+			return gemfireProperties;
+		}
+
+		@Bean
+		CacheFactoryBean gemfireCache() {
+			CacheFactoryBean gemfireCache = new CacheFactoryBean();
+
+			gemfireCache.setClose(true);
+			gemfireCache.setProperties(gemfireProperties());
+
+			return gemfireCache;
+		}
+	}
+}
--- a/docs/src/integration-test/java/docs/http/gemfire/indexablesessionattributes/GemFireHttpSessionConfig.java
+++ b/docs/src/integration-test/java/docs/http/gemfire/indexablesessionattributes/GemFireHttpSessionConfig.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2014-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package docs.http.gemfire.indexablesessionattributes;
+
+import java.util.Properties;
+
+import docs.AbstractGemFireIntegrationTests;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.data.gemfire.CacheFactoryBean;
+import org.springframework.session.data.gemfire.config.annotation.web.http.EnableGemFireHttpSession;
+
+/**
+ * @author Rob Winch
+ *
+ */
+// tag::class-start[]
+@EnableGemFireHttpSession(indexableSessionAttributes = { "name1", "name2", "name3" })
+public class GemFireHttpSessionConfig {
+	// end::class-start[]
+
+	@Bean
+	Properties gemfireProperties() {
+		Properties gemfireProperties = new Properties();
+
+		gemfireProperties.setProperty("name", GemFireHttpSessionConfig.class.getName());
+		gemfireProperties.setProperty("mcast-port", "0");
+		gemfireProperties.setProperty("log-level",
+				AbstractGemFireIntegrationTests.GEMFIRE_LOG_LEVEL);
+
+		return gemfireProperties;
+	}
+
+	@Bean
+	CacheFactoryBean gemfireCache() {
+		CacheFactoryBean gemfireCache = new CacheFactoryBean();
+
+		gemfireCache.setClose(true);
+		gemfireCache.setProperties(gemfireProperties());
+
+		return gemfireCache;
+	}
+}
--- a/docs/src/integration-test/java/docs/http/gemfire/indexablesessionattributes/HttpSessionGemFireIndexingCustomITests.java
+++ b/docs/src/integration-test/java/docs/http/gemfire/indexablesessionattributes/HttpSessionGemFireIndexingCustomITests.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2014-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package docs.http.gemfire.indexablesessionattributes;
+
+import java.util.Map;
+
+import docs.AbstractGemFireIntegrationTests;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import org.springframework.session.ExpiringSession;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * @author Rob Winch
+ *
+ */
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration(classes = GemFireHttpSessionConfig.class)
+public class HttpSessionGemFireIndexingCustomITests
+		extends AbstractGemFireIntegrationTests {
+
+	@Test
+	public void findByIndexName() {
+		ExpiringSession session = sessionRepository.createSession();
+		String attrValue = "HttpSessionGemFireIndexingCustomITests-findByIndexName";
+
+		// tag::findbyindexname-set[]
+		String indexName = "name1";
+		session.setAttribute(indexName, attrValue);
+		// end::findbyindexname-set[]
+
+		sessionRepository.save(session);
+
+		// tag::findbyindexname-get[]
+		Map<String, ExpiringSession> idToSessions = sessionRepository
+				.findByIndexNameAndIndexValue(indexName, attrValue);
+		// end::findbyindexname-get[]
+
+		assertThat(idToSessions.keySet()).containsOnly(session.getId());
+
+		sessionRepository.delete(session.getId());
+	}
+}
--- a/docs/src/main/java/docs/Docs.java
+++ b/docs/src/main/java/docs/Docs.java
@@ -5,7 +5,7 @@
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
--- a/docs/src/test/java/docs/FindByIndexNameSessionRepositoryTests.java
+++ b/docs/src/test/java/docs/FindByIndexNameSessionRepositoryTests.java
@@ -1,11 +1,11 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2016 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
@@ -21,7 +21,7 @@ import java.util.Map;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
-import org.mockito.junit.MockitoJUnitRunner;
+import org.mockito.runners.MockitoJUnitRunner;

 import org.springframework.session.FindByIndexNameSessionRepository;
 import org.springframework.session.Session;
--- a/docs/src/test/java/docs/HttpSessionConfigurationNoOpConfigureRedisActionXmlTests.java
+++ b/docs/src/test/java/docs/HttpSessionConfigurationNoOpConfigureRedisActionXmlTests.java
@@ -1,11 +1,11 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2016 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
@@ -21,10 +21,10 @@ import org.junit.runner.RunWith;

 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.redis.connection.RedisConnectionFactory;
-import org.springframework.session.Session;
+import org.springframework.session.ExpiringSession;
 import org.springframework.session.web.http.SessionRepositoryFilter;
 import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringRunner;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import org.springframework.test.context.web.WebAppConfiguration;

 import static org.assertj.core.api.Assertions.assertThat;
@@ -33,12 +33,12 @@ import static org.mockito.Mockito.mock;
 /**
 * @author Rob Winch
 */
-@RunWith(SpringRunner.class)
+@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration
@WebAppConfiguration
 public class HttpSessionConfigurationNoOpConfigureRedisActionXmlTests {
 	@Autowired
-	SessionRepositoryFilter<? extends Session> filter;
+	SessionRepositoryFilter<? extends ExpiringSession> filter;

 	@Test
 	public void redisConnectionFactoryNotUsedSinceNoValidation() {
--- a/docs/src/test/java/docs/IndexDocTests.java
+++ b/docs/src/test/java/docs/IndexDocTests.java
@@ -1,11 +1,11 @@
 /*
- * Copyright 2014-2018 the original author or authors.
+ * Copyright 2014-2016 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
@@ -16,28 +16,21 @@

 package docs;

-import java.time.Duration;
-import java.util.concurrent.ConcurrentHashMap;
-
 import com.hazelcast.config.Config;
 import com.hazelcast.core.Hazelcast;
 import com.hazelcast.core.HazelcastInstance;
+import com.hazelcast.core.IMap;
 import org.junit.Test;

 import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
-import org.springframework.data.redis.core.ReactiveRedisTemplate;
-import org.springframework.data.redis.core.RedisTemplate;
-import org.springframework.data.redis.serializer.JdkSerializationRedisSerializer;
-import org.springframework.data.redis.serializer.RedisSerializationContext;
 import org.springframework.jdbc.core.JdbcTemplate;
 import org.springframework.jdbc.datasource.DataSourceTransactionManager;
 import org.springframework.mock.web.MockServletContext;
+import org.springframework.session.ExpiringSession;
 import org.springframework.session.MapSession;
 import org.springframework.session.MapSessionRepository;
-import org.springframework.session.ReactiveSessionRepository;
 import org.springframework.session.Session;
 import org.springframework.session.SessionRepository;
-import org.springframework.session.data.redis.ReactiveRedisOperationsSessionRepository;
 import org.springframework.session.data.redis.RedisOperationsSessionRepository;
 import org.springframework.session.hazelcast.HazelcastSessionRepository;
 import org.springframework.session.jdbc.JdbcOperationsSessionRepository;
@@ -56,8 +49,8 @@ public class IndexDocTests {

 	@Test
 	public void repositoryDemo() {
-		RepositoryDemo<MapSession> demo = new RepositoryDemo<>();
-		demo.repository = new MapSessionRepository(new ConcurrentHashMap<>());
+		RepositoryDemo<ExpiringSession> demo = new RepositoryDemo<ExpiringSession>();
+		demo.repository = new MapSessionRepository();

 		demo.demo();
 	}
@@ -75,7 +68,7 @@ public class IndexDocTests {

 			this.repository.save(toSave); // <4>

-			S session = this.repository.findById(toSave.getId()); // <5>
+			S session = this.repository.getSession(toSave.getId()); // <5>

 			// <6>
 			User user = session.getAttribute(ATTR_USER);
@@ -88,24 +81,24 @@ public class IndexDocTests {

 	@Test
 	public void expireRepositoryDemo() {
-		ExpiringRepositoryDemo<MapSession> demo = new ExpiringRepositoryDemo<>();
-		demo.repository = new MapSessionRepository(new ConcurrentHashMap<>());
+		ExpiringRepositoryDemo<ExpiringSession> demo = new ExpiringRepositoryDemo<ExpiringSession>();
+		demo.repository = new MapSessionRepository();

 		demo.demo();
 	}

 	// tag::expire-repository-demo[]
-	public class ExpiringRepositoryDemo<S extends Session> {
+	public class ExpiringRepositoryDemo<S extends ExpiringSession> {
 		private SessionRepository<S> repository; // <1>

 		public void demo() {
 			S toSave = this.repository.createSession(); // <2>
 			// ...
-			toSave.setMaxInactiveInterval(Duration.ofSeconds(30)); // <3>
+			toSave.setMaxInactiveIntervalInSeconds(30); // <3>

 			this.repository.save(toSave); // <4>

-			S session = this.repository.findById(toSave.getId()); // <5>
+			S session = this.repository.getSession(toSave.getId()); // <5>
 			// ...
 		}

@@ -117,41 +110,17 @@ public class IndexDocTests {
 	@SuppressWarnings("unused")
 	public void newRedisOperationsSessionRepository() {
 		// tag::new-redisoperationssessionrepository[]
-		RedisTemplate<Object, Object> redisTemplate = new RedisTemplate<>();
-
-		// ... configure redisTemplate ...
-
-		SessionRepository<? extends Session> repository =
-				new RedisOperationsSessionRepository(redisTemplate);
+		LettuceConnectionFactory factory = new LettuceConnectionFactory();
+		SessionRepository<? extends ExpiringSession> repository = new RedisOperationsSessionRepository(
+				factory);
 		// end::new-redisoperationssessionrepository[]
 	}

-	@Test
-	@SuppressWarnings("unused")
-	public void newReactiveRedisOperationsSessionRepository() {
-		LettuceConnectionFactory connectionFactory = new LettuceConnectionFactory();
-		RedisSerializationContext<String, Object> serializationContext = RedisSerializationContext
-				.<String, Object>newSerializationContext(
-						new JdkSerializationRedisSerializer())
-				.build();
-
-		// tag::new-reactiveredisoperationssessionrepository[]
-		// ... create and configure connectionFactory and serializationContext ...
-
-		ReactiveRedisTemplate<String, Object> redisTemplate = new ReactiveRedisTemplate<>(
-				connectionFactory, serializationContext);
-
-		ReactiveSessionRepository<? extends Session> repository =
-				new ReactiveRedisOperationsSessionRepository(redisTemplate);
-		// end::new-reactiveredisoperationssessionrepository[]
-	}
-
 	@Test
 	@SuppressWarnings("unused")
 	public void mapRepository() {
 		// tag::new-mapsessionrepository[]
-		SessionRepository<? extends Session> repository = new MapSessionRepository(
-				new ConcurrentHashMap<>());
+		SessionRepository<? extends ExpiringSession> repository = new MapSessionRepository();
 		// end::new-mapsessionrepository[]
 	}

@@ -167,7 +136,7 @@ public class IndexDocTests {

 		// ... configure transactionManager ...

-		SessionRepository<? extends Session> repository =
+		SessionRepository<? extends ExpiringSession> repository =
 				new JdbcOperationsSessionRepository(jdbcTemplate, transactionManager);
 		// end::new-jdbcoperationssessionrepository[]
 	}
@@ -183,8 +152,11 @@ public class IndexDocTests {

 		HazelcastInstance hazelcastInstance = Hazelcast.newHazelcastInstance(config);

+		IMap<String, MapSession> sessions = hazelcastInstance
+				.getMap("spring:session:sessions");
+
 		HazelcastSessionRepository repository =
-				new HazelcastSessionRepository(hazelcastInstance);
+				new HazelcastSessionRepository(sessions);
 		// end::new-hazelcastsessionrepository[]
 	}

--- a/docs/src/test/java/docs/RedisHttpSessionConfigurationNoOpConfigureRedisActionTests.java
+++ b/docs/src/test/java/docs/RedisHttpSessionConfigurationNoOpConfigureRedisActionTests.java
@@ -5,7 +5,7 @@
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
@@ -25,7 +25,7 @@ import org.springframework.data.redis.connection.RedisConnectionFactory;
 import org.springframework.session.data.redis.config.ConfigureRedisAction;
 import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
 import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringRunner;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import org.springframework.test.context.web.WebAppConfiguration;

 import static org.mockito.Mockito.mock;
@@ -33,7 +33,7 @@ import static org.mockito.Mockito.mock;
 /**
 * @author Rob Winch
 */
-@RunWith(SpringRunner.class)
+@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration
@WebAppConfiguration
 public class RedisHttpSessionConfigurationNoOpConfigureRedisActionTests {
--- a/docs/src/test/java/docs/SpringHttpSessionConfig.java
+++ b/docs/src/test/java/docs/SpringHttpSessionConfig.java
@@ -1,11 +1,11 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2016 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
@@ -16,8 +16,6 @@

 package docs;

-import java.util.concurrent.ConcurrentHashMap;
-
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.session.MapSessionRepository;
@@ -29,7 +27,7 @@ import org.springframework.session.config.annotation.web.http.EnableSpringHttpSe
 public class SpringHttpSessionConfig {
 	@Bean
 	public MapSessionRepository sessionRepository() {
-		return new MapSessionRepository(new ConcurrentHashMap<>());
+		return new MapSessionRepository();
 	}
 }
 // end::class[]
--- a/docs/src/test/java/docs/http/AbstractHttpSessionListenerTests.java
+++ b/docs/src/test/java/docs/http/AbstractHttpSessionListenerTests.java
@@ -1,11 +1,11 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2016 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
@@ -16,8 +16,6 @@

 package docs.http;

-import java.util.Properties;
-
 import org.junit.Test;
 import org.junit.runner.RunWith;

@@ -29,20 +27,18 @@ import org.springframework.data.redis.connection.RedisConnectionFactory;
 import org.springframework.security.core.session.SessionDestroyedEvent;
 import org.springframework.session.MapSession;
 import org.springframework.session.Session;
-import org.springframework.test.context.junit4.SpringRunner;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import org.springframework.test.context.web.WebAppConfiguration;

 import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;

 /**
 * @author Rob Winch
- * @author Mark Paluch
 * @since 1.2
 */
-@RunWith(SpringRunner.class)
+@RunWith(SpringJUnit4ClassRunner.class)
@WebAppConfiguration
 public abstract class AbstractHttpSessionListenerTests {
 	@Autowired
@@ -67,7 +63,6 @@ public abstract class AbstractHttpSessionListenerTests {
 		RedisConnection connection = mock(RedisConnection.class);

 		given(factory.getConnection()).willReturn(connection);
-		given(connection.getConfig(anyString())).willReturn(new Properties());
 		return factory;
 	}

@@ -82,7 +77,6 @@ public abstract class AbstractHttpSessionListenerTests {
 		 * @see org.springframework.context.ApplicationListener#onApplicationEvent(org.
 		 * springframework.context.ApplicationEvent)
 		 */
-		@Override
 		public void onApplicationEvent(SessionDestroyedEvent event) {
 			this.event = event;
 		}
--- a/docs/src/test/java/docs/http/HazelcastHttpSessionConfig.java
+++ b/docs/src/test/java/docs/http/HazelcastHttpSessionConfig.java
@@ -1,11 +1,11 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2016 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
@@ -41,7 +41,7 @@ public class HazelcastHttpSessionConfig {

 		Config config = new Config();

-		config.getMapConfig(HazelcastSessionRepository.DEFAULT_SESSION_MAP_NAME) // <2>
+		config.getMapConfig("spring:session:sessions") // <2>
 				.addMapAttributeConfig(attributeConfig)
 				.addMapIndexConfig(new MapIndexConfig(
 						HazelcastSessionRepository.PRINCIPAL_NAME_ATTRIBUTE, false));
--- a/docs/src/test/java/docs/http/HttpSessionListenerJavaConfigTests.java
+++ b/docs/src/test/java/docs/http/HttpSessionListenerJavaConfigTests.java
@@ -5,7 +5,7 @@
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
--- a/docs/src/test/java/docs/http/HttpSessionListenerXmlTests.java
+++ b/docs/src/test/java/docs/http/HttpSessionListenerXmlTests.java
@@ -5,7 +5,7 @@
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
--- a/docs/src/test/java/docs/http/MongoJacksonSessionConfiguration.java
+++ b/docs/src/test/java/docs/http/MongoJacksonSessionConfiguration.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2014-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package docs.http;
+
+import java.util.Collections;
+
+import com.fasterxml.jackson.databind.Module;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.session.data.mongo.AbstractMongoSessionConverter;
+import org.springframework.session.data.mongo.JacksonMongoSessionConverter;
+import org.springframework.session.data.mongo.config.annotation.web.http.EnableMongoHttpSession;
+
+/**
+ *
+ * @author Jakub Kubrynski
+ * @author Rob Winch
+ */
+// tag::config[]
+@Configuration
+@EnableMongoHttpSession
+public class MongoJacksonSessionConfiguration {
+
+	@Bean
+	public AbstractMongoSessionConverter mongoSessionConverter() {
+		return new JacksonMongoSessionConverter(getJacksonModules());
+	}
+
+	public Iterable<Module> getJacksonModules() {
+		return Collections.<Module>singletonList(new MyJacksonModule());
+	}
+}
+// end::config[]
--- a/docs/src/test/java/docs/http/MongoJdkSessionConfiguration.java
+++ b/docs/src/test/java/docs/http/MongoJdkSessionConfiguration.java
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2014-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package docs.http;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.session.data.mongo.AbstractMongoSessionConverter;
+import org.springframework.session.data.mongo.JdkMongoSessionConverter;
+import org.springframework.session.data.mongo.config.annotation.web.http.EnableMongoHttpSession;
+
+/**
+ *
+ * @author Jakub Kubrynski
+ * @author Rob Winch
+ */
+// tag::config[]
+@Configuration
+@EnableMongoHttpSession
+public class MongoJdkSessionConfiguration {
+
+	@Bean
+	public AbstractMongoSessionConverter mongoSessionConverter() {
+		return new JdkMongoSessionConverter();
+	}
+}
+// end::config[]
--- a/spring-session-core/src/main/java/org/springframework/session/web/server/session/package-info.java
+++ b/spring-session-core/src/main/java/org/springframework/session/web/server/session/package-info.java
@@ -1,11 +1,11 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2016 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
@@ -14,10 +14,9 @@
 * limitations under the License.
 */

-/**
- * Spring Session reactive web support.
- */
-@NonNullApi
-package org.springframework.session.web.server.session;
+package docs.http;

-import org.springframework.lang.NonNullApi;
+import com.fasterxml.jackson.databind.module.SimpleModule;
+
+class MyJacksonModule extends SimpleModule {
+}
--- a/docs/src/test/java/docs/http/RedisHttpSessionConfig.java
+++ b/docs/src/test/java/docs/http/RedisHttpSessionConfig.java
@@ -5,7 +5,7 @@
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
--- a/docs/src/test/java/docs/security/RememberMeSecurityConfiguration.java
+++ b/docs/src/test/java/docs/security/RememberMeSecurityConfiguration.java
@@ -1,11 +1,11 @@
 /*
- * Copyright 2014-2018 the original author or authors.
+ * Copyright 2014-2016 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
@@ -16,8 +16,6 @@

 package docs.security;

-import java.util.concurrent.ConcurrentHashMap;
-
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -67,13 +65,15 @@ public class RememberMeSecurityConfiguration extends WebSecurityConfigurerAdapte
 	@Override
 	@Bean
 	public InMemoryUserDetailsManager userDetailsService() {
-		return new InMemoryUserDetailsManager(User.withUsername("user")
-				.password("{noop}password").roles("USER").build());
+		InMemoryUserDetailsManager uds = new InMemoryUserDetailsManager();
+		uds.createUser(
+				User.withUsername("user").password("password").roles("USER").build());
+		return uds;
 	}

 	@Bean
 	MapSessionRepository sessionRepository() {
-		return new MapSessionRepository(new ConcurrentHashMap<>());
+		return new MapSessionRepository();
 	}
 }
 // end::class[]
--- a/docs/src/test/java/docs/security/RememberMeSecurityConfigurationTests.java
+++ b/docs/src/test/java/docs/security/RememberMeSecurityConfigurationTests.java
@@ -1,11 +1,11 @@
 /*
- * Copyright 2014-2018 the original author or authors.
+ * Copyright 2014-2016 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
@@ -16,23 +16,20 @@

 package docs.security;

-import java.net.HttpCookie;
-import java.time.Duration;
-import java.util.Base64;
+import java.util.concurrent.TimeUnit;

-import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.Cookie;

 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;

 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.http.HttpHeaders;
-import org.springframework.session.Session;
+import org.springframework.session.ExpiringSession;
 import org.springframework.session.SessionRepository;
 import org.springframework.session.web.http.SessionRepositoryFilter;
 import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringRunner;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import org.springframework.test.context.web.WebAppConfiguration;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
@@ -45,13 +42,12 @@ import static org.springframework.security.test.web.servlet.setup.SecurityMockMv

 /**
 * @author rwinch
- * @author Vedran Pavic
 */
-@RunWith(SpringRunner.class)
+@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(classes = RememberMeSecurityConfiguration.class)
@WebAppConfiguration
@SuppressWarnings("rawtypes")
-public class RememberMeSecurityConfigurationTests<T extends Session> {
+public class RememberMeSecurityConfigurationTests<T extends ExpiringSession> {
 	@Autowired
 	WebApplicationContext context;
 	@Autowired
@@ -81,23 +77,12 @@ public class RememberMeSecurityConfigurationTests<T extends Session> {
 			.andReturn();
 		// @formatter:on

-		HttpCookie cookie = getSessionCookie(result.getResponse());
+		Cookie cookie = result.getResponse().getCookie("SESSION");
 		assertThat(cookie.getMaxAge()).isEqualTo(Integer.MAX_VALUE);
-		T session = this.sessions
-				.findById(new String(Base64.getDecoder().decode(cookie.getValue())));
-		assertThat(session.getMaxInactiveInterval())
-				.isEqualTo(Duration.ofDays(30));
+		T session = this.sessions.getSession(cookie.getValue());
+		assertThat(session.getMaxInactiveIntervalInSeconds())
+				.isEqualTo((int) TimeUnit.DAYS.toSeconds(30));

 	}
-
-	private HttpCookie getSessionCookie(HttpServletResponse response) {
-		for (HttpCookie cookie : HttpCookie.parse(response.getHeader(HttpHeaders.SET_COOKIE))) {
-			if ("SESSION".equals(cookie.getName())) {
-				return cookie;
-			}
-		}
-		return null;
-	}
-
 }
 // end::class[]
--- a/docs/src/test/java/docs/security/RememberMeSecurityConfigurationXmlTests.java
+++ b/docs/src/test/java/docs/security/RememberMeSecurityConfigurationXmlTests.java
@@ -1,11 +1,11 @@
 /*
- * Copyright 2014-2018 the original author or authors.
+ * Copyright 2014-2016 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
@@ -16,23 +16,20 @@

 package docs.security;

-import java.net.HttpCookie;
-import java.time.Duration;
-import java.util.Base64;
+import java.util.concurrent.TimeUnit;

-import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.Cookie;

 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;

 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.http.HttpHeaders;
-import org.springframework.session.Session;
+import org.springframework.session.ExpiringSession;
 import org.springframework.session.SessionRepository;
 import org.springframework.session.web.http.SessionRepositoryFilter;
 import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringRunner;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import org.springframework.test.context.web.WebAppConfiguration;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
@@ -45,13 +42,12 @@ import static org.springframework.security.test.web.servlet.setup.SecurityMockMv

 /**
 * @author rwinch
- * @author Vedran Pavic
 */
-@RunWith(SpringRunner.class)
+@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration
@WebAppConfiguration
@SuppressWarnings("rawtypes")
-public class RememberMeSecurityConfigurationXmlTests<T extends Session> {
+public class RememberMeSecurityConfigurationXmlTests<T extends ExpiringSession> {
 	@Autowired
 	WebApplicationContext context;
 	@Autowired
@@ -81,23 +77,12 @@ public class RememberMeSecurityConfigurationXmlTests<T extends Session> {
 			.andReturn();
 		// @formatter:on

-		HttpCookie cookie = getSessionCookie(result.getResponse());
+		Cookie cookie = result.getResponse().getCookie("SESSION");
 		assertThat(cookie.getMaxAge()).isEqualTo(Integer.MAX_VALUE);
-		T session = this.sessions
-				.findById(new String(Base64.getDecoder().decode(cookie.getValue())));
-		assertThat(session.getMaxInactiveInterval())
-				.isEqualTo(Duration.ofDays(30));
+		T session = this.sessions.getSession(cookie.getValue());
+		assertThat(session.getMaxInactiveIntervalInSeconds())
+				.isEqualTo((int) TimeUnit.DAYS.toSeconds(30));

 	}
-
-	private HttpCookie getSessionCookie(HttpServletResponse response) {
-		for (HttpCookie cookie : HttpCookie.parse(response.getHeader(HttpHeaders.SET_COOKIE))) {
-			if ("SESSION".equals(cookie.getName())) {
-				return cookie;
-			}
-		}
-		return null;
-	}
-
 }
 // end::class[]
--- a/docs/src/test/java/docs/security/SecurityConfiguration.java
+++ b/docs/src/test/java/docs/security/SecurityConfiguration.java
@@ -5,7 +5,7 @@
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
@@ -21,8 +21,8 @@ import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.session.ExpiringSession;
 import org.springframework.session.FindByIndexNameSessionRepository;
-import org.springframework.session.Session;
 import org.springframework.session.security.SpringSessionBackedSessionRegistry;

 /**
@@ -33,7 +33,7 @@ import org.springframework.session.security.SpringSessionBackedSessionRegistry;
 public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

 	@Autowired
-	private FindByIndexNameSessionRepository<Session> sessionRepository;
+	private FindByIndexNameSessionRepository<ExpiringSession> sessionRepository;

 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
@@ -48,7 +48,8 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

 	@Bean
 	SpringSessionBackedSessionRegistry sessionRegistry() {
-		return new SpringSessionBackedSessionRegistry<>(this.sessionRepository);
+		return new SpringSessionBackedSessionRegistry<ExpiringSession>(
+				this.sessionRepository);
 	}
 }
 // end::class[]
--- a/docs/src/test/java/docs/websocket/WebSocketConfig.java
+++ b/docs/src/test/java/docs/websocket/WebSocketConfig.java
@@ -1,11 +1,11 @@
 /*
- * Copyright 2014-2018 the original author or authors.
+ * Copyright 2014-2016 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
@@ -19,9 +19,9 @@ package docs.websocket;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.messaging.simp.config.MessageBrokerRegistry;
 import org.springframework.scheduling.annotation.EnableScheduling;
+import org.springframework.web.socket.config.annotation.AbstractWebSocketMessageBrokerConfigurer;
 import org.springframework.web.socket.config.annotation.EnableWebSocketMessageBroker;
 import org.springframework.web.socket.config.annotation.StompEndpointRegistry;
-import org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer;

 /**
 * @author Rob Winch
@@ -30,9 +30,8 @@ import org.springframework.web.socket.config.annotation.WebSocketMessageBrokerCo
@Configuration
@EnableScheduling
@EnableWebSocketMessageBroker
-public class WebSocketConfig implements WebSocketMessageBrokerConfigurer {
+public class WebSocketConfig extends AbstractWebSocketMessageBrokerConfigurer {

-	@Override
 	public void registerStompEndpoints(StompEndpointRegistry registry) {
 		registry.addEndpoint("/messages").withSockJS();
 	}
--- a/docs/src/test/resources/docs/HttpSessionConfigurationNoOpConfigureRedisActionXmlTests-context.xml
+++ b/docs/src/test/resources/docs/HttpSessionConfigurationNoOpConfigureRedisActionXmlTests-context.xml
@@ -4,9 +4,9 @@
 	xmlns:context="http://www.springframework.org/schema/context"
 	xmlns:p="http://www.springframework.org/schema/p"
 	xmlns:util="http://www.springframework.org/schema/util"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
-		http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.1.xsd">
+	xsi:schemaLocation="http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd
+		http://www.springframework.org/schema/context https://www.springframework.org/schema/context/spring-context.xsd
+		http://www.springframework.org/schema/util https://www.springframework.org/schema/util/spring-util-4.1.xsd">

 	<context:annotation-config/>

--- a/docs/src/test/resources/docs/http/HttpSessionListenerXmlTests-context.xml
+++ b/docs/src/test/resources/docs/http/HttpSessionListenerXmlTests-context.xml
@@ -4,9 +4,9 @@
 	xmlns:context="http://www.springframework.org/schema/context"
 	xmlns:p="http://www.springframework.org/schema/p"
 	xmlns:util="http://www.springframework.org/schema/util"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
-		http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.1.xsd">
+	xsi:schemaLocation="http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd
+		http://www.springframework.org/schema/context https://www.springframework.org/schema/context/spring-context.xsd
+		http://www.springframework.org/schema/util https://www.springframework.org/schema/util/spring-util-4.1.xsd">

 	<!-- tag::config[] -->
 	<bean class="org.springframework.security.web.session.HttpSessionEventPublisher"/>
--- a/docs/src/test/resources/docs/security/RememberMeSecurityConfigurationXmlTests-context.xml
+++ b/docs/src/test/resources/docs/security/RememberMeSecurityConfigurationXmlTests-context.xml
@@ -3,8 +3,8 @@
 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 	xmlns:security="http://www.springframework.org/schema/security"
 	xmlns:p="http://www.springframework.org/schema/p"
-	xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
-		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
+	xsi:schemaLocation="http://www.springframework.org/schema/security https://www.springframework.org/schema/security/spring-security.xsd
+		http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd">

 	<!-- tag::config[] -->
 	<security:http>
@@ -20,13 +20,9 @@


 	<security:user-service>
-		<security:user name="user" password="{noop}password" authorities="ROLE_USER"/>
+		<security:user name="user" password="password" authorities="ROLE_USER"/>
 	</security:user-service>

 	<bean class="org.springframework.session.config.annotation.web.http.SpringHttpSessionConfiguration"/>
-	<bean id="springSessionRepository" class="org.springframework.session.MapSessionRepository">
-		<constructor-arg>
-			<bean class="java.util.concurrent.ConcurrentHashMap"/>
-		</constructor-arg>
-	</bean>
+	<bean id="springSessionRepository" class="org.springframework.session.MapSessionRepository"/>
 </beans>
--- a/docs/src/test/resources/docs/security/security-config.xml
+++ b/docs/src/test/resources/docs/security/security-config.xml
@@ -2,8 +2,8 @@
 <beans xmlns="http://www.springframework.org/schema/beans"
 	   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 	   xmlns:security="http://www.springframework.org/schema/security"
-	   xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-						   http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
+	   xsi:schemaLocation="http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd
+						   http://www.springframework.org/schema/security https://www.springframework.org/schema/security/spring-security.xsd">

 	<!-- tag::config[] -->
 	<security:http>
--- a/etc/eclipse/.checkstyle
+++ b/etc/eclipse/.checkstyle
--- a/etc/eclipse/eclipse-code-formatter.xml
+++ b/etc/eclipse/eclipse-code-formatter.xml
--- a/etc/eclipse/org.eclipse.jdt.core.prefs
+++ b/etc/eclipse/org.eclipse.jdt.core.prefs
--- a/etc/eclipse/org.eclipse.jdt.ui.prefs
+++ b/etc/eclipse/org.eclipse.jdt.ui.prefs
@@ -59,7 +59,7 @@ cleanup_profile=_Spring Boot Cleanup Conventions
 cleanup_settings_version=2
 eclipse.preferences.version=1
 editor_save_participant_org.eclipse.jdt.ui.postsavelistener.cleanup=true
-formatter_profile=Spring Session Java Conventions
+formatter_profile=_Spring Boot Java Conventions
 formatter_settings_version=12
 org.eclipse.jdt.ui.exception.name=e
 org.eclipse.jdt.ui.gettersetter.use.is=true
--- a/etc/checkstyle/checkstyle.xml
+++ b/etc/checkstyle/checkstyle.xml
@@ -1,12 +0,0 @@
-<?xml version="1.0"?>
-<!DOCTYPE module PUBLIC "-//Puppy Crawl//DTD Check Configuration 1.3//EN"
-		"http://www.puppycrawl.com/dtds/configuration_1_3.dtd">
-<module name="Checker">
-	<!-- Supressions -->
-	<module name="SuppressionFilter">
-		<property name="file" value="${configDir}/suppressions.xml"/>
-	</module>
-
-	<!-- Root Checks -->
-	<module name="io.spring.javaformat.checkstyle.SpringChecks"/>
-</module>
--- a/etc/checkstyle/suppressions.xml
+++ b/etc/checkstyle/suppressions.xml
@@ -1,16 +0,0 @@
-<?xml version="1.0"?>
-<!DOCTYPE suppressions PUBLIC "-//Puppy Crawl//DTD Suppressions 1.1//EN"
-		"http://www.puppycrawl.com/dtds/suppressions_1_1.dtd">
-<suppressions>
-	<!-- global -->
-	<suppress files="[\\/]src[\\/]integration-test[\\/]java[\\/]" checks="Javadoc*"/>
-
-	<!-- docs -->
-	<suppress files="[\\/]docs[\\/]" checks="Javadoc*"/>
-	<suppress files="[\\/]docs[\\/]" checks="AvoidStaticImport"/>
-	<suppress files="[\\/]docs[\\/]" checks="InnerTypeLast"/>
-
-	<!-- samples -->
-	<suppress files="[\\/]samples[\\/]" checks="Javadoc*"/>
-	<suppress files="[\\/]samples[\\/].+Application\.java" checks="HideUtilityClassConstructor"/>
-</suppressions>
--- a/gradle.properties
+++ b/gradle.properties
@@ -1,2 +1,30 @@
-springBootVersion=2.0.3.RELEASE
-version=2.1.0.M1
+assertjVersion=2.6.0
+bootstrapVersion=2.3.2
+commonsLoggingVersion=1.2
+commonsPoolVersion=2.4.2
+gebVersion=0.13.1
+groovyVersion=2.4.11
+h2Version=1.4.195
+hazelcastVersion=3.7.7
+httpClientVersion=4.5.3
+html5ShivVersion=3.7.3
+jacksonVersion=2.8.8
+jedisVersion=2.9.0
+jspApiVersion=2.0
+jstlVersion=1.2.1
+jstlelVersion=1.2.5
+junitVersion=4.12
+lettuceVersion=4.3.0.Final
+mockitoVersion=1.10.19
+seleniumVersion=2.52.0
+servletApiVersion=3.0.1
+springVersion=4.3.9.RELEASE
+springDataGemFireVersion=1.9.4.RELEASE
+springDataGeodeVersion=1.0.0.INCUBATING-RELEASE
+springDataMongoVersion=1.10.4.RELEASE
+springDataRedisVersion=1.8.4.RELEASE
+springSecurityVersion=4.2.3.RELEASE
+springShellVersion=1.1.0.RELEASE
+spockVersion=1.0-groovy-2.4
+webjarsTaglibVersion=0.3
+version=1.4.0.BUILD-SNAPSHOT
--- a/gradle/bom.gradle
+++ b/gradle/bom.gradle
@@ -0,0 +1,3 @@
+sonarqube {
+	skipProject = true
+}
--- a/gradle/dependency-management.gradle
+++ b/gradle/dependency-management.gradle
@@ -1,31 +0,0 @@
-dependencyManagement {
-	imports {
-		mavenBom 'com.fasterxml.jackson:jackson-bom:2.9.6'
-		mavenBom 'io.projectreactor:reactor-bom:Californium-M1'
-		mavenBom 'org.springframework:spring-framework-bom:5.1.0.RC1'
-		mavenBom 'org.springframework.data:spring-data-releasetrain:Lovelace-RC1'
-		mavenBom 'org.springframework.security:spring-security-bom:5.1.0.M2'
-		mavenBom 'org.testcontainers:testcontainers-bom:1.8.1'
-	}
-
-	dependencies {
-		dependencySet(group: 'com.hazelcast', version: '3.10.3') {
-			entry 'hazelcast'
-			entry 'hazelcast-client'
-		}
-
-		dependency 'com.h2database:h2:1.4.197'
-		dependency 'com.microsoft.sqlserver:mssql-jdbc:6.4.0.jre8'
-		dependency 'edu.umd.cs.mtc:multithreadedtc:1.01'
-		dependency 'io.lettuce:lettuce-core:5.1.0.M1'
-		dependency 'javax.servlet:javax.servlet-api:3.1.0'
-		dependency 'junit:junit:4.12'
-		dependency 'mysql:mysql-connector-java:8.0.11'
-		dependency 'org.apache.derby:derby:10.14.2.0'
-		dependency 'org.assertj:assertj-core:3.10.0'
-		dependency 'org.hsqldb:hsqldb:2.4.1'
-		dependency 'org.mariadb.jdbc:mariadb-java-client:2.2.6'
-		dependency 'org.mockito:mockito-core:2.20.1'
-		dependency 'org.postgresql:postgresql:42.2.4'
-	}
-}
--- a/gradle/ide.gradle
+++ b/gradle/ide.gradle
@@ -0,0 +1,59 @@
+import org.gradle.plugins.ide.eclipse.model.ProjectDependency
+import org.gradle.plugins.ide.eclipse.model.SourceFolder
+
+
+apply plugin: "propdeps-eclipse"
+apply plugin: "propdeps-idea"
+
+eclipse {
+	jdt {
+		javaRuntimeName = "J2SE-1.5"
+	}
+}
+
+eclipse.project.buildCommand "net.sf.eclipsecs.core.CheckstyleBuilder"
+eclipse.project.natures "net.sf.eclipsecs.core.CheckstyleNature"
+
+// Include project specific settings
+task eclipseCheckstyle(type: Copy) {
+	from rootProject.files(
+		"eclipse/.checkstyle")
+	into project.projectDir
+	expand(configDir: rootProject.file('config/checkstyle').absolutePath)
+}
+
+task eclipseSettings(type: Copy) {
+	from rootProject.files(
+		"eclipse/org.eclipse.jdt.ui.prefs",
+		"eclipse/org.eclipse.wst.common.project.facet.core.xml")
+	into project.file('.settings/')
+	outputs.upToDateWhen { false }
+}
+
+task eclipseWstComponent(type: Copy) {
+	from rootProject.files(
+		"eclipse/org.eclipse.wst.common.component")
+	into project.file('.settings/')
+	expand(deployname: project.name)
+	outputs.upToDateWhen { false }
+}
+
+task eclipseJdtPrepare(type: Copy) {
+	from rootProject.file("eclipse/org.eclipse.jdt.core.prefs")
+	into project.file(".settings/")
+	outputs.upToDateWhen { false }
+}
+
+task cleanEclipseJdtUi(type: Delete) {
+	delete project.file(".settings/org.eclipse.jdt.core.prefs")
+	delete project.file(".settings/org.eclipse.jdt.ui.prefs")
+	delete project.file(".settings/org.eclipse.wst.common.component")
+	delete project.file(".settings/org.eclipse.wst.common.project.facet.core.xml")
+}
+
+task eclipseConfiguration(dependsOn: [eclipseCheckstyle, eclipseSettings, eclipseWstComponent]) {
+}
+
+tasks["eclipseJdt"].dependsOn(eclipseJdtPrepare)
+tasks["cleanEclipse"].dependsOn(cleanEclipseJdtUi)
+tasks["eclipse"].dependsOn(eclipseConfiguration)
--- a/gradle/java.gradle
+++ b/gradle/java.gradle
@@ -0,0 +1,103 @@
+apply plugin: 'java'
+apply plugin: 'groovy'
+apply plugin: 'javadocHotfix'
+apply plugin: 'eclipse-wtp'
+apply plugin: 'propdeps'
+apply plugin: 'propdeps-idea'
+apply plugin: 'propdeps-eclipse'
+apply plugin: 'com.github.ben-manes.versions'
+apply plugin: 'checkstyle'
+apply from: IDE_GRADLE
+
+group = 'org.springframework.session'
+
+sourceCompatibility = 1.5
+targetCompatibility = 1.5
+
+ext.springIoVersion = project.hasProperty('platformVersion') ? platformVersion : 'Brussels-SR3'
+
+ext.spockDependencies = [
+		dependencies.create("org.spockframework:spock-core:$spockVersion") {
+			exclude group: 'junit', module: 'junit-dep'
+		}
+]
+
+ext.gebDependencies = spockDependencies + [
+		"org.seleniumhq.selenium:selenium-htmlunit-driver:$seleniumVersion",
+		"org.gebish:geb-spock:$gebVersion",
+		"org.codehaus.groovy:groovy:$groovyVersion"
+]
+
+ext.seleniumDependencies = [
+		"org.seleniumhq.selenium:selenium-htmlunit-driver:$seleniumVersion",
+		"org.seleniumhq.selenium:selenium-firefox-driver:$seleniumVersion"
+]
+
+ext.jstlDependencies = [
+		"javax.servlet.jsp.jstl:javax.servlet.jsp.jstl-api:$jstlVersion",
+		"org.apache.taglibs:taglibs-standard-jstlel:$jstlelVersion"
+]
+
+repositories {
+	mavenCentral()
+	maven { url 'https://repo.spring.io/libs-snapshot' }
+}
+
+configurations.all {
+	resolutionStrategy.eachDependency { DependencyResolveDetails details ->
+			if (details.requested.group == 'org.springframework') {
+				details.useVersion springVersion
+			}
+	}
+}
+// Integration test setup
+configurations {
+	integrationTestCompile {
+		extendsFrom testCompile, optional, provided
+	}
+	integrationTestRuntime {
+		extendsFrom integrationTestCompile, testRuntime
+	}
+}
+
+sourceSets {
+	integrationTest {
+		java.srcDir file('src/integration-test/java')
+		groovy.srcDirs file('src/integration-test/groovy')
+		resources.srcDir file('src/integration-test/resources')
+		compileClasspath = sourceSets.main.output + sourceSets.test.output + configurations.integrationTestCompile
+		runtimeClasspath = output + compileClasspath + configurations.integrationTestRuntime
+	}
+}
+
+task integrationTest(type: Test, dependsOn: jar) {
+	testClassesDir = sourceSets.integrationTest.output.classesDir
+	logging.captureStandardOutput(LogLevel.INFO)
+	classpath = sourceSets.integrationTest.runtimeClasspath
+	maxParallelForks = 1
+	reports {
+		html.destination = project.file("$project.buildDir/reports/integration-tests/")
+		junitXml.destination = project.file("$project.buildDir/integration-test-results/")
+	}
+}
+check.dependsOn integrationTest
+
+checkstyle {
+	configFile = rootProject.file('config/checkstyle/checkstyle.xml')
+	configProperties.configDir = configFile.parentFile
+	toolVersion = '6.16.1'
+}
+
+task checkstyle {
+	dependsOn project.tasks.findAll { task -> task.name.matches('checkstyle\\w+') }
+}
+
+eclipse {
+	classpath {
+		plusConfigurations += [ configurations.integrationTestCompile ]
+	}
+}
+
+project.idea.module {
+	scopes.TEST.plus += [project.configurations.integrationTestRuntime]
+}
--- a/gradle/publish-maven.gradle
+++ b/gradle/publish-maven.gradle
@@ -0,0 +1,51 @@
+apply plugin: 'propdeps-maven'
+
+install {
+	repositories.mavenInstaller {
+		customizePom(pom, project)
+	}
+}
+
+def customizePom(pom, gradleProject) {
+	pom.whenConfigured { generatedPom ->
+
+		// sort to make pom dependencies order consistent to ease comparison of older poms
+		generatedPom.dependencies = generatedPom.dependencies.sort { dep ->
+			"$dep.scope:$dep.groupId:$dep.artifactId"
+		}
+
+		// add all items necessary for maven central publication
+		generatedPom.project {
+			name = gradleProject.description
+			description = gradleProject.description
+			url = "https://github.com/spring-projects/spring-session"
+			organization {
+				name = "Spring IO"
+				url = "https://projects.spring.io/spring-session"
+			}
+			licenses {
+				license {
+					name "The Apache Software License, Version 2.0"
+					url "https://www.apache.org/licenses/LICENSE-2.0.txt"
+					distribution "repo"
+				}
+			}
+			scm {
+				url = "https://github.com/spring-projects/spring-session"
+				connection = "scm:git:git://github.com/spring-projects/spring-session"
+				developerConnection = "scm:git:git://github.com/spring-projects/spring-session"
+			}
+			developers {
+				developer {
+					id = "rwinch"
+					name = "Rob Winch"
+					email = "rwinch@pivotal.io"
+				}
+			}
+			issueManagement {
+				system = "GitHub"
+				url = "https://github.com/spring-projects/spring-session/issues"
+			}
+		}
+	}
+}
--- a/gradle/sample.gradle
+++ b/gradle/sample.gradle
@@ -0,0 +1,4 @@
+tasks.findByPath("artifactoryPublish")?.enabled = false
+sonarqube {
+	skipProject = true
+}
--- a/gradle/tomcat.gradle
+++ b/gradle/tomcat.gradle
@@ -0,0 +1,61 @@
+buildscript {
+	repositories {
+		maven { url "https://repo.spring.io/plugins-release" }
+	}
+	dependencies {
+		classpath("com.bmuschko:gradle-tomcat-plugin:2.2.5")
+	}
+}
+
+apply plugin: 'war'
+apply plugin: 'com.bmuschko.tomcat'
+
+[tomcatRun,tomcatRunWar]*.contextPath = '/'
+
+
+task integrationTomcatRun(type: com.bmuschko.gradle.tomcat.tasks.TomcatRun) {
+	onlyIf { !sourceSets.integrationTest.allSource.empty }
+	contextPath = tomcatRun.contextPath
+	daemon = true
+	tomcatClasspath = tomcatRun.tomcatClasspath
+	webAppClasspath = tomcatRun.webAppClasspath
+	webAppSourceDirectory = tomcatRun.webAppSourceDirectory
+	doFirst {
+		def mainOutputDir = project.sourceSets.main.output.classesDir
+		if(mainOutputDir) {
+			classesDirectory = mainOutputDir
+		}
+		// delay reserving ports to ensure they are still available
+		def ports = reservePorts(3)
+		httpPort = ports[0]
+		ajpPort = ports[1]
+		stopPort = ports[2]
+
+		System.setProperty('spring.session.redis.namespace',project.name)
+	}
+}
+
+task integrationTomcatStop(type: com.bmuschko.gradle.tomcat.tasks.TomcatStop) {
+	onlyIf { !sourceSets.integrationTest.allSource.empty }
+	doFirst {
+		stopPort = integrationTomcatRun.stopPort
+	}
+}
+
+integrationTest {
+	dependsOn integrationTomcatRun
+	doFirst {
+		systemProperties['tomcat.port'] = integrationTomcatRun.httpPort
+	}
+	finalizedBy integrationTomcatStop
+}
+
+def reservePorts(int count) {
+	def sockets = []
+	for(int i in 1..count) {
+		sockets << new ServerSocket(0)
+	}
+	def result = sockets*.localPort
+	sockets*.close()
+	result
+}
--- a/gradle/tomcat6.gradle
+++ b/gradle/tomcat6.gradle
@@ -0,0 +1,8 @@
+apply from: TOMCAT_GRADLE
+
+dependencies {
+	def tomcatVersion = '6.0.43'
+	tomcat "org.apache.tomcat:catalina:${tomcatVersion}",
+			"org.apache.tomcat:coyote:${tomcatVersion}",
+			"org.apache.tomcat:jasper:${tomcatVersion}"
+}
--- a/gradle/tomcat7.gradle
+++ b/gradle/tomcat7.gradle
@@ -0,0 +1,8 @@
+apply from: TOMCAT_GRADLE
+
+dependencies {
+	def tomcatVersion = '7.0.59'
+	tomcat "org.apache.tomcat.embed:tomcat-embed-core:${tomcatVersion}",
+			"org.apache.tomcat.embed:tomcat-embed-logging-juli:${tomcatVersion}",
+			"org.apache.tomcat.embed:tomcat-embed-jasper:${tomcatVersion}"
+}
--- a/gradle/wrapper/gradle-wrapper.jar
+++ b/gradle/wrapper/gradle-wrapper.jar
--- a/gradle/wrapper/gradle-wrapper.properties
+++ b/gradle/wrapper/gradle-wrapper.properties
@@ -1,5 +1,6 @@
+#Wed Jan 11 10:54:44 CST 2017
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-4.9-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-3.3-bin.zip
--- a/23
+++ b/23
@@ -1,4 +1,4 @@
-#!/usr/bin/env sh
+#!/usr/bin/env bash

 ##############################################################################
 ##
@@ -33,11 +33,11 @@ DEFAULT_JVM_OPTS=""
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD="maximum"

-warn () {
+warn ( ) {
    echo "$*"
 }

-die () {
+die ( ) {
    echo
    echo "$*"
    echo
@@ -154,19 +154,16 @@ if $cygwin ; then
    esac
 fi

-# Escape application args
-save () {
-    for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
-    echo " "
+# Split up the JVM_OPTS And GRADLE_OPTS values into an array, following the shell quoting and substitution rules
+function splitJvmOpts() {
+    JVM_OPTS=("$@")
 }
-APP_ARGS=$(save "$@")
-
-# Collect all arguments for the java command, following the shell quoting and substitution rules
-eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
+eval splitJvmOpts $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS
+JVM_OPTS[${#JVM_OPTS[*]}]="-Dorg.gradle.appname=$APP_BASE_NAME"

 # by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong
-if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then
+if [[ "$(uname)" == "Darwin" ]] && [[ "$HOME" == "$PWD" ]]; then
  cd "$(dirname "$0")"
 fi

-exec "$JAVACMD" "$@"
+exec "$JAVACMD" "${JVM_OPTS[@]}" -classpath "$CLASSPATH" org.gradle.wrapper.GradleWrapperMain "$@"
--- a/samples/boot/findbyusername/README.adoc
+++ b/samples/boot/findbyusername/README.adoc
@@ -0,0 +1,4 @@
+Demonstrates using Spring Session to lookup a user's session by the username.
+The sample provides a hook to add the current username to the session (required for finding the user) by providing a custom implementation of Spring Security's `AuthenticationSuccessHandler`.
+
+NOTE: This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com
--- a/samples/boot/findbyusername/build.gradle
+++ b/samples/boot/findbyusername/build.gradle
@@ -0,0 +1,55 @@
+buildscript {
+	repositories {
+		mavenCentral()
+		maven { url "https://repo.spring.io/milestone" }
+	}
+	dependencies {
+		classpath("org.springframework.boot:spring-boot-gradle-plugin:$springBootVersion")
+	}
+}
+
+apply plugin: 'org.springframework.boot'
+
+apply from: JAVA_GRADLE
+apply from: SAMPLE_GRADLE
+
+group = 'samples'
+
+dependencies {
+	compile project(':spring-session'),
+			"org.springframework.boot:spring-boot-starter-data-redis",
+			"org.springframework.boot:spring-boot-starter-web",
+			"org.springframework.boot:spring-boot-starter-security",
+			"org.springframework.boot:spring-boot-starter-thymeleaf",
+			"nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect",
+			"org.thymeleaf.extras:thymeleaf-extras-conditionalcomments",
+			"org.webjars:bootstrap:$bootstrapVersion",
+			"org.webjars:html5shiv:$html5ShivVersion",
+			"org.webjars:webjars-locator",
+			"com.maxmind.geoip2:geoip2:2.3.1",
+			"org.apache.httpcomponents:httpclient"
+
+	testCompile "org.springframework.boot:spring-boot-starter-test",
+				"org.assertj:assertj-core:$assertjVersion"
+
+	integrationTestCompile seleniumDependencies
+
+}
+
+integrationTest {
+	doFirst {
+		def port = reservePort()
+
+		systemProperties['server.port'] = port
+		systemProperties['management.port'] = 0
+
+		systemProperties['spring.session.redis.namespace'] = project.name
+	}
+}
+
+def reservePort() {
+	def socket = new ServerSocket(0)
+	def result = socket.localPort
+	socket.close()
+	result
+}
--- a/samples/boot/findbyusername/spring-session-sample-boot-findbyusername.gradle
+++ b/samples/boot/findbyusername/spring-session-sample-boot-findbyusername.gradle
@@ -1,22 +0,0 @@
-apply plugin: 'io.spring.convention.spring-sample-boot'
-
-dependencies {
-	compile project(':spring-session-data-redis')
-	compile "org.springframework.boot:spring-boot-starter-web"
-	compile "org.springframework.boot:spring-boot-starter-thymeleaf"
-	compile "org.springframework.boot:spring-boot-starter-security"
-	compile "org.springframework.boot:spring-boot-starter-data-redis"
-	compile "org.springframework.boot:spring-boot-devtools"
-	compile "nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect"
-	compile "org.webjars:bootstrap"
-	compile "org.webjars:html5shiv"
-	compile "org.webjars:webjars-locator-core"
-	compile "com.maxmind.geoip2:geoip2"
-	compile "org.apache.httpcomponents:httpclient"
-
-	testCompile "org.springframework.boot:spring-boot-starter-test"
-	testCompile "org.assertj:assertj-core"
-
-	integrationTestCompile seleniumDependencies
-	integrationTestCompile "org.testcontainers:testcontainers"
-}
--- a/samples/boot/findbyusername/src/integration-test/java/sample/FindByUsernameTests.java
+++ b/samples/boot/findbyusername/src/integration-test/java/sample/FindByUsernameTests.java
@@ -1,11 +1,11 @@
 /*
- * Copyright 2014-2018 the original author or authors.
+ * Copyright 2014-2017 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
@@ -16,26 +16,11 @@

 package sample;

-import java.io.IOException;
-import java.net.HttpCookie;
-import java.util.List;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpServletResponseWrapper;
-
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.openqa.selenium.WebDriver;
-import org.testcontainers.containers.GenericContainer;
 import sample.pages.HomePage;
 import sample.pages.LoginPage;

@@ -43,12 +28,6 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
-import org.springframework.boot.test.context.TestConfiguration;
-import org.springframework.boot.web.servlet.FilterRegistrationBean;
-import org.springframework.context.annotation.Bean;
-import org.springframework.core.Ordered;
-import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
-import org.springframework.http.HttpHeaders;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDriverBuilder;
@@ -56,15 +35,12 @@ import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDr
 /**
 * @author Eddú Meléndez
 * @author Rob Winch
- * @author Vedran Pavic
 */
@RunWith(SpringRunner.class)
@AutoConfigureMockMvc
@SpringBootTest(webEnvironment = WebEnvironment.MOCK)
 public class FindByUsernameTests {

-	private static final String DOCKER_IMAGE = "redis:4.0.10";
-
 	@Autowired
 	private MockMvc mockMvc;

@@ -96,79 +72,4 @@ public class FindByUsernameTests {
 		home.terminateButtonDisabled();
 	}

-	@TestConfiguration
-	static class Config {
-
-		@Bean
-		public GenericContainer redisContainer() {
-			GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
-					.withExposedPorts(6379);
-			redisContainer.start();
-			return redisContainer;
-		}
-
-		@Bean
-		public LettuceConnectionFactory redisConnectionFactory() {
-			return new LettuceConnectionFactory(redisContainer().getContainerIpAddress(),
-					redisContainer().getFirstMappedPort());
-		}
-
-		@Bean
-		public FilterRegistrationBean<SetCookieHandlerFilter> testFilter() {
-			FilterRegistrationBean<SetCookieHandlerFilter> registrationBean = new FilterRegistrationBean<>(
-					new SetCookieHandlerFilter());
-			registrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE);
-			return registrationBean;
-		}
-
-	}
-
-	private static class SetCookieHandlerFilter implements Filter {
-
-		@Override
-		public void init(FilterConfig filterConfig) {
-		}
-
-		@Override
-		public void doFilter(ServletRequest request, ServletResponse response,
-				FilterChain chain) throws IOException, ServletException {
-			final HttpServletResponse httpServletResponse = (HttpServletResponse) response;
-			HttpServletResponseWrapper responseWrapper = new HttpServletResponseWrapper(
-					httpServletResponse) {
-
-				@Override
-				public void addHeader(String name, String value) {
-					if (HttpHeaders.SET_COOKIE.equals(name)) {
-						List<HttpCookie> cookies = HttpCookie.parse(value);
-						if (!cookies.isEmpty()) {
-							addCookie(toServletCookie(cookies.get(0)));
-						}
-					}
-					super.setHeader(name, value);
-				}
-
-			};
-
-			chain.doFilter(request, responseWrapper);
-		}
-
-		@Override
-		public void destroy() {
-		}
-
-		private static Cookie toServletCookie(HttpCookie httpCookie) {
-			Cookie cookie = new Cookie(httpCookie.getName(), httpCookie.getValue());
-			String domain = httpCookie.getDomain();
-			if (domain != null) {
-				cookie.setDomain(domain);
-			}
-			cookie.setMaxAge((int) httpCookie.getMaxAge());
-			cookie.setPath(httpCookie.getPath());
-			cookie.setSecure(httpCookie.getSecure());
-			cookie.setHttpOnly(httpCookie.isHttpOnly());
-			return cookie;
-		}
-
-	}
-
 }
--- a/samples/boot/findbyusername/src/integration-test/java/sample/pages/BasePage.java
+++ b/samples/boot/findbyusername/src/integration-test/java/sample/pages/BasePage.java
@@ -5,7 +5,7 @@
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
--- a/samples/boot/findbyusername/src/integration-test/java/sample/pages/HomePage.java
+++ b/samples/boot/findbyusername/src/integration-test/java/sample/pages/HomePage.java
@@ -5,7 +5,7 @@
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
@@ -16,7 +16,6 @@

 package sample.pages;

-import java.util.Base64;
 import java.util.Set;

 import org.openqa.selenium.By;
@@ -60,7 +59,7 @@ public class HomePage extends BasePage {
 		String cookieValue = null;
 		for (Cookie cookie : cookies) {
 			if ("SESSION".equals(cookie.getName())) {
-				cookieValue = new String(Base64.getDecoder().decode(cookie.getValue()));
+				cookieValue = cookie.getValue();
 			}
 		}
 		WebElement element = getDriver().findElement(By.id("terminate-" + cookieValue));
--- a/samples/boot/findbyusername/src/integration-test/java/sample/pages/LoginPage.java
+++ b/samples/boot/findbyusername/src/integration-test/java/sample/pages/LoginPage.java
@@ -5,7 +5,7 @@
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
--- a/samples/boot/findbyusername/src/main/java/sample/FindByUsernameApplication.java
+++ b/samples/boot/findbyusername/src/main/java/sample/FindByUsernameApplication.java
@@ -5,7 +5,7 @@
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
--- a/samples/boot/findbyusername/src/main/java/sample/config/GeoConfig.java
+++ b/samples/boot/findbyusername/src/main/java/sample/config/GeoConfig.java
@@ -5,7 +5,7 @@
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
--- a/samples/boot/findbyusername/src/main/java/sample/config/HttpSessionConfig.java
+++ b/samples/boot/findbyusername/src/main/java/sample/config/HttpSessionConfig.java
@@ -0,0 +1,30 @@
+/*
+ * Copyright 2014-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.config;
+
+import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
+
+/**
+ *
+ * @author Rob Winch
+ *
+ */
+// tag::class[]
+@EnableRedisHttpSession // <1>
+public class HttpSessionConfig {
+}
+// end::class[]
--- a/samples/boot/findbyusername/src/main/java/sample/config/SecurityConfig.java
+++ b/samples/boot/findbyusername/src/main/java/sample/config/SecurityConfig.java
@@ -1,11 +1,11 @@
 /*
- * Copyright 2014-2018 the original author or authors.
+ * Copyright 2014-2016 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
@@ -16,34 +16,29 @@

 package sample.config;

-import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
-import org.springframework.context.annotation.Configuration;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

 /**
- * Spring Security configuration.
- *
 * @author Rob Winch
- * @author Vedran Pavic
 */
-@Configuration
+@EnableWebSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {

-	// @formatter:off
 	// tag::config[]
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
-		http
-			.authorizeRequests()
-				.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
-				.anyRequest().authenticated()
-				.and()
-			.formLogin()
-				.loginPage("/login")
-				.permitAll();
+		http.formLogin().loginPage("/login").permitAll().and().authorizeRequests()
+				.antMatchers("/resources/**", "/webjars/**").permitAll().anyRequest().authenticated()
+				.and().logout().permitAll();
 	}
 	// end::config[]
-	// @formatter:on

+	@Autowired
+	public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+		auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
+	}
 }
--- a/samples/boot/findbyusername/src/main/java/sample/mvc/IndexController.java
+++ b/samples/boot/findbyusername/src/main/java/sample/mvc/IndexController.java
@@ -1,11 +1,11 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2016 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
@@ -21,8 +21,8 @@ import java.util.Collection;
 import java.util.Set;

 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.session.ExpiringSession;
 import org.springframework.session.FindByIndexNameSessionRepository;
-import org.springframework.session.Session;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -39,11 +39,11 @@ import org.springframework.web.bind.annotation.RequestMethod;
 public class IndexController {
 	// tag::findbyusername[]
 	@Autowired
-	FindByIndexNameSessionRepository<? extends Session> sessions;
+	FindByIndexNameSessionRepository<? extends ExpiringSession> sessions;

 	@RequestMapping("/")
 	public String index(Principal principal, Model model) {
-		Collection<? extends Session> usersSessions = this.sessions
+		Collection<? extends ExpiringSession> usersSessions = this.sessions
 				.findByIndexNameAndIndexValue(
 						FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME,
 						principal.getName())
@@ -60,7 +60,7 @@ public class IndexController {
 				FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME,
 				principal.getName()).keySet();
 		if (usersSessionIds.contains(sessionIdToDelete)) {
-			this.sessions.deleteById(sessionIdToDelete);
+			this.sessions.delete(sessionIdToDelete);
 		}

 		return "redirect:/";
--- a/samples/boot/findbyusername/src/main/java/sample/mvc/LoginController.java
+++ b/samples/boot/findbyusername/src/main/java/sample/mvc/LoginController.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2014-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.mvc;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+/**
+ * Returns view for log in page
+ *
+ * @author Rob Winch
+ */
+@Controller
+public class LoginController {
+
+	@RequestMapping("/login")
+	public String login() {
+		return "login";
+	}
+}
--- a/samples/boot/findbyusername/src/main/java/sample/session/SessionDetails.java
+++ b/samples/boot/findbyusername/src/main/java/sample/session/SessionDetails.java
@@ -5,7 +5,7 @@
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
--- a/samples/boot/findbyusername/src/main/java/sample/session/SessionDetailsFilter.java
+++ b/samples/boot/findbyusername/src/main/java/sample/session/SessionDetailsFilter.java
@@ -1,11 +1,11 @@
 /*
- * Copyright 2014-2018 the original author or authors.
+ * Copyright 2014-2016 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
@@ -57,7 +57,6 @@ public class SessionDetailsFilter extends OncePerRequestFilter {
 	}

 	// tag::dofilterinternal[]
-	@Override
 	public void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
 			FilterChain chain) throws IOException, ServletException {
 		chain.doFilter(request, response);
@@ -92,7 +91,7 @@ public class SessionDetailsFilter extends OncePerRequestFilter {
 			}
 			return cityName + ", " + countryName;
 		}
-		catch (Exception ex) {
+		catch (Exception e) {
 			return UNKNOWN;

 		}
--- a/samples/boot/findbyusername/src/main/resources/application.properties
+++ b/samples/boot/findbyusername/src/main/resources/application.properties
@@ -1 +1,2 @@
-spring.security.user.password=password
+spring.thymeleaf.cache=false
+spring.template.cache=false
--- a/samples/boot/findbyusername/src/main/resources/static/resources/img/favicon.ico
+++ b/samples/boot/findbyusername/src/main/resources/static/resources/img/favicon.ico
--- a/Show More
+++ b/Show More