Add manual trigger to CI workflow

Closes gh-1777

.github/ISSUE_TEMPLATE.md

@@ -1,7 +0,0 @@
-<!--
-For Security Vulnerabilities, please use https://pivotal.io/security#reporting
--->
-
-<!--
-Thanks for raising a Spring Session issue. Please provide a brief description of your problem along with the version of Spring Session that you are using. If possible, please also consider putting together a sample application that reproduces the issue.
--->

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,24 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: 'type: bug, status: waiting-for-triage'
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior.
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Sample**
+
+A link to a GitHub repository with a [minimal, reproducible sample](https://stackoverflow.com/help/minimal-reproducible-example).
+
+Reports that include a sample will take priority over reports that do not.
+At times, we may require a sample, so it is good to try and include a sample up front.

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,5 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Community Support
+    url: https://stackoverflow.com/questions/tagged/spring-security
+    about: Please ask and answer questions on StackOverflow with the tag spring-session

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,25 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: 'status: waiting-for-triage, type: enhancement'
+assignees: ''
+
+---
+
+**Expected Behavior**
+
+<!--- Tell us how it should work -->
+
+**Current Behavior**
+
+<!--- Explain the difference from current behavior -->
+
+**Context**
+
+<!--- 
+How has this issue affected you?
+What are you trying to accomplish?
+What other alternatives have you considered?
+Are you aware of any workarounds?
+-->

.github/workflows/continuous-integration-workflow.yml

@@ -0,0 +1,90 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - 2.4.x
+  schedule:
+    - cron: '0 10 * * *' # Once per day at 10am UTC
+  workflow_dispatch: # Manual trigger
+
+env:
+  GRADLE_ENTERPRISE_CACHE_USER: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USER }}
+  GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
+  GRADLE_ENTERPRISE_SECRET_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }}
+  ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
+  ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        jdk: [8, 11]
+      fail-fast: false
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up JDK ${{ matrix.jdk }}
+        uses: actions/setup-java@v1
+        with:
+          java-version: ${{ matrix.jdk }}
+      - name: Cache Gradle packages
+        uses: actions/cache@v2
+        with:
+          path: ~/.gradle/caches
+          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
+      - name: Build with Gradle
+
+        run: |
+          export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
+          export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
+          export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
+          ./gradlew clean build -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" --no-daemon --stacktrace
+  artifacts:
+    name: Deploy Artifacts
+    needs: [build]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up JDK
+        uses: actions/setup-java@v1
+        with:
+          java-version: '8'
+      - name: Deploy artifacts
+        run: |
+          export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
+          export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
+          export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
+          export VERSION_HEADER=$'Version: GnuPG v2\n\n'
+          export ORG_GRADLE_PROJECT_signingKey=${GPG_PRIVATE_KEY#"$VERSION_HEADER"}
+          export ORG_GRADLE_PROJECT_signingPassword="$GPG_PASSPHRASE"
+          ./gradlew deployArtifacts -PossrhUsername="$OSSRH_TOKEN_USERNAME" -PossrhPassword="$OSSRH_TOKEN_PASSWORD" -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" --stacktrace --no-parallel
+          ./gradlew finalizeDeployArtifacts -PossrhUsername="$OSSRH_TOKEN_USERNAME" -PossrhPassword="$OSSRH_TOKEN_PASSWORD" -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" --stacktrace --no-parallel
+        env:
+          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+          OSSRH_TOKEN_USERNAME: ${{ secrets.OSSRH_TOKEN_USERNAME }}
+          OSSRH_TOKEN_PASSWORD: ${{ secrets.OSSRH_TOKEN_PASSWORD }}
+          ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
+          ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
+  docs:
+    name: Deploy Docs
+    needs: [build]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up JDK
+        uses: actions/setup-java@v1
+        with:
+          java-version: '8'
+      - name: Deploy Docs
+        run: |
+          export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
+          export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
+          export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
+          ./gradlew deployDocs --no-daemon -PdeployDocsSshKey="$DOCS_SSH_KEY" -PdeployDocsSshUsername="$DOCS_USERNAME" -PdeployDocsHost="$DOCS_HOST" --stacktrace
+        env:
+          DOCS_USERNAME: ${{ secrets.DOCS_USERNAME }}
+          DOCS_SSH_KEY: ${{ secrets.DOCS_SSH_KEY }}
+          DOCS_HOST: ${{ secrets.DOCS_HOST }}

.github/workflows/pr-build-workflow.yml

@@ -0,0 +1,25 @@
+name: PR Build
+
+on: pull_request
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        jdk: [8, 11]
+      fail-fast: false
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up JDK ${{ matrix.jdk }}
+        uses: actions/setup-java@v1
+        with:
+          java-version: ${{ matrix.jdk }}
+      - name: Cache Gradle packages
+        uses: actions/cache@v2
+        with:
+          path: ~/.gradle/caches
+          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
+      - name: Build with Gradle
+        run: ./gradlew clean build --no-daemon --stacktrace

.gitignore

@@ -13,3 +13,4 @@ out
 .checkstyle
 !etc/eclipse/.checkstyle
 !**/src/**/build
+.DS_Store

.travis.yml

@@ -1,16 +0,0 @@
-sudo: required
-language: java
-jdk:
-  - openjdk8
-  - openjdk11
-services:
-  - docker
-before_cache:
-  - rm -f $HOME/.gradle/caches/modules-2/modules-2.lock
-  - rm -fr $HOME/.gradle/caches/*/plugin-resolution/
-cache:
-  directories:
-    - $HOME/.gradle/caches/
-    - $HOME/.gradle/wrapper/
-install: true
-script: ./gradlew clean check --no-daemon --stacktrace

CODE_OF_CONDUCT.adoc

@@ -1,44 +0,0 @@
-= Contributor Code of Conduct
-
-As contributors and maintainers of this project, and in the interest of fostering an open
-and welcoming community, we pledge to respect all people who contribute through reporting
-issues, posting feature requests, updating documentation, submitting pull requests or
-patches, and other activities.
-
-We are committed to making participation in this project a harassment-free experience for
-everyone, regardless of level of experience, gender, gender identity and expression,
-sexual orientation, disability, personal appearance, body size, race, ethnicity, age,
-religion, or nationality.
-
-Examples of unacceptable behavior by participants include:
-
-* The use of sexualized language or imagery
-* Personal attacks
-* Trolling or insulting/derogatory comments
-* Public or private harassment
-* Publishing other's private information, such as physical or electronic addresses,
-  without explicit permission
-* Other unethical or unprofessional conduct
-
-Project maintainers have the right and responsibility to remove, edit, or reject comments,
-commits, code, wiki edits, issues, and other contributions that are not aligned to this
-Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors
-that they deem inappropriate, threatening, offensive, or harmful.
-
-By adopting this Code of Conduct, project maintainers commit themselves to fairly and
-consistently applying these principles to every aspect of managing this project. Project
-maintainers who do not follow or enforce the Code of Conduct may be permanently removed
-from the project team.
-
-This Code of Conduct applies both within project spaces and in public spaces when an
-individual is representing the project or its community.
-
-Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by
-contacting a project maintainer at spring-code-of-conduct@pivotal.io . All complaints will
-be reviewed and investigated and will result in a response that is deemed necessary and
-appropriate to the circumstances. Maintainers are obligated to maintain confidentiality
-with regard to the reporter of an incident.
-
-This Code of Conduct is adapted from the
-https://contributor-covenant.org[Contributor Covenant], version 1.3.0, available at
-https://contributor-covenant.org/version/1/3/0/[contributor-covenant.org/version/1/3/0/]

CONTRIBUTING.adoc

@@ -3,9 +3,16 @@
 Spring Session is released under the Apache 2.0 license. If you would like to contribute
 something, or simply want to hack on the code this document should help you get started.
 
+
 == Code of Conduct
-This project adheres to the Contributor Covenant link:CODE_OF_CONDUCT.adoc[code of conduct].
-By participating, you  are expected to uphold this code. Please report unacceptable behavior to spring-code-of-conduct@pivotal.io.
+
+Please see our https://github.com/spring-projects/.github/blob/master/CODE_OF_CONDUCT.md[code of conduct]
+
+
+== Reporting Security Vulnerabilities
+
+Please see our https://github.com/spring-projects/spring-session/security/policy[Security policy].
+
 
 == Using GitHub issues
 

Jenkinsfile

@@ -1,181 +0,0 @@
-properties([
-		buildDiscarder(logRotator(numToKeepStr: '10')),
-		pipelineTriggers([
-				cron('@daily')
-		]),
-])
-
-def SUCCESS = hudson.model.Result.SUCCESS.toString()
-currentBuild.result = SUCCESS
-
-try {
-	parallel check: {
-		stage('Check') {
-			timeout(time: 45, unit: 'MINUTES') {
-				node('linux') {
-					label 'spring-session'
-					checkout scm
-					sh "git clean -dfx"
-					try {
-						withEnv(["JAVA_HOME=${tool 'jdk8'}"]) {
-							sh './gradlew clean check --no-daemon --stacktrace'
-						}
-					}
-					catch (e) {
-						currentBuild.result = 'FAILED: check'
-						throw e
-					}
-					finally {
-						junit '**/build/test-results/*/*.xml'
-					}
-				}
-			}
-		}
-	},
-	jdk9: {
-		stage('JDK 9') {
-			timeout(time: 45, unit: 'MINUTES') {
-				node('linux') {
-					checkout scm
-					sh "git clean -dfx"
-					try {
-						withEnv(["JAVA_HOME=${tool 'jdk9'}"]) {
-							sh './gradlew clean test --no-daemon --stacktrace'
-						}
-					}
-					catch (e) {
-						currentBuild.result = 'FAILED: jdk9'
-						throw e
-					}
-				}
-			}
-		}
-	},
-	jdk10: {
-		stage('JDK 10') {
-			timeout(time: 45, unit: 'MINUTES') {
-				node('linux') {
-					checkout scm
-					sh "git clean -dfx"
-					try {
-						withEnv(["JAVA_HOME=${tool 'jdk10'}"]) {
-							sh './gradlew clean test --no-daemon --stacktrace'
-						}
-					}
-					catch (e) {
-						currentBuild.result = 'FAILED: jdk10'
-						throw e
-					}
-				}
-			}
-		}
-	},
-	jdk11: {
-		stage('JDK 11') {
-			timeout(time: 45, unit: 'MINUTES') {
-				node('linux') {
-					checkout scm
-					sh "git clean -dfx"
-					try {
-						withEnv(["JAVA_HOME=${tool 'jdk11'}"]) {
-							sh './gradlew clean test integrationTest --no-daemon --stacktrace'
-						}
-					}
-					catch (e) {
-						currentBuild.result = 'FAILED: jdk11'
-						throw e
-					}
-				}
-			}
-		}
-	},
-	jdk12: {
-		stage('JDK 12') {
-			timeout(time: 45, unit: 'MINUTES') {
-				node('linux') {
-					checkout scm
-					try {
-						withEnv(["JAVA_HOME=${tool 'openjdk12'}"]) {
-							sh './gradlew clean test integrationTest --no-daemon --stacktrace'
-						}
-					}
-					catch (e) {
-						currentBuild.result = 'FAILED: jdk12'
-						throw e
-					}
-				}
-			}
-		}
-	}
-
-	if (currentBuild.result == 'SUCCESS') {
-		parallel artifacts: {
-			stage('Deploy Artifacts') {
-				node('linux') {
-					checkout scm
-					sh "git clean -dfx"
-					try {
-						withCredentials([file(credentialsId: 'spring-signing-secring.gpg', variable: 'SIGNING_KEYRING_FILE')]) {
-							withCredentials([string(credentialsId: 'spring-gpg-passphrase', variable: 'SIGNING_PASSWORD')]) {
-								withCredentials([usernamePassword(credentialsId: 'oss-token', passwordVariable: 'OSSRH_PASSWORD', usernameVariable: 'OSSRH_USERNAME')]) {
-									withCredentials([usernamePassword(credentialsId: '02bd1690-b54f-4c9f-819d-a77cb7a9822c', usernameVariable: 'ARTIFACTORY_USERNAME', passwordVariable: 'ARTIFACTORY_PASSWORD')]) {
-										withEnv(["JAVA_HOME=${tool 'jdk8'}"]) {
-											sh './gradlew deployArtifacts --no-daemon --stacktrace -Psigning.secretKeyRingFile=$SIGNING_KEYRING_FILE -Psigning.keyId=$SPRING_SIGNING_KEYID -Psigning.password=$SIGNING_PASSWORD -PossrhUsername=$OSSRH_USERNAME -PossrhPassword=$OSSRH_PASSWORD -PartifactoryUsername=$ARTIFACTORY_USERNAME -PartifactoryPassword=$ARTIFACTORY_PASSWORD'
-                                            sh './gradlew finalizeDeployArtifacts --no-daemon --stacktrace -Psigning.secretKeyRingFile=$SIGNING_KEYRING_FILE -Psigning.keyId=$SPRING_SIGNING_KEYID -Psigning.password=$SIGNING_PASSWORD -PossrhUsername=$OSSRH_USERNAME -PossrhPassword=$OSSRH_PASSWORD -PartifactoryUsername=$ARTIFACTORY_USERNAME -PartifactoryPassword=$ARTIFACTORY_PASSWORD'
-										}
-									}
-								}
-							}
-						}
-					}
-					catch (e) {
-						currentBuild.result = 'FAILED: artifacts'
-						throw e
-					}
-				}
-			}
-		},
-		docs: {
-			stage('Deploy Docs') {
-				node('linux') {
-					checkout scm
-					sh "git clean -dfx"
-					try {
-						withCredentials([file(credentialsId: 'docs.spring.io-jenkins_private_ssh_key', variable: 'DEPLOY_SSH_KEY')]) {
-							withEnv(["JAVA_HOME=${tool 'jdk8'}"]) {
-								sh './gradlew deployDocs --no-daemon --stacktrace -PdeployDocsSshKeyPath=$DEPLOY_SSH_KEY -PdeployDocsSshUsername=$SPRING_DOCS_USERNAME'
-							}
-						}
-					}
-					catch (e) {
-						currentBuild.result = 'FAILED: docs'
-						throw e
-					}
-				}
-			}
-		}
-	}
-}
-finally {
-	def buildStatus = currentBuild.result
-	def buildNotSuccess = !SUCCESS.equals(buildStatus)
-	def lastBuildNotSuccess = !SUCCESS.equals(currentBuild.previousBuild?.result)
-
-	if (buildNotSuccess || lastBuildNotSuccess) {
-		stage('Notify') {
-			node {
-				final def RECIPIENTS = [[$class: 'DevelopersRecipientProvider'], [$class: 'RequesterRecipientProvider']]
-
-				def subject = "${buildStatus}: Build ${env.JOB_NAME} ${env.BUILD_NUMBER} status is now ${buildStatus}"
-				def details = "The build status changed to ${buildStatus}. For details see ${env.BUILD_URL}"
-
-				emailext(
-						subject: subject,
-						body: details,
-						recipientProviders: RECIPIENTS,
-						to: "$SPRING_SESSION_TEAM_EMAILS"
-				)
-			}
-		}
-	}
-}

README.adoc

@@ -1,6 +1,8 @@
 = Spring Session
 
-image:https://travis-ci.org/spring-projects/spring-session.svg?branch=master["Build Status", link="https://travis-ci.org/spring-projects/spring-session"] image:https://badges.gitter.im/spring-projects/spring-session.svg[link="https://gitter.im/spring-projects/spring-session?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge"]
+image:https://badges.gitter.im/spring-projects/spring-session.svg[link="https://gitter.im/spring-projects/spring-session?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge"]
+
+image:https://github.com/spring-projects/spring-session/workflows/CI/badge.svg?branch=master["Build Status", link="https://github.com/spring-projects/spring-session/actions?query=workflow%3ACI"]
 
 Spring Session provides an API and implementations for managing a user's session information, while also making it trivial to support clustered sessions without being tied to an application container specific solution.
 It also provides transparent integration with:
@@ -18,10 +20,16 @@ Spring Session consists of the following modules:
 * Spring Session JDBC - provides `SessionRepository` implementation backed by a relational database and configuration support
 * Spring Session Hazelcast - provides `SessionRepository` implementation backed by Hazelcast and configuration support
 
+
 == Code of Conduct
 
-This project adheres to the Contributor Covenant link:CODE_OF_CONDUCT.adoc[code of conduct].
-By participating, you  are expected to uphold this code. Please report unacceptable behavior to spring-code-of-conduct@pivotal.io.
+Please see our https://github.com/spring-projects/.github/blob/master/CODE_OF_CONDUCT.md[code of conduct]
+
+
+== Reporting Security Vulnerabilities
+
+Please see our https://github.com/spring-projects/spring-session/security/policy[Security policy].
+
 
 == Spring Session Project Site
 

build.gradle

@@ -4,16 +4,17 @@ buildscript {
 		snapshotBuild = version.endsWith('SNAPSHOT')
 		milestoneBuild = !(releaseBuild || snapshotBuild)
 
-		springBootVersion = '2.2.4.RELEASE'
+		springBootVersion = '2.4.0-M4'
 	}
 
 	repositories {
 		gradlePluginPortal()
 		maven { url 'https://repo.spring.io/plugins-release/' }
+        maven { url 'https://repo.spring.io/plugins-snapshot' }
 	}
 
 	dependencies {
-		classpath 'io.spring.gradle:spring-build-conventions:0.0.27.RELEASE'
+		classpath 'io.spring.gradle:spring-build-conventions:0.0.35.RELEASE'
 		classpath "org.springframework.boot:spring-boot-gradle-plugin:$springBootVersion"
 	}
 }

gradle.properties

@@ -1,3 +1,3 @@
 org.gradle.jvmargs=-Xmx2g -XX:MaxMetaspaceSize=512m -XX:+HeapDumpOnOutOfMemoryError -Dfile.encoding=UTF-8
 org.gradle.parallel=true
-version=2.3.0.M1
+version=2.4.2

gradle/dependency-management.gradle

@@ -1,35 +1,36 @@
 dependencyManagement {
 	imports {
-		mavenBom 'io.projectreactor:reactor-bom:Dysprosium-SR4'
-		mavenBom 'org.junit:junit-bom:5.5.2'
-		mavenBom 'org.springframework:spring-framework-bom:5.2.3.RELEASE'
-		mavenBom 'org.springframework.data:spring-data-releasetrain:Neumann-M2'
-		mavenBom 'org.springframework.security:spring-security-bom:5.3.0.M1'
-		mavenBom 'org.testcontainers:testcontainers-bom:1.12.2'
+		mavenBom 'io.projectreactor:reactor-bom:2020.0.3'
+		mavenBom 'org.junit:junit-bom:5.7.0'
+		mavenBom 'org.springframework:spring-framework-bom:5.3.3'
+		mavenBom 'org.springframework.data:spring-data-bom:2020.0.3'
+		mavenBom 'org.springframework.security:spring-security-bom:5.4.2'
+		mavenBom 'org.testcontainers:testcontainers-bom:1.15.1'
 	}
 
 	dependencies {
-		dependencySet(group: 'com.hazelcast', version: '3.12.5') {
+		dependencySet(group: 'com.hazelcast', version: '3.12.11') {
 			entry 'hazelcast'
 			entry 'hazelcast-client'
 		}
 
-		dependency 'com.h2database:h2:1.4.199'
+		dependency 'org.aspectj:aspectjweaver:1.9.6'
+		dependency 'com.h2database:h2:1.4.200'
 		dependency 'com.ibm.db2:jcc:11.5.0.0'
 		dependency 'com.microsoft.sqlserver:mssql-jdbc:7.4.1.jre8'
-		dependency 'com.oracle.ojdbc:ojdbc8:19.3.0.0'
-		dependency 'com.zaxxer:HikariCP:3.4.1'
+		dependency 'com.oracle.database.jdbc:ojdbc8:19.8.0.0'
+		dependency 'com.zaxxer:HikariCP:3.4.5'
 		dependency 'edu.umd.cs.mtc:multithreadedtc:1.01'
-		dependency 'io.lettuce:lettuce-core:5.2.0.RELEASE'
+		dependency 'io.lettuce:lettuce-core:6.0.2.RELEASE'
 		dependency 'javax.annotation:javax.annotation-api:1.3.2'
 		dependency 'javax.servlet:javax.servlet-api:4.0.1'
-		dependency 'junit:junit:4.12'
-		dependency 'mysql:mysql-connector-java:8.0.17'
+		dependency 'junit:junit:4.13.1'
+		dependency 'mysql:mysql-connector-java:8.0.22'
 		dependency 'org.apache.derby:derby:10.14.2.0'
-		dependency 'org.assertj:assertj-core:3.13.2'
-		dependency 'org.hsqldb:hsqldb:2.5.0'
-		dependency 'org.mariadb.jdbc:mariadb-java-client:2.4.4'
-		dependency 'org.mockito:mockito-core:3.0.0'
-		dependency 'org.postgresql:postgresql:42.2.8'
+		dependency 'org.assertj:assertj-core:3.18.0'
+		dependency 'org.hsqldb:hsqldb:2.5.1'
+		dependency 'org.mariadb.jdbc:mariadb-java-client:2.7.0'
+		dependency 'org.mockito:mockito-core:3.5.15'
+		dependency 'org.postgresql:postgresql:42.2.18'
 	}
 }

settings.gradle

@@ -5,6 +5,8 @@ include 'spring-session-data-redis'
 include 'spring-session-docs'
 include 'spring-session-hazelcast'
 include 'spring-session-jdbc'
+include 'hazelcast4'
+project(':hazelcast4').projectDir = file('spring-session-hazelcast/hazelcast4')
 
 file('spring-session-samples').eachDirMatch(~/spring-session-sample-.*/) { dir ->
     include dir.name

spring-session-core/spring-session-core.gradle

@@ -25,5 +25,6 @@ dependencies {
 	testCompile "org.springframework.security:spring-security-core"
 	testCompile "org.junit.jupiter:junit-jupiter-api"
 	testCompile "org.junit.jupiter:junit-jupiter-params"
+	testCompile "org.aspectj:aspectjweaver"
 	testRuntime "org.junit.jupiter:junit-jupiter-engine"
 }

spring-session-core/src/main/java/org/springframework/session/config/annotation/web/http/EnableSpringHttpSession.java

@@ -40,7 +40,7 @@ import org.springframework.session.events.SessionDestroyedEvent;
  *
  *     {@literal @Bean}
  *     public MapSessionRepository sessionRepository() {
- *         return new MapSessionRepository();
+ *         return new MapSessionRepository(new ConcurrentHashMap<>());
  *     }
  *
  * }

spring-session-core/src/main/java/org/springframework/session/config/annotation/web/http/SpringHttpSessionConfiguration.java

@@ -58,7 +58,7 @@ import org.springframework.util.ObjectUtils;
  *
  *     {@literal @Bean}
  *     public MapSessionRepository sessionRepository() {
- *         return new MapSessionRepository();
+ *         return new MapSessionRepository(new ConcurrentHashMap<>());
  *     }
  *
  * }

spring-session-core/src/main/java/org/springframework/session/config/annotation/web/server/EnableSpringWebSession.java

@@ -36,7 +36,7 @@ import org.springframework.context.annotation.Import;
  *
  *     {@literal @Bean}
  *     public ReactiveSessionRepository sessionRepository() {
- *         return new ReactiveMapSessionRepository();
+ *         return new ReactiveMapSessionRepository(new ConcurrentHashMap<>());
  *     }
  *
  * }

spring-session-core/src/main/java/org/springframework/session/web/http/DefaultCookieSerializer.java

@@ -308,7 +308,7 @@ public class DefaultCookieSerializer implements CookieSerializer {
 	/**
 	 * Sets the maxAge property of the Cookie. The default is to delete the cookie when
 	 * the browser is closed.
-	 * @param cookieMaxAge the maxAge property of the Cookie
+	 * @param cookieMaxAge the maxAge property of the Cookie (defined in seconds)
 	 */
 	public void setCookieMaxAge(int cookieMaxAge) {
 		this.cookieMaxAge = cookieMaxAge;

spring-session-core/src/main/java/org/springframework/session/web/http/OncePerRequestFilter.java

@@ -64,7 +64,7 @@ abstract class OncePerRequestFilter implements Filter {
 		}
 		HttpServletRequest httpRequest = (HttpServletRequest) request;
 		HttpServletResponse httpResponse = (HttpServletResponse) response;
-		String alreadyFilteredAttributeName = this.alreadyFilteredAttributeName;
+		String alreadyFilteredAttributeName = getAlreadyFilteredAttributeName();
 		boolean hasAlreadyFilteredAttribute = request.getAttribute(alreadyFilteredAttributeName) != null;
 
 		if (hasAlreadyFilteredAttribute) {

spring-session-core/src/test/java/org/springframework/session/web/http/OncePerRequestFilterAopTests.java

@@ -0,0 +1,70 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.web.http;
+
+import org.aspectj.lang.annotation.AfterReturning;
+import org.aspectj.lang.annotation.Aspect;
+import org.junit.jupiter.api.Test;
+import org.mockito.Mockito;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.EnableAspectJAutoProxy;
+import org.springframework.mock.web.MockFilterChain;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.session.SessionRepository;
+import org.springframework.session.web.http.OncePerRequestFilterAopTests.Config;
+import org.springframework.test.context.junit.jupiter.SpringJUnitConfig;
+
+import static org.assertj.core.api.Assertions.assertThatCode;
+
+@SpringJUnitConfig(classes = Config.class)
+class OncePerRequestFilterAopTests {
+
+	@Test
+	void doFilterOnce(@Autowired final OncePerRequestFilter filter) {
+		assertThatCode(() -> filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(),
+				new MockFilterChain())).as("`doFilter` does not throw NPE with the bean is being proxied by Spring AOP")
+						.doesNotThrowAnyException();
+	}
+
+	@SuppressWarnings({ "rawtypes", "unchecked" })
+	@Configuration
+	@EnableAspectJAutoProxy(proxyTargetClass = true)
+	@Aspect
+	public static class Config {
+
+		@Bean
+		public SessionRepository sessionRepository() {
+			return Mockito.mock(SessionRepository.class);
+		}
+
+		@Bean
+		public SessionRepositoryFilter filter() {
+			return new SessionRepositoryFilter(sessionRepository());
+		}
+
+		@AfterReturning("execution(* SessionRepositoryFilter.doFilterInternal(..))")
+		public void doInternalFilterPointcut() {
+			// no op
+		}
+
+	}
+
+}

spring-session-data-redis/src/integration-test/java/org/springframework/session/data/redis/AbstractRedisITests.java

@@ -29,7 +29,7 @@ import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactor
  */
 public abstract class AbstractRedisITests {
 
-	private static final String DOCKER_IMAGE = "redis:5.0.6";
+	private static final String DOCKER_IMAGE = "redis:5.0.10";
 
 	protected static class BaseConfig {
 

spring-session-data-redis/src/integration-test/java/org/springframework/session/data/redis/RedisIndexedSessionRepositoryITests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2020 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

spring-session-data-redis/src/main/java/org/springframework/session/data/redis/RedisIndexedSessionRepository.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2020 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -142,7 +142,7 @@ import org.springframework.util.Assert;
  * <p>
  * When a session is created an event is sent to Redis with the channel of
  * "spring:session:channel:created:33fdd1b6-b496-4b33-9f7d-df96679d32fe" such that
- * "33fdd1b6-b496-4b33-9f7d-df96679d32fe" is the sesion id. The body of the event will be
+ * "33fdd1b6-b496-4b33-9f7d-df96679d32fe" is the session id. The body of the event will be
  * the session that was created.
  * </p>
  *

spring-session-docs/spring-session-docs.gradle

@@ -25,7 +25,22 @@ dependencies {
 
 def versions = dependencyManagement.managedVersions
 
+asciidoctorPdf {
+    clearSources()
+    sources {
+        include "index.adoc"
+    }
+}
+
 asciidoctor {
+    clearSources()
+    sources {
+        include "index.adoc"
+        include "guides/*.adoc"
+    }
+}
+
+asciidoctorj {
 	def ghTag = snapshotBuild ? 'master' : project.version
 	def ghUrl = "https://github.com/spring-projects/spring-session/tree/$ghTag"
 
@@ -46,5 +61,7 @@ asciidoctor {
 			'spring-session-version': project.version,
 			'version-milestone': milestoneBuild,
 			'version-release': releaseBuild,
-			'version-snapshot': snapshotBuild
+			'version-snapshot': snapshotBuild,
+			'highlightjsdir@': "js/highlight",
+			'docinfodir@': "."
 }

spring-session-docs/src/docs/asciidoc/guides/boot-findbyusername.adoc

@@ -1,11 +1,16 @@
 = Spring Session - find by username
 Rob Winch
-:toc:
+:toc: left
+:stylesdir: ../
+:highlightjsdir: ../js/highlight
+:docinfodir: guides
 
 This guide describes how to use Spring Session to find sessions by username.
 
 NOTE: You can find the completed guide in the <<findbyusername-sample, findbyusername application>>.
 
+[#index-link]
+link:../index.html[Index]
 
 [[findbyusername-assumptions]]
 == Assumptions
@@ -23,7 +28,7 @@ Consider the following scenario:
 
 * User goes to library and authenticates to the application.
 * User goes home and realizes they forgot to log out.
-* User can log in and terminate the session from the library using clues like the location, created time, last accessed time, and so on.
+* User can log in and end the session from the library using clues like the location, created time, last accessed time, and so on.
 
 Would it not be nice if we could let the user invalidate the session at the library from any device with which they authenticate?
 This sample demonstrates how this is possible.
@@ -140,5 +145,5 @@ You can emulate the flow we discussed in the <<About the Sample>> section by doi
 * Enter the following to log in:
 ** *Username* _user_
 ** *Password* _password_
-* Terminate your original session.
+* End your original session.
 * Refresh the original window and see that you are logged out.

spring-session-docs/src/docs/asciidoc/guides/boot-jdbc.adoc

@@ -1,11 +1,17 @@
 = Spring Session - Spring Boot
 Rob Winch, Vedran Pavić
-:toc:
+:toc: left
+:stylesdir: ../
+:highlightjsdir: ../js/highlight
+:docinfodir: guides
 
 This guide describes how to use Spring Session to transparently leverage a relational database to back a web application's `HttpSession` when you use Spring Boot.
 
 NOTE: You can find the completed guide in the <<httpsession-jdbc-boot-sample, httpsession-jdbc-boot sample application>>.
 
+[#index-link]
+link:../index.html[Index]
+
 == Updating Dependencies
 
 Before you use Spring Session, you must update your dependencies.
@@ -46,6 +52,9 @@ spring.session.store-type=jdbc # Session store type.
 ----
 ====
 
+If a single Spring Session module is present on the classpath, Spring Boot uses that store implementation automatically.
+If you have more than one implementation, you must choose the StoreType that you wish to use to store the sessions, as shows above.
+
 Under the hood, Spring Boot applies configuration that is equivalent to manually adding the `@EnableJdbcHttpSession` annotation.
 This creates a Spring bean with the name of `springSessionRepositoryFilter`. That bean implements `Filter`.
 The filter is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.

spring-session-docs/src/docs/asciidoc/guides/boot-redis.adoc

@@ -1,11 +1,17 @@
 = Spring Session - Spring Boot
 Rob Winch, Vedran Pavić
-:toc:
+:toc: left
+:stylesdir: ../
+:highlightjsdir: ../js/highlight
+:docinfodir: guides
 
 This guide describes how to use Spring Session to transparently leverage Redis to back a web application's `HttpSession` when you use Spring Boot.
 
 NOTE: You can find the completed guide in the <<boot-sample, boot sample application>>.
 
+[#index-link]
+link:../index.html[Index]
+
 == Updating Dependencies
 
 Before you use Spring Session, you must ensure your dependencies.
@@ -53,7 +59,7 @@ Further customization is possible by using `application.properties`, as the foll
 .src/main/resources/application.properties
 ----
 server.servlet.session.timeout= # Session timeout. If a duration suffix is not specified, seconds is used.
-spring.session.redis.flush-mode=on-save # Sessions flush mode.
+spring.session.redis.flush-mode=on_save # Sessions flush mode.
 spring.session.redis.namespace=spring:session # Namespace for keys used to store sessions.
 ----
 ====
@@ -151,6 +157,6 @@ To do so, enter the following into your terminal, being sure to replace `7e8383a
 ----
 	$ redis-cli del spring:session:sessions:7e8383a4-082c-4ffe-a4bc-c40fd3363c5e
 ----
-=====
+====
 
 Now you can visit the application at http://localhost:8080/ and observe that we are no longer authenticated.

spring-session-docs/src/docs/asciidoc/guides/boot-webflux-custom-cookie.adoc

@@ -0,0 +1,66 @@
+= Spring Session - WebFlux with Custom Cookie
+Eleftheria Stein-Kousathana
+:toc: left
+:stylesdir: ../
+:highlightjsdir: ../js/highlight
+:docinfodir: guides
+
+This guide describes how to configure Spring Session to use custom cookies in a WebFlux based application.
+The guide assumes you have already set up Spring Session in your project using your chosen data store. For example, link:./boot-redis.html[HttpSession with Redis].
+
+NOTE: You can find the completed guide in the <<webflux-custom-cookie-sample, WebFlux Custom Cookie sample application>>.
+
+[#index-link]
+link:../index.html[Index]
+
+[[webflux-custom-cookie-spring-configuration]]
+== Spring Boot Configuration
+
+Once you have set up Spring Session, you can customize how the session cookie is written by exposing a `WebSessionIdResolver` as a Spring bean.
+Spring Session uses a `CookieWebSessionIdResolver` by default.
+Exposing the `WebSessionIdResolver` as a Spring bean augments the existing configuration when you use configurations like `@EnableRedisHttpSession`.
+The following example shows how to customize Spring Session's cookie:
+
+====
+[source,java]
+----
+include::{samples-dir}spring-session-sample-boot-webflux-custom-cookie/src/main/java/sample/CookieConfig.java[tags=webflux-cookie-serializer]
+----
+
+<1> We customize the name of the cookie to be `JSESSIONID`.
+<2> We customize the path of the cookie to be `/` (rather than the default of the context root).
+<3> We customize the `SameSite` cookie directive to be `Strict`.
+====
+
+[[webflux-custom-cookie-sample]]
+== `webflux-custom-cookie` Sample Application
+
+This section describes how to work with the `webflux-custom-cookie` sample application.
+
+=== Running the `webflux-custom-cookie` Sample Application
+
+You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
+
+====
+----
+$ ./gradlew :spring-session-sample-boot-webflux-custom-cookie:bootRun
+----
+====
+
+NOTE: For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
+Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
+Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
+
+You should now be able to access the application at http://localhost:8080/
+
+=== Exploring the `webflux-custom-cookie` Sample Application
+
+Now you can use the application. Fill out the form with the following information:
+
+* *Attribute Name:* _username_
+* *Attribute Value:* _rob_
+
+Now click the *Set Attribute* button.
+You should now see the values displayed in the table.
+
+If you look at the cookies for the application, you can see the cookie is saved to the custom name of `JSESSIONID`.

spring-session-docs/src/docs/asciidoc/guides/boot-websocket.adoc

@@ -1,7 +1,10 @@
 = Spring Session - WebSocket
 Rob Winch
-:toc:
+:toc: left
 :websocketdoc-test-dir: {docs-test-dir}docs/websocket/
+:stylesdir: ../
+:highlightjsdir: ../js/highlight
+:docinfodir: guides
 
 This guide describes how to use Spring Session to ensure that WebSocket messages keep your HttpSession alive.
 
@@ -12,9 +15,12 @@ Specifically,it does not work with using https://www.jcp.org/en/jsr/detail?id=35
 
 // end::disclaimer[]
 
+[#index-link]
+link:../index.html[Index]
+
 == HttpSession Setup
 
-The first step is to integrate Spring Session with the HttpSession. These steps are already outlined in the link:httpsession.html[HttpSession Guide].
+The first step is to integrate Spring Session with the HttpSession. These steps are already outlined in the link:./boot-redis.html[HttpSession with Redis Guide].
 
 Please make sure you have already integrated Spring Session with HttpSession before proceeding.
 
@@ -53,14 +59,14 @@ What does `AbstractSessionWebSocketMessageBrokerConfigurer` do behind the scenes
 
 * `WebSocketConnectHandlerDecoratorFactory` is added as a `WebSocketHandlerDecoratorFactory` to `WebSocketTransportRegistration`.
 This ensures a custom `SessionConnectEvent` is fired that contains the `WebSocketSession`.
-The `WebSocketSession` is necessary to terminate any WebSocket connections that are still open when a Spring Session is terminated.
+The `WebSocketSession` is necessary to end any WebSocket connections that are still open when a Spring Session is ended.
 * `SessionRepositoryMessageInterceptor` is added as a `HandshakeInterceptor` to every `StompWebSocketEndpointRegistration`.
 This ensures that the `Session` is added to the WebSocket properties to enable updating the last accessed time.
 * `SessionRepositoryMessageInterceptor` is added as a `ChannelInterceptor` to our inbound `ChannelRegistration`.
 This ensures that every time an inbound message is received, that the last accessed time of our Spring Session is updated.
 * `WebSocketRegistryListener` is created as a Spring bean.
 This ensures that we have a mapping of all of the `Session` IDs to the corresponding WebSocket connections.
-By maintaining this mapping, we can close all the WebSocket connections when a Spring Session (HttpSession) is terminated.
+By maintaining this mapping, we can close all the WebSocket connections when a Spring Session (HttpSession) is ended.
 
 
 // end::config[]
@@ -125,7 +131,7 @@ You can see that the message is no longer sent.
 ====
 Spring Session expires in 60 seconds, but the notification from Redis is not guaranteed to happen within 60 seconds.
 To ensure the socket is closed in a reasonable amount of time, Spring Session runs a background task every minute at 00 seconds that forcibly cleans up any expired sessions.
-This means you need to wait at most two minutes before the WebSocket connection is terminated.
+This means you need to wait at most two minutes before the WebSocket connection is closed.
 ====
 
 You can now try accessing http://localhost:8080/

spring-session-docs/src/docs/asciidoc/guides/docinfo-footer.html

@@ -0,0 +1,2 @@
+<script type="text/javascript" src="../js/tocbot/tocbot.min.js"></script>
+<script type="text/javascript" src="../js/toc.js"></script>

spring-session-docs/src/docs/asciidoc/guides/java-custom-cookie.adoc

@@ -1,12 +1,18 @@
 = Spring Session - Custom Cookie
 Rob Winch; Eleftheria Stein-Kousathana
-:toc:
+:toc: left
+:stylesdir: ../
+:highlightjsdir: ../js/highlight
+:docinfodir: guides
 
 This guide describes how to configure Spring Session to use custom cookies with Java Configuration.
-The guide assumes you have already link:./httpsession.html[set up Spring Session in your project].
+The guide assumes you have already set up Spring Session in your project using your chosen data store. For example, link:./boot-redis.html[HttpSession with Redis].
 
 NOTE: You can find the completed guide in the <<custom-cookie-sample, Custom Cookie sample application>>.
 
+[#index-link]
+link:../index.html[Index]
+
 [[custom-cookie-spring-configuration]]
 == Spring Java Configuration
 

spring-session-docs/src/docs/asciidoc/guides/java-hazelcast.adoc

@@ -1,12 +1,18 @@
 = Spring Session and Spring Security with Hazelcast
 Tommy Ludwig; Rob Winch
-:toc:
+:toc: left
+:stylesdir: ../
+:highlightjsdir: ../js/highlight
+:docinfodir: guides
 
 This guide describes how to use Spring Session along with Spring Security when you use Hazelcast as your data store.
 It assumes that you have already applied Spring Security to your application.
 
 NOTE: You cand find the completed guide in the <<hazelcast-spring-security-sample, Hazelcast Spring Security sample application>>.
 
+[#index-link]
+link:../index.html[Index]
+
 == Updating Dependencies
 
 Before you use Spring Session, you must update your dependencies.
@@ -91,11 +97,18 @@ The filter is in charge of replacing the `HttpSession` implementation to be back
 In this instance, Spring Session is backed by Hazelcast.
 <2> In order to support retrieval of sessions by principal name index, an appropriate `ValueExtractor` needs to be registered.
 Spring Session provides `PrincipalNameExtractor` for this purpose.
-<3> We create a `HazelcastInstance` that connects Spring Session to Hazelcast.
+<3> In order to serialize `MapSession` objects efficiently, `HazelcastSessionSerializer` needs to be registered. If this
+is not set, Hazelcast will serialize sessions using native Java serialization.
+<4> We create a `HazelcastInstance` that connects Spring Session to Hazelcast.
 By default, the application starts and connects to an embedded instance of Hazelcast.
 For more information on configuring Hazelcast, see the https://docs.hazelcast.org/docs/{hazelcast-version}/manual/html-single/index.html#hazelcast-configuration[reference documentation].
 ====
 
+NOTE: If `HazelcastSessionSerializer` is preferred, it needs to be configured for all Hazelcast cluster members before they start.
+In a Hazelcast cluster, all members should use the same serialization method for sessions. Also, if Hazelcast Client/Server topology
+is used, then both members and clients must use the same serialization method. The serializer can be registered via `ClientConfig`
+with the same `SerializerConfiguration` of members.
+
 == Servlet Container Initialization
 
 Our <<security-spring-configuration,Spring Configuration>> created a Spring bean named `springSessionRepositoryFilter` that implements `Filter`.

spring-session-docs/src/docs/asciidoc/guides/java-jdbc.adoc

@@ -1,11 +1,17 @@
 = Spring Session - HttpSession (Quick Start)
 Rob Winch, Vedran Pavić
-:toc:
+:toc: left
+:stylesdir: ../
+:highlightjsdir: ../js/highlight
+:docinfodir: guides
 
 This guide describes how to use Spring Session to transparently leverage a relational database to back a web application's `HttpSession` with Java Configuration.
 
 NOTE: You can find the completed guide in the <<httpsession-jdbc-sample, httpsession-jdbc sample application>>.
 
+[#index-link]
+link:../index.html[Index]
+
 == Updating Dependencies
 
 Before you use Spring Session, you must update your dependencies.
@@ -99,7 +105,7 @@ For additional information on how to configure data access related concerns, see
 
 == Java Servlet Container Initialization
 
-Our <<httpsession-spring-configuration,Spring Configuration>> created a Spring bean named `springSessionRepositoryFilter` that implements `Filter`.
+Our <<httpsession-jdbc-spring-configuration,Spring Configuration>> created a Spring bean named `springSessionRepositoryFilter` that implements `Filter`.
 The `springSessionRepositoryFilter` bean is responsible for replacing the `HttpSession` with a custom implementation that is backed by Spring Session.
 
 In order for our `Filter` to do its magic, Spring needs to load our `Config` class.
@@ -122,6 +128,36 @@ Doing so ensures that the Spring bean named `springSessionRepositoryFilter` is r
 <2> `AbstractHttpSessionApplicationInitializer` also provides a mechanism to ensure Spring loads our `Config`.
 ====
 
+== Multiple DataSources
+Spring Session provides the `@SpringSessionDataSource` qualifier, allowing you to explicitly declare which `DataSource` bean should be injected in `JdbcIndexedSessionRepository`.
+This is particularly useful in scenarios with multiple `DataSource` beans present in the application context.
+
+The following example shows how to do so:
+
+====
+.Config.java
+[source,java]
+----
+@EnableJdbcHttpSession
+public class Config {
+
+	@Bean
+	@SpringSessionDataSource // <1>
+	public EmbeddedDatabase firstDataSource() {
+		return new EmbeddedDatabaseBuilder()
+				.setType(EmbeddedDatabaseType.H2).addScript("org/springframework/session/jdbc/schema-h2.sql").build();
+	}
+
+	@Bean
+	public HikariDataSource secondDataSource() {
+		// ...
+	}
+}
+----
+
+<1> This qualifier declares that firstDataSource is to be used by Spring Session.
+====
+
 // end::config[]
 
 [[httpsession-jdbc-sample]]

spring-session-docs/src/docs/asciidoc/guides/java-redis.adoc

@@ -1,12 +1,18 @@
 = Spring Session - HttpSession (Quick Start)
 Rob Winch
-:toc:
+:toc: left
 :version-snapshot: true
+:stylesdir: ../
+:highlightjsdir: ../js/highlight
+:docinfodir: guides
 
 This guide describes how to use Spring Session to transparently leverage Redis to back a web application's `HttpSession` with Java Configuration.
 
 NOTE: You can find the completed guide in the <<httpsession-sample, httpsession sample application>>.
 
+[#index-link]
+link:../index.html[Index]
+
 == Updating Dependencies
 Before you use Spring Session, you must update your dependencies.
 If you are using Maven, you must add the following dependencies:

spring-session-docs/src/docs/asciidoc/guides/java-rest.adoc

@@ -1,11 +1,17 @@
 = Spring Session - REST
 Rob Winch
-:toc:
+:toc: left
+:stylesdir: ../
+:highlightjsdir: ../js/highlight
+:docinfodir: guides
 
 This guide describes how to use Spring Session to transparently leverage Redis to back a web application's `HttpSession` when you use REST endpoints.
 
 NOTE: You can find the completed guide in the <<rest-sample, rest sample application>>.
 
+[#index-link]
+link:../index.html[Index]
+
 == Updating Dependencies
 
 Before you use Spring Session, you must update your dependencies.
@@ -241,7 +247,7 @@ $ curl -v http://localhost:8080/ -u user:password
 
 In the output, you should notice the following:
 
-===
+====
 ----
 HTTP/1.1 200 OK
 ...

spring-session-docs/src/docs/asciidoc/guides/java-security.adoc

@@ -1,12 +1,18 @@
 = Spring Session and Spring Security
 Rob Winch
-:toc:
+:toc: left
+:stylesdir: ../
+:highlightjsdir: ../js/highlight
+:docinfodir: guides
 
 This guide describes how to use Spring Session along with Spring Security.
 It assumes you have already applied Spring Security to your application.
 
 NOTE: You can find the completed guide in the <<security-sample, security sample application>>.
 
+[#index-link]
+link:../index.html[Index]
+
 == Updating Dependencies
 Before you use Spring Session, you must update your dependencies.
 If you use Maven, you must add the following dependencies:

spring-session-docs/src/docs/asciidoc/guides/xml-jdbc.adoc

@@ -1,11 +1,17 @@
 = Spring Session - HttpSession (Quick Start)
 Rob Winch, Vedran Pavić
-:toc:
+:toc: left
+:stylesdir: ../
+:highlightjsdir: ../js/highlight
+:docinfodir: guides
 
 This guide describes how to use Spring Session to transparently leverage a relational to back a web application's `HttpSession` with XML based configuration.
 
 NOTE: You can find the completed guide in the <<httpsession-jdbc-xml-sample, httpsession-jdbc-xml sample application>>.
 
+[#index-link]
+link:../index.html[Index]
+
 == Updating Dependencies
 
 Before you use Spring Session, you must update your dependencies.
@@ -68,8 +74,8 @@ You must have the following in your pom.xml:
 	<url>https://repo.spring.io/libs-milestone</url>
 </repository>
 ----
-endif::[]
 ====
+endif::[]
 
 // tag::config[]
 
@@ -101,7 +107,7 @@ For additional information on how to configure data access-related concerns, see
 
 == XML Servlet Container Initialization
 
-Our <<httpsession-xml-spring-configuration,Spring Configuration>> created a Spring bean named `springSessionRepositoryFilter` that implements `Filter`.
+Our <<httpsession-jdbc-xml-spring-configuration,Spring Configuration>> created a Spring bean named `springSessionRepositoryFilter` that implements `Filter`.
 The `springSessionRepositoryFilter` bean is responsible for replacing the `HttpSession` with a custom implementation that is backed by Spring Session.
 
 In order for our `Filter` to do its magic, we need to instruct Spring to load our `session.xml` configuration.

spring-session-docs/src/docs/asciidoc/guides/xml-redis.adoc

@@ -1,11 +1,17 @@
 = Spring Session - HttpSession (Quick Start)
 Rob Winch
-:toc:
+:toc: left
+:stylesdir: ../
+:highlightjsdir: ../js/highlight
+:docinfodir: guides
 
 This guide describes how to use Spring Session to transparently leverage Redis to back a web application's `HttpSession` with XML-based configuration.
 
 NOTE: You can find the completed guide in the <<httpsession-xml-sample, httpsession-xml sample application>>.
 
+[#index-link]
+link:../index.html[Index]
+
 == Updating Dependencies
 Before you use Spring Session, you must update your dependencies.
 If you use Maven, you must add the following dependencies:

spring-session-docs/src/docs/asciidoc/index.adoc

@@ -58,6 +58,10 @@ To get started with Spring Session, the best place to start is our Sample Applic
 | Demonstrates how to use Spring Session to replace the `HttpSession` with a relational database store.
 | link:guides/boot-jdbc.html[HttpSession with JDBC Guide]
 
+| {gh-samples-url}spring-session-sample-boot-hazelcast[HttpSession with Hazelcast]
+| Demonstrates how to use Spring Session to replace the `HttpSession` with Hazelcast.
+|
+
 | {gh-samples-url}spring-session-sample-boot-findbyusername[Find by Username]
 | Demonstrates how to use Spring Session to find sessions by username.
 | link:guides/boot-findbyusername.html[Find by Username Guide]
@@ -70,6 +74,10 @@ To get started with Spring Session, the best place to start is our Sample Applic
 | Demonstrates how to use Spring Session to replace the Spring WebFlux's `WebSession` with Redis.
 |
 
+| {gh-samples-url}spring-session-sample-boot-webflux-custom-cookie[WebFlux with Custom Cookie]
+| Demonstrates how to use Spring Session to customize the Session cookie in a WebFlux based application.
+| link:guides/boot-webflux-custom-cookie.html[WebFlux with Custom Cookie Guide]
+
 | {gh-samples-url}spring-session-sample-boot-redis-json[HttpSession with Redis JSON serialization]
 | Demonstrates how to use Spring Session to replace the `HttpSession` with Redis using JSON serialization.
 |
@@ -289,7 +297,7 @@ Any method that returns an `HttpSession` is overridden.
 All other methods are implemented by `HttpServletRequestWrapper` and delegate to the original `HttpServletRequest` implementation.
 
 We replace the `HttpServletRequest` implementation by using a servlet `Filter` called `SessionRepositoryFilter`.
-The pseudocode belows:
+The following pseudocode shows how it works:
 
 ====
 [source, java]
@@ -1173,8 +1181,8 @@ include::{session-jdbc-main-resources-dir}org/springframework/session/jdbc/schem
 
 ==== Transaction Management
 
-All JDBC operations in `JdbcIndexedSessionRepository` are executed in a transactional manner.
-Transactions are executed with propagation set to `REQUIRES_NEW` in order to avoid unexpected behavior due to interference with existing transactions (for example, running a `save` operation in a thread that already participates in a read-only transaction).
+All JDBC operations in `JdbcIndexedSessionRepository` are performed in a transactional manner.
+Transactions are performed with propagation set to `REQUIRES_NEW` in order to avoid unexpected behavior due to interference with existing transactions (for example, running a `save` operation in a thread that already participates in a read-only transaction).
 
 [[api-hazelcastindexedsessionrepository]]
 === Using `HazelcastIndexedSessionRepository`

spring-session-docs/src/test/java/docs/http/HazelcastHttpSessionConfig.java

@@ -19,12 +19,15 @@ package docs.http;
 import com.hazelcast.config.Config;
 import com.hazelcast.config.MapAttributeConfig;
 import com.hazelcast.config.MapIndexConfig;
+import com.hazelcast.config.SerializerConfig;
 import com.hazelcast.core.Hazelcast;
 import com.hazelcast.core.HazelcastInstance;
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.session.MapSession;
 import org.springframework.session.hazelcast.HazelcastIndexedSessionRepository;
+import org.springframework.session.hazelcast.HazelcastSessionSerializer;
 import org.springframework.session.hazelcast.PrincipalNameExtractor;
 import org.springframework.session.hazelcast.config.annotation.web.http.EnableHazelcastHttpSession;
 
@@ -42,7 +45,10 @@ public class HazelcastHttpSessionConfig {
 		config.getMapConfig(HazelcastIndexedSessionRepository.DEFAULT_SESSION_MAP_NAME) // <2>
 				.addMapAttributeConfig(attributeConfig).addMapIndexConfig(
 						new MapIndexConfig(HazelcastIndexedSessionRepository.PRINCIPAL_NAME_ATTRIBUTE, false));
-		return Hazelcast.newHazelcastInstance(config); // <3>
+		SerializerConfig serializerConfig = new SerializerConfig();
+		serializerConfig.setImplementation(new HazelcastSessionSerializer()).setTypeClass(MapSession.class);
+		config.getSerializationConfig().addSerializerConfig(serializerConfig); // <3>
+		return Hazelcast.newHazelcastInstance(config); // <4>
 	}
 
 }

spring-session-docs/src/test/java/docs/security/RememberMeSecurityConfiguration.java

@@ -19,6 +19,7 @@ package docs.security;
 import java.util.concurrent.ConcurrentHashMap;
 
 import org.springframework.context.annotation.Bean;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@@ -41,14 +42,16 @@ public class RememberMeSecurityConfiguration extends WebSecurityConfigurerAdapte
 	protected void configure(HttpSecurity http) throws Exception {
 		http
 			// ... additional configuration ...
-			.rememberMe()
-				.rememberMeServices(rememberMeServices());
+			.rememberMe((rememberMe) -> rememberMe
+				.rememberMeServices(rememberMeServices())
+			);
 		// end::http-rememberme[]
 
 		http
-			.formLogin().and()
-			.authorizeRequests()
-				.anyRequest().authenticated();
+			.formLogin(Customizer.withDefaults())
+			.authorizeRequests((authorize) -> authorize
+				.anyRequest().authenticated()
+			);
 	}
 
 	// tag::rememberme-bean[]

spring-session-docs/src/test/java/docs/security/SecurityConfiguration.java

@@ -40,9 +40,10 @@ public class SecurityConfiguration<S extends Session> extends WebSecurityConfigu
 		// @formatter:off
 		http
 			// other config goes here...
-			.sessionManagement()
+			.sessionManagement((sessionManagement) -> sessionManagement
 				.maximumSessions(2)
-				.sessionRegistry(sessionRegistry());
+				.sessionRegistry(sessionRegistry())
+			);
 		// @formatter:on
 	}
 

spring-session-hazelcast/hazelcast4/hazelcast4.gradle

@@ -0,0 +1,48 @@
+buildscript {
+    repositories {
+        maven { url 'https://repo.spring.io/plugins-release' }
+    }
+    dependencies {
+        classpath 'io.spring.gradle:propdeps-plugin:0.0.10.RELEASE'
+    }
+}
+
+plugins {
+    id 'java-library'
+    id 'io.spring.convention.repository'
+    id 'io.spring.convention.springdependencymangement'
+    id 'io.spring.convention.dependency-set'
+    id 'io.spring.convention.checkstyle'
+    id 'io.spring.convention.tests-configuration'
+    id 'io.spring.convention.integration-test'
+    id 'propdeps'
+}
+
+configurations {
+    classesOnlyElements {
+        canBeConsumed = true
+        canBeResolved = false
+    }
+}
+
+artifacts {
+    classesOnlyElements(compileJava.destinationDir)
+}
+
+dependencies {
+    compile project(':spring-session-core')
+    optional "com.hazelcast:hazelcast:4.0.3"
+    compile "org.springframework:spring-context"
+    compile "javax.annotation:javax.annotation-api"
+
+    testCompile "javax.servlet:javax.servlet-api"
+    testCompile "org.springframework:spring-web"
+    testCompile "org.junit.jupiter:junit-jupiter-api"
+    testCompile "org.springframework.security:spring-security-core"
+    testRuntime "org.junit.jupiter:junit-jupiter-engine"
+
+    integrationTestCompile "org.testcontainers:testcontainers"
+    integrationTestCompile "com.hazelcast:hazelcast:4.0.3"
+    integrationTestCompile project(":spring-session-hazelcast")
+}
+

spring-session-hazelcast/hazelcast4/src/integration-test/java/org/springframework/session/hazelcast/AbstractHazelcast4IndexedSessionRepositoryITests.java

@@ -0,0 +1,200 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.hazelcast;
+
+import com.hazelcast.core.HazelcastInstance;
+import com.hazelcast.map.IMap;
+import org.junit.jupiter.api.Test;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.session.MapSession;
+import org.springframework.session.hazelcast.Hazelcast4IndexedSessionRepository.HazelcastSession;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * Base class for {@link Hazelcast4IndexedSessionRepository} integration tests.
+ *
+ * @author Eleftheria Stein
+ */
+abstract class AbstractHazelcast4IndexedSessionRepositoryITests {
+
+	private static final String SPRING_SECURITY_CONTEXT = "SPRING_SECURITY_CONTEXT";
+
+	@Autowired
+	private HazelcastInstance hazelcastInstance;
+
+	@Autowired
+	private Hazelcast4IndexedSessionRepository repository;
+
+	@Test
+	void createAndDestroySession() {
+		HazelcastSession sessionToSave = this.repository.createSession();
+		String sessionId = sessionToSave.getId();
+
+		IMap<String, MapSession> hazelcastMap = this.hazelcastInstance
+				.getMap(Hazelcast4IndexedSessionRepository.DEFAULT_SESSION_MAP_NAME);
+
+		assertThat(hazelcastMap.size()).isEqualTo(0);
+
+		this.repository.save(sessionToSave);
+
+		assertThat(hazelcastMap.size()).isEqualTo(1);
+		assertThat(hazelcastMap.get(sessionId)).isEqualTo(sessionToSave);
+
+		this.repository.deleteById(sessionId);
+
+		assertThat(hazelcastMap.size()).isEqualTo(0);
+	}
+
+	@Test
+	void changeSessionIdWhenOnlyChangeId() {
+		String attrName = "changeSessionId";
+		String attrValue = "changeSessionId-value";
+		HazelcastSession toSave = this.repository.createSession();
+		toSave.setAttribute(attrName, attrValue);
+
+		this.repository.save(toSave);
+
+		HazelcastSession findById = this.repository.findById(toSave.getId());
+
+		assertThat(findById.<String>getAttribute(attrName)).isEqualTo(attrValue);
+
+		String originalFindById = findById.getId();
+		String changeSessionId = findById.changeSessionId();
+
+		this.repository.save(findById);
+
+		assertThat(this.repository.findById(originalFindById)).isNull();
+
+		HazelcastSession findByChangeSessionId = this.repository.findById(changeSessionId);
+
+		assertThat(findByChangeSessionId.<String>getAttribute(attrName)).isEqualTo(attrValue);
+
+		this.repository.deleteById(changeSessionId);
+	}
+
+	@Test
+	void changeSessionIdWhenChangeTwice() {
+		HazelcastSession toSave = this.repository.createSession();
+
+		this.repository.save(toSave);
+
+		String originalId = toSave.getId();
+		String changeId1 = toSave.changeSessionId();
+		String changeId2 = toSave.changeSessionId();
+
+		this.repository.save(toSave);
+
+		assertThat(this.repository.findById(originalId)).isNull();
+		assertThat(this.repository.findById(changeId1)).isNull();
+		assertThat(this.repository.findById(changeId2)).isNotNull();
+
+		this.repository.deleteById(changeId2);
+	}
+
+	@Test
+	void changeSessionIdWhenSetAttributeOnChangedSession() {
+		String attrName = "changeSessionId";
+		String attrValue = "changeSessionId-value";
+
+		HazelcastSession toSave = this.repository.createSession();
+
+		this.repository.save(toSave);
+
+		HazelcastSession findById = this.repository.findById(toSave.getId());
+
+		findById.setAttribute(attrName, attrValue);
+
+		String originalFindById = findById.getId();
+		String changeSessionId = findById.changeSessionId();
+
+		this.repository.save(findById);
+
+		assertThat(this.repository.findById(originalFindById)).isNull();
+
+		HazelcastSession findByChangeSessionId = this.repository.findById(changeSessionId);
+
+		assertThat(findByChangeSessionId.<String>getAttribute(attrName)).isEqualTo(attrValue);
+
+		this.repository.deleteById(changeSessionId);
+	}
+
+	@Test
+	void changeSessionIdWhenHasNotSaved() {
+		HazelcastSession toSave = this.repository.createSession();
+		String originalId = toSave.getId();
+		toSave.changeSessionId();
+
+		this.repository.save(toSave);
+
+		assertThat(this.repository.findById(toSave.getId())).isNotNull();
+		assertThat(this.repository.findById(originalId)).isNull();
+
+		this.repository.deleteById(toSave.getId());
+	}
+
+	@Test // gh-1076
+	void attemptToUpdateSessionAfterDelete() {
+		HazelcastSession session = this.repository.createSession();
+		String sessionId = session.getId();
+		this.repository.save(session);
+		session = this.repository.findById(sessionId);
+		session.setAttribute("attributeName", "attributeValue");
+		this.repository.deleteById(sessionId);
+		this.repository.save(session);
+
+		assertThat(this.repository.findById(sessionId)).isNull();
+	}
+
+	@Test
+	void createAndUpdateSession() {
+		HazelcastSession session = this.repository.createSession();
+		String sessionId = session.getId();
+
+		this.repository.save(session);
+
+		session = this.repository.findById(sessionId);
+		session.setAttribute("attributeName", "attributeValue");
+
+		this.repository.save(session);
+
+		assertThat(this.repository.findById(sessionId)).isNotNull();
+	}
+
+	@Test
+	void createSessionWithSecurityContextAndFindById() {
+		HazelcastSession session = this.repository.createSession();
+		String sessionId = session.getId();
+
+		Authentication authentication = new UsernamePasswordAuthenticationToken("saves-" + System.currentTimeMillis(),
+				"password", AuthorityUtils.createAuthorityList("ROLE_USER"));
+		SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
+		securityContext.setAuthentication(authentication);
+		session.setAttribute(SPRING_SECURITY_CONTEXT, securityContext);
+
+		this.repository.save(session);
+
+		assertThat(this.repository.findById(sessionId)).isNotNull();
+	}
+
+}

spring-session-hazelcast/hazelcast4/src/integration-test/java/org/springframework/session/hazelcast/ClientServerHazelcast4IndexedSessionRepositoryITests.java

@@ -0,0 +1,78 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.hazelcast;
+
+import com.hazelcast.client.HazelcastClient;
+import com.hazelcast.client.config.ClientConfig;
+import com.hazelcast.core.HazelcastInstance;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.testcontainers.containers.GenericContainer;
+import org.testcontainers.utility.MountableFile;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.session.MapSession;
+import org.springframework.session.Session;
+import org.springframework.session.hazelcast.config.annotation.web.http.EnableHazelcastHttpSession;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.context.web.WebAppConfiguration;
+
+/**
+ * Integration tests for {@link Hazelcast4IndexedSessionRepository} using client-server
+ * topology.
+ *
+ * @author Eleftheria Stein
+ */
+@ExtendWith(SpringExtension.class)
+@ContextConfiguration
+@WebAppConfiguration
+class ClientServerHazelcast4IndexedSessionRepositoryITests extends AbstractHazelcast4IndexedSessionRepositoryITests {
+
+	private static GenericContainer container = new GenericContainer<>("hazelcast/hazelcast:4.0.2")
+			.withExposedPorts(5701).withCopyFileToContainer(MountableFile.forClasspathResource("/hazelcast-server.xml"),
+					"/opt/hazelcast/hazelcast.xml");
+
+	@BeforeAll
+	static void setUpClass() {
+		container.start();
+	}
+
+	@AfterAll
+	static void tearDownClass() {
+		container.stop();
+	}
+
+	@Configuration
+	@EnableHazelcastHttpSession
+	static class HazelcastSessionConfig {
+
+		@Bean
+		HazelcastInstance hazelcastInstance() {
+			ClientConfig clientConfig = new ClientConfig();
+			clientConfig.getNetworkConfig()
+					.addAddress(container.getContainerIpAddress() + ":" + container.getFirstMappedPort());
+			clientConfig.getUserCodeDeploymentConfig().setEnabled(true).addClass(Session.class)
+					.addClass(MapSession.class).addClass(Hazelcast4SessionUpdateEntryProcessor.class);
+			return HazelcastClient.newHazelcastClient(clientConfig);
+		}
+
+	}
+
+}

spring-session-hazelcast/hazelcast4/src/integration-test/java/org/springframework/session/hazelcast/EmbeddedHazelcast4IndexedSessionRepositoryITests.java

@@ -0,0 +1,51 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.hazelcast;
+
+import com.hazelcast.core.HazelcastInstance;
+import org.junit.jupiter.api.extension.ExtendWith;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.session.hazelcast.config.annotation.web.http.EnableHazelcastHttpSession;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.context.web.WebAppConfiguration;
+
+/**
+ * Integration tests for {@link Hazelcast4IndexedSessionRepository} using embedded
+ * topology.
+ *
+ * @author Eleftheria Stein
+ */
+@ExtendWith(SpringExtension.class)
+@ContextConfiguration
+@WebAppConfiguration
+class EmbeddedHazelcast4IndexedSessionRepositoryITests extends AbstractHazelcast4IndexedSessionRepositoryITests {
+
+	@EnableHazelcastHttpSession
+	@Configuration
+	static class HazelcastSessionConfig {
+
+		@Bean
+		HazelcastInstance hazelcastInstance() {
+			return Hazelcast4ITestUtils.embeddedHazelcastServer();
+		}
+
+	}
+
+}

spring-session-hazelcast/hazelcast4/src/integration-test/java/org/springframework/session/hazelcast/Hazelcast4ITestUtils.java

@@ -0,0 +1,61 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.hazelcast;
+
+import com.hazelcast.config.AttributeConfig;
+import com.hazelcast.config.Config;
+import com.hazelcast.config.IndexConfig;
+import com.hazelcast.config.IndexType;
+import com.hazelcast.config.NetworkConfig;
+import com.hazelcast.config.SerializerConfig;
+import com.hazelcast.core.Hazelcast;
+import com.hazelcast.core.HazelcastInstance;
+
+import org.springframework.session.MapSession;
+
+/**
+ * Utility class for Hazelcast integration tests.
+ *
+ * @author Eleftheria Stein
+ */
+final class Hazelcast4ITestUtils {
+
+	private Hazelcast4ITestUtils() {
+	}
+
+	/**
+	 * Creates {@link HazelcastInstance} for use in integration tests.
+	 * @return the Hazelcast instance
+	 */
+	static HazelcastInstance embeddedHazelcastServer() {
+		Config config = new Config();
+		NetworkConfig networkConfig = config.getNetworkConfig();
+		networkConfig.setPort(0);
+		networkConfig.getJoin().getMulticastConfig().setEnabled(false);
+		AttributeConfig attributeConfig = new AttributeConfig()
+				.setName(Hazelcast4IndexedSessionRepository.PRINCIPAL_NAME_ATTRIBUTE)
+				.setExtractorClassName(Hazelcast4PrincipalNameExtractor.class.getName());
+		config.getMapConfig(Hazelcast4IndexedSessionRepository.DEFAULT_SESSION_MAP_NAME)
+				.addAttributeConfig(attributeConfig).addIndexConfig(
+						new IndexConfig(IndexType.HASH, Hazelcast4IndexedSessionRepository.PRINCIPAL_NAME_ATTRIBUTE));
+		SerializerConfig serializerConfig = new SerializerConfig();
+		serializerConfig.setImplementation(new HazelcastSessionSerializer()).setTypeClass(MapSession.class);
+		config.getSerializationConfig().addSerializerConfig(serializerConfig);
+		return Hazelcast.newHazelcastInstance(config);
+	}
+
+}

spring-session-hazelcast/hazelcast4/src/integration-test/java/org/springframework/session/hazelcast/SessionEventHazelcast4IndexedSessionRepositoryTests.java

@@ -0,0 +1,218 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.hazelcast;
+
+import java.time.Duration;
+import java.time.Instant;
+
+import com.hazelcast.core.HazelcastInstance;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.session.FindByIndexNameSessionRepository;
+import org.springframework.session.Session;
+import org.springframework.session.SessionRepository;
+import org.springframework.session.events.SessionCreatedEvent;
+import org.springframework.session.events.SessionDeletedEvent;
+import org.springframework.session.events.SessionExpiredEvent;
+import org.springframework.session.hazelcast.config.annotation.web.http.EnableHazelcastHttpSession;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.context.web.WebAppConfiguration;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * Ensure that the appropriate SessionEvents are fired at the expected times. Additionally
+ * ensure that the interactions with the {@link SessionRepository} abstraction behave as
+ * expected after each SessionEvent.
+ *
+ * @author Eleftheria Stein
+ */
+@ExtendWith(SpringExtension.class)
+@ContextConfiguration
+@WebAppConfiguration
+class SessionEventHazelcast4IndexedSessionRepositoryTests<S extends Session> {
+
+	private static final int MAX_INACTIVE_INTERVAL_IN_SECONDS = 1;
+
+	@Autowired
+	private SessionRepository<S> repository;
+
+	@Autowired
+	private SessionEventRegistry registry;
+
+	@BeforeEach
+	void setup() {
+		this.registry.clear();
+	}
+
+	@Test
+	void saveSessionTest() throws InterruptedException {
+		String username = "saves-" + System.currentTimeMillis();
+
+		S sessionToSave = this.repository.createSession();
+
+		String expectedAttributeName = "a";
+		String expectedAttributeValue = "b";
+		sessionToSave.setAttribute(expectedAttributeName, expectedAttributeValue);
+		Authentication toSaveToken = new UsernamePasswordAuthenticationToken(username, "password",
+				AuthorityUtils.createAuthorityList("ROLE_USER"));
+		SecurityContext toSaveContext = SecurityContextHolder.createEmptyContext();
+		toSaveContext.setAuthentication(toSaveToken);
+		sessionToSave.setAttribute("SPRING_SECURITY_CONTEXT", toSaveContext);
+		sessionToSave.setAttribute(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME, username);
+
+		this.repository.save(sessionToSave);
+
+		assertThat(this.registry.receivedEvent(sessionToSave.getId())).isTrue();
+		assertThat(this.registry.<SessionCreatedEvent>getEvent(sessionToSave.getId()))
+				.isInstanceOf(SessionCreatedEvent.class);
+
+		Session session = this.repository.findById(sessionToSave.getId());
+
+		assertThat(session.getId()).isEqualTo(sessionToSave.getId());
+		assertThat(session.getAttributeNames()).isEqualTo(sessionToSave.getAttributeNames());
+		assertThat(session.<String>getAttribute(expectedAttributeName))
+				.isEqualTo(sessionToSave.getAttribute(expectedAttributeName));
+	}
+
+	@Test
+	void expiredSessionTest() throws InterruptedException {
+		S sessionToSave = this.repository.createSession();
+
+		this.repository.save(sessionToSave);
+
+		assertThat(this.registry.receivedEvent(sessionToSave.getId())).isTrue();
+		assertThat(this.registry.<SessionCreatedEvent>getEvent(sessionToSave.getId()))
+				.isInstanceOf(SessionCreatedEvent.class);
+		this.registry.clear();
+
+		assertThat(sessionToSave.getMaxInactiveInterval())
+				.isEqualTo(Duration.ofSeconds(MAX_INACTIVE_INTERVAL_IN_SECONDS));
+
+		assertThat(this.registry.receivedEvent(sessionToSave.getId())).isTrue();
+		assertThat(this.registry.<SessionExpiredEvent>getEvent(sessionToSave.getId()))
+				.isInstanceOf(SessionExpiredEvent.class);
+
+		assertThat(this.repository.findById(sessionToSave.getId())).isNull();
+	}
+
+	@Test
+	void deletedSessionTest() throws InterruptedException {
+		S sessionToSave = this.repository.createSession();
+
+		this.repository.save(sessionToSave);
+
+		assertThat(this.registry.receivedEvent(sessionToSave.getId())).isTrue();
+		assertThat(this.registry.<SessionCreatedEvent>getEvent(sessionToSave.getId()))
+				.isInstanceOf(SessionCreatedEvent.class);
+		this.registry.clear();
+
+		this.repository.deleteById(sessionToSave.getId());
+
+		assertThat(this.registry.receivedEvent(sessionToSave.getId())).isTrue();
+		assertThat(this.registry.<SessionDeletedEvent>getEvent(sessionToSave.getId()))
+				.isInstanceOf(SessionDeletedEvent.class);
+
+		assertThat(this.repository.findById(sessionToSave.getId())).isNull();
+	}
+
+	@Test
+	void saveUpdatesTimeToLiveTest() throws InterruptedException {
+		S sessionToSave = this.repository.createSession();
+		sessionToSave.setMaxInactiveInterval(Duration.ofSeconds(3));
+		this.repository.save(sessionToSave);
+
+		Thread.sleep(2000);
+
+		// Get and save the session like SessionRepositoryFilter would.
+		S sessionToUpdate = this.repository.findById(sessionToSave.getId());
+		sessionToUpdate.setLastAccessedTime(Instant.now());
+		this.repository.save(sessionToUpdate);
+
+		Thread.sleep(2000);
+
+		assertThat(this.repository.findById(sessionToUpdate.getId())).isNotNull();
+	}
+
+	@Test // gh-1077
+	void changeSessionIdNoEventTest() throws InterruptedException {
+		S sessionToSave = this.repository.createSession();
+		sessionToSave.setMaxInactiveInterval(Duration.ofMinutes(30));
+
+		this.repository.save(sessionToSave);
+
+		assertThat(this.registry.receivedEvent(sessionToSave.getId())).isTrue();
+		assertThat(this.registry.<SessionCreatedEvent>getEvent(sessionToSave.getId()))
+				.isInstanceOf(SessionCreatedEvent.class);
+		this.registry.clear();
+
+		sessionToSave.changeSessionId();
+		this.repository.save(sessionToSave);
+
+		assertThat(this.registry.receivedEvent(sessionToSave.getId())).isFalse();
+	}
+
+	@Test // gh-1300
+	void updateMaxInactiveIntervalTest() throws InterruptedException {
+		S sessionToSave = this.repository.createSession();
+		sessionToSave.setMaxInactiveInterval(Duration.ofMinutes(30));
+		this.repository.save(sessionToSave);
+
+		assertThat(this.registry.receivedEvent(sessionToSave.getId())).isTrue();
+		assertThat(this.registry.<SessionCreatedEvent>getEvent(sessionToSave.getId()))
+				.isInstanceOf(SessionCreatedEvent.class);
+		this.registry.clear();
+
+		S sessionToUpdate = this.repository.findById(sessionToSave.getId());
+		sessionToUpdate.setLastAccessedTime(Instant.now());
+		sessionToUpdate.setMaxInactiveInterval(Duration.ofSeconds(1));
+		this.repository.save(sessionToUpdate);
+
+		assertThat(this.registry.receivedEvent(sessionToUpdate.getId())).isTrue();
+		assertThat(this.registry.<SessionExpiredEvent>getEvent(sessionToUpdate.getId()))
+				.isInstanceOf(SessionExpiredEvent.class);
+		assertThat(this.repository.findById(sessionToUpdate.getId())).isNull();
+	}
+
+	@Configuration
+	@EnableHazelcastHttpSession(maxInactiveIntervalInSeconds = MAX_INACTIVE_INTERVAL_IN_SECONDS)
+	static class HazelcastSessionConfig {
+
+		@Bean
+		HazelcastInstance embeddedHazelcast() {
+			return Hazelcast4ITestUtils.embeddedHazelcastServer();
+		}
+
+		@Bean
+		SessionEventRegistry sessionEventRegistry() {
+			return new SessionEventRegistry();
+		}
+
+	}
+
+}

spring-session-hazelcast/hazelcast4/src/integration-test/java/org/springframework/session/hazelcast/SessionEventRegistry.java

@@ -0,0 +1,72 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.hazelcast;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ConcurrentMap;
+
+import org.springframework.context.ApplicationListener;
+import org.springframework.session.events.AbstractSessionEvent;
+
+class SessionEventRegistry implements ApplicationListener<AbstractSessionEvent> {
+
+	private Map<String, AbstractSessionEvent> events = new HashMap<>();
+
+	private ConcurrentMap<String, Object> locks = new ConcurrentHashMap<>();
+
+	@Override
+	public void onApplicationEvent(AbstractSessionEvent event) {
+		String sessionId = event.getSessionId();
+		this.events.put(sessionId, event);
+		Object lock = getLock(sessionId);
+		synchronized (lock) {
+			lock.notifyAll();
+		}
+	}
+
+	void clear() {
+		this.events.clear();
+		this.locks.clear();
+	}
+
+	boolean receivedEvent(String sessionId) throws InterruptedException {
+		return waitForEvent(sessionId) != null;
+	}
+
+	@SuppressWarnings("unchecked")
+	<E extends AbstractSessionEvent> E getEvent(String sessionId) throws InterruptedException {
+		return (E) waitForEvent(sessionId);
+	}
+
+	@SuppressWarnings("unchecked")
+	private <E extends AbstractSessionEvent> E waitForEvent(String sessionId) throws InterruptedException {
+		Object lock = getLock(sessionId);
+		synchronized (lock) {
+			if (!this.events.containsKey(sessionId)) {
+				lock.wait(10000);
+			}
+		}
+		return (E) this.events.get(sessionId);
+	}
+
+	private Object getLock(String sessionId) {
+		return this.locks.computeIfAbsent(sessionId, (k) -> new Object());
+	}
+
+}

spring-session-hazelcast/hazelcast4/src/integration-test/resources/hazelcast-server.xml

@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<hazelcast xmlns="http://www.hazelcast.com/schema/config"
+		xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+		xsi:schemaLocation="http://www.hazelcast.com/schema/config https://www.hazelcast.com/schema/config/hazelcast-config-4.0.xsd">
+
+	<network>
+		<join>
+			<multicast enabled="false"/>
+		</join>
+	</network>
+
+	<user-code-deployment enabled="true">
+		<class-cache-mode>ETERNAL</class-cache-mode>
+		<provider-mode>LOCAL_AND_CACHED_CLASSES</provider-mode>
+	</user-code-deployment>
+
+</hazelcast>

spring-session-hazelcast/hazelcast4/src/integration-test/resources/testcontainers.properties

@@ -0,0 +1 @@
+ryuk.container.timeout=120

spring-session-hazelcast/hazelcast4/src/main/java/org/springframework/session/hazelcast/Hazelcast4IndexedSessionRepository.java

@@ -0,0 +1,486 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.hazelcast;
+
+import java.time.Duration;
+import java.time.Instant;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+import java.util.UUID;
+import java.util.concurrent.TimeUnit;
+
+import javax.annotation.PostConstruct;
+import javax.annotation.PreDestroy;
+
+import com.hazelcast.core.EntryEvent;
+import com.hazelcast.core.HazelcastInstance;
+import com.hazelcast.map.IMap;
+import com.hazelcast.map.listener.EntryAddedListener;
+import com.hazelcast.map.listener.EntryEvictedListener;
+import com.hazelcast.map.listener.EntryExpiredListener;
+import com.hazelcast.map.listener.EntryRemovedListener;
+import com.hazelcast.query.Predicates;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import org.springframework.context.ApplicationEventPublisher;
+import org.springframework.session.DelegatingIndexResolver;
+import org.springframework.session.FindByIndexNameSessionRepository;
+import org.springframework.session.FlushMode;
+import org.springframework.session.IndexResolver;
+import org.springframework.session.MapSession;
+import org.springframework.session.PrincipalNameIndexResolver;
+import org.springframework.session.SaveMode;
+import org.springframework.session.Session;
+import org.springframework.session.events.AbstractSessionEvent;
+import org.springframework.session.events.SessionCreatedEvent;
+import org.springframework.session.events.SessionDeletedEvent;
+import org.springframework.session.events.SessionExpiredEvent;
+import org.springframework.util.Assert;
+import org.springframework.util.ClassUtils;
+
+/**
+ * A {@link org.springframework.session.SessionRepository} implementation using Hazelcast
+ * 4 that stores sessions in Hazelcast's distributed {@link IMap}.
+ *
+ * <p>
+ * An example of how to create a new instance can be seen below:
+ *
+ * <pre class="code">
+ * Config config = new Config();
+ *
+ * // ... configure Hazelcast ...
+ *
+ * HazelcastInstance hazelcastInstance = Hazelcast.newHazelcastInstance(config);
+ *
+ * Hazelcast4IndexedSessionRepository sessionRepository =
+ *         new Hazelcast4IndexedSessionRepository(hazelcastInstance);
+ * </pre>
+ *
+ * In order to support finding sessions by principal name using
+ * {@link #findByIndexNameAndIndexValue(String, String)} method, custom configuration of
+ * {@code IMap} supplied to this implementation is required.
+ *
+ * The following snippet demonstrates how to define required configuration using
+ * programmatic Hazelcast Configuration:
+ *
+ * <pre class="code">
+ * AttributeConfig attributeConfig = new AttributeConfig()
+ *         .setName(Hazelcast4IndexedSessionRepository.PRINCIPAL_NAME_ATTRIBUTE)
+ *         .setExtractorClassName(Hazelcast4PrincipalNameExtractor.class.getName());
+ *
+ * Config config = new Config();
+ *
+ * config.getMapConfig(Hazelcast4IndexedSessionRepository.DEFAULT_SESSION_MAP_NAME)
+ *         .addAttributeConfig(attributeConfig)
+ *         .addIndexConfig(new IndexConfig(
+ *                 IndexType.HASH,
+ *                 Hazelcast4IndexedSessionRepository.PRINCIPAL_NAME_ATTRIBUTE));
+ *
+ * Hazelcast.newHazelcastInstance(config);
+ * </pre>
+ *
+ * This implementation listens for events on the Hazelcast-backed SessionRepository and
+ * translates those events into the corresponding Spring Session events. Publish the
+ * Spring Session events with the given {@link ApplicationEventPublisher}.
+ *
+ * <ul>
+ * <li>entryAdded - {@link SessionCreatedEvent}</li>
+ * <li>entryEvicted - {@link SessionExpiredEvent}</li>
+ * <li>entryExpired - {@link SessionExpiredEvent}</li>
+ * <li>entryRemoved - {@link SessionDeletedEvent}</li>
+ * </ul>
+ *
+ * @author Eleftheria Stein
+ * @since 2.4.0
+ */
+public class Hazelcast4IndexedSessionRepository
+		implements FindByIndexNameSessionRepository<Hazelcast4IndexedSessionRepository.HazelcastSession>,
+		EntryAddedListener<String, MapSession>, EntryEvictedListener<String, MapSession>,
+		EntryRemovedListener<String, MapSession>, EntryExpiredListener<String, MapSession> {
+
+	/**
+	 * The default name of map used by Spring Session to store sessions.
+	 */
+	public static final String DEFAULT_SESSION_MAP_NAME = "spring:session:sessions";
+
+	/**
+	 * The principal name custom attribute name.
+	 */
+	public static final String PRINCIPAL_NAME_ATTRIBUTE = "principalName";
+
+	private static final String SPRING_SECURITY_CONTEXT = "SPRING_SECURITY_CONTEXT";
+
+	private static final boolean SUPPORTS_SET_TTL = ClassUtils.hasAtLeastOneMethodWithName(IMap.class, "setTtl");
+
+	private static final Log logger = LogFactory.getLog(Hazelcast4IndexedSessionRepository.class);
+
+	private final HazelcastInstance hazelcastInstance;
+
+	private ApplicationEventPublisher eventPublisher = (event) -> {
+	};
+
+	/**
+	 * If non-null, this value is used to override
+	 * {@link MapSession#setMaxInactiveInterval(Duration)}.
+	 */
+	private Integer defaultMaxInactiveInterval;
+
+	private IndexResolver<Session> indexResolver = new DelegatingIndexResolver<>(new PrincipalNameIndexResolver<>());
+
+	private String sessionMapName = DEFAULT_SESSION_MAP_NAME;
+
+	private FlushMode flushMode = FlushMode.ON_SAVE;
+
+	private SaveMode saveMode = SaveMode.ON_SET_ATTRIBUTE;
+
+	private IMap<String, MapSession> sessions;
+
+	private UUID sessionListenerId;
+
+	/**
+	 * Create a new {@link Hazelcast4IndexedSessionRepository} instance.
+	 * @param hazelcastInstance the {@link HazelcastInstance} to use for managing sessions
+	 */
+	public Hazelcast4IndexedSessionRepository(HazelcastInstance hazelcastInstance) {
+		Assert.notNull(hazelcastInstance, "HazelcastInstance must not be null");
+		this.hazelcastInstance = hazelcastInstance;
+	}
+
+	@PostConstruct
+	public void init() {
+		this.sessions = this.hazelcastInstance.getMap(this.sessionMapName);
+		this.sessionListenerId = this.sessions.addEntryListener(this, true);
+	}
+
+	@PreDestroy
+	public void close() {
+		this.sessions.removeEntryListener(this.sessionListenerId);
+	}
+
+	/**
+	 * Sets the {@link ApplicationEventPublisher} that is used to publish
+	 * {@link AbstractSessionEvent session events}. The default is to not publish session
+	 * events.
+	 * @param applicationEventPublisher the {@link ApplicationEventPublisher} that is used
+	 * to publish session events. Cannot be null.
+	 */
+	public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
+		Assert.notNull(applicationEventPublisher, "ApplicationEventPublisher cannot be null");
+		this.eventPublisher = applicationEventPublisher;
+	}
+
+	/**
+	 * Set the maximum inactive interval in seconds between requests before newly created
+	 * sessions will be invalidated. A negative time indicates that the session will never
+	 * timeout. The default is 1800 (30 minutes).
+	 * @param defaultMaxInactiveInterval the maximum inactive interval in seconds
+	 */
+	public void setDefaultMaxInactiveInterval(Integer defaultMaxInactiveInterval) {
+		this.defaultMaxInactiveInterval = defaultMaxInactiveInterval;
+	}
+
+	/**
+	 * Set the {@link IndexResolver} to use.
+	 * @param indexResolver the index resolver
+	 */
+	public void setIndexResolver(IndexResolver<Session> indexResolver) {
+		Assert.notNull(indexResolver, "indexResolver cannot be null");
+		this.indexResolver = indexResolver;
+	}
+
+	/**
+	 * Set the name of map used to store sessions.
+	 * @param sessionMapName the session map name
+	 */
+	public void setSessionMapName(String sessionMapName) {
+		Assert.hasText(sessionMapName, "Map name must not be empty");
+		this.sessionMapName = sessionMapName;
+	}
+
+	/**
+	 * Sets the Hazelcast flush mode. Default flush mode is {@link FlushMode#ON_SAVE}.
+	 * @param flushMode the new Hazelcast flush mode
+	 */
+	public void setFlushMode(FlushMode flushMode) {
+		Assert.notNull(flushMode, "flushMode cannot be null");
+		this.flushMode = flushMode;
+	}
+
+	/**
+	 * Set the save mode.
+	 * @param saveMode the save mode
+	 */
+	public void setSaveMode(SaveMode saveMode) {
+		Assert.notNull(saveMode, "saveMode must not be null");
+		this.saveMode = saveMode;
+	}
+
+	@Override
+	public HazelcastSession createSession() {
+		MapSession cached = new MapSession();
+		if (this.defaultMaxInactiveInterval != null) {
+			cached.setMaxInactiveInterval(Duration.ofSeconds(this.defaultMaxInactiveInterval));
+		}
+		HazelcastSession session = new HazelcastSession(cached, true);
+		session.flushImmediateIfNecessary();
+		return session;
+	}
+
+	@Override
+	public void save(HazelcastSession session) {
+		if (session.isNew) {
+			this.sessions.set(session.getId(), session.getDelegate(), session.getMaxInactiveInterval().getSeconds(),
+					TimeUnit.SECONDS);
+		}
+		else if (session.sessionIdChanged) {
+			this.sessions.delete(session.originalId);
+			session.originalId = session.getId();
+			this.sessions.set(session.getId(), session.getDelegate(), session.getMaxInactiveInterval().getSeconds(),
+					TimeUnit.SECONDS);
+		}
+		else if (session.hasChanges()) {
+			Hazelcast4SessionUpdateEntryProcessor entryProcessor = new Hazelcast4SessionUpdateEntryProcessor();
+			if (session.lastAccessedTimeChanged) {
+				entryProcessor.setLastAccessedTime(session.getLastAccessedTime());
+			}
+			if (session.maxInactiveIntervalChanged) {
+				if (SUPPORTS_SET_TTL) {
+					updateTtl(session);
+				}
+				entryProcessor.setMaxInactiveInterval(session.getMaxInactiveInterval());
+			}
+			if (!session.delta.isEmpty()) {
+				entryProcessor.setDelta(new HashMap<>(session.delta));
+			}
+			this.sessions.executeOnKey(session.getId(), entryProcessor);
+		}
+		session.clearChangeFlags();
+	}
+
+	private void updateTtl(HazelcastSession session) {
+		this.sessions.setTtl(session.getId(), session.getMaxInactiveInterval().getSeconds(), TimeUnit.SECONDS);
+	}
+
+	@Override
+	public HazelcastSession findById(String id) {
+		MapSession saved = this.sessions.get(id);
+		if (saved == null) {
+			return null;
+		}
+		if (saved.isExpired()) {
+			deleteById(saved.getId());
+			return null;
+		}
+		return new HazelcastSession(saved, false);
+	}
+
+	@Override
+	public void deleteById(String id) {
+		this.sessions.remove(id);
+	}
+
+	@Override
+	public Map<String, HazelcastSession> findByIndexNameAndIndexValue(String indexName, String indexValue) {
+		if (!PRINCIPAL_NAME_INDEX_NAME.equals(indexName)) {
+			return Collections.emptyMap();
+		}
+		Collection<MapSession> sessions = this.sessions.values(Predicates.equal(PRINCIPAL_NAME_ATTRIBUTE, indexValue));
+		Map<String, HazelcastSession> sessionMap = new HashMap<>(sessions.size());
+		for (MapSession session : sessions) {
+			sessionMap.put(session.getId(), new HazelcastSession(session, false));
+		}
+		return sessionMap;
+	}
+
+	@Override
+	public void entryAdded(EntryEvent<String, MapSession> event) {
+		MapSession session = event.getValue();
+		if (session.getId().equals(session.getOriginalId())) {
+			if (logger.isDebugEnabled()) {
+				logger.debug("Session created with id: " + session.getId());
+			}
+			this.eventPublisher.publishEvent(new SessionCreatedEvent(this, session));
+		}
+	}
+
+	@Override
+	public void entryEvicted(EntryEvent<String, MapSession> event) {
+		if (logger.isDebugEnabled()) {
+			logger.debug("Session expired with id: " + event.getOldValue().getId());
+		}
+		this.eventPublisher.publishEvent(new SessionExpiredEvent(this, event.getOldValue()));
+	}
+
+	@Override
+	public void entryRemoved(EntryEvent<String, MapSession> event) {
+		MapSession session = event.getOldValue();
+		if (session != null) {
+			if (logger.isDebugEnabled()) {
+				logger.debug("Session deleted with id: " + session.getId());
+			}
+			this.eventPublisher.publishEvent(new SessionDeletedEvent(this, session));
+		}
+	}
+
+	@Override
+	public void entryExpired(EntryEvent<String, MapSession> event) {
+		if (logger.isDebugEnabled()) {
+			logger.debug("Session expired with id: " + event.getOldValue().getId());
+		}
+		this.eventPublisher.publishEvent(new SessionExpiredEvent(this, event.getOldValue()));
+	}
+
+	/**
+	 * A custom implementation of {@link Session} that uses a {@link MapSession} as the
+	 * basis for its mapping. It keeps track if changes have been made since last save.
+	 *
+	 * @author Aleksandar Stojsavljevic
+	 */
+	final class HazelcastSession implements Session {
+
+		private final MapSession delegate;
+
+		private boolean isNew;
+
+		private boolean sessionIdChanged;
+
+		private boolean lastAccessedTimeChanged;
+
+		private boolean maxInactiveIntervalChanged;
+
+		private String originalId;
+
+		private Map<String, Object> delta = new HashMap<>();
+
+		HazelcastSession(MapSession cached, boolean isNew) {
+			this.delegate = cached;
+			this.isNew = isNew;
+			this.originalId = cached.getId();
+			if (this.isNew || (Hazelcast4IndexedSessionRepository.this.saveMode == SaveMode.ALWAYS)) {
+				getAttributeNames()
+						.forEach((attributeName) -> this.delta.put(attributeName, cached.getAttribute(attributeName)));
+			}
+		}
+
+		@Override
+		public void setLastAccessedTime(Instant lastAccessedTime) {
+			this.delegate.setLastAccessedTime(lastAccessedTime);
+			this.lastAccessedTimeChanged = true;
+			flushImmediateIfNecessary();
+		}
+
+		@Override
+		public boolean isExpired() {
+			return this.delegate.isExpired();
+		}
+
+		@Override
+		public Instant getCreationTime() {
+			return this.delegate.getCreationTime();
+		}
+
+		@Override
+		public String getId() {
+			return this.delegate.getId();
+		}
+
+		@Override
+		public String changeSessionId() {
+			String newSessionId = this.delegate.changeSessionId();
+			this.sessionIdChanged = true;
+			return newSessionId;
+		}
+
+		@Override
+		public Instant getLastAccessedTime() {
+			return this.delegate.getLastAccessedTime();
+		}
+
+		@Override
+		public void setMaxInactiveInterval(Duration interval) {
+			this.delegate.setMaxInactiveInterval(interval);
+			this.maxInactiveIntervalChanged = true;
+			flushImmediateIfNecessary();
+		}
+
+		@Override
+		public Duration getMaxInactiveInterval() {
+			return this.delegate.getMaxInactiveInterval();
+		}
+
+		@Override
+		public <T> T getAttribute(String attributeName) {
+			T attributeValue = this.delegate.getAttribute(attributeName);
+			if (attributeValue != null
+					&& Hazelcast4IndexedSessionRepository.this.saveMode.equals(SaveMode.ON_GET_ATTRIBUTE)) {
+				this.delta.put(attributeName, attributeValue);
+			}
+			return attributeValue;
+		}
+
+		@Override
+		public Set<String> getAttributeNames() {
+			return this.delegate.getAttributeNames();
+		}
+
+		@Override
+		public void setAttribute(String attributeName, Object attributeValue) {
+			this.delegate.setAttribute(attributeName, attributeValue);
+			this.delta.put(attributeName, attributeValue);
+			if (SPRING_SECURITY_CONTEXT.equals(attributeName)) {
+				Map<String, String> indexes = Hazelcast4IndexedSessionRepository.this.indexResolver
+						.resolveIndexesFor(this);
+				String principal = (attributeValue != null) ? indexes.get(PRINCIPAL_NAME_INDEX_NAME) : null;
+				this.delegate.setAttribute(PRINCIPAL_NAME_INDEX_NAME, principal);
+			}
+			flushImmediateIfNecessary();
+		}
+
+		@Override
+		public void removeAttribute(String attributeName) {
+			setAttribute(attributeName, null);
+		}
+
+		MapSession getDelegate() {
+			return this.delegate;
+		}
+
+		boolean hasChanges() {
+			return (this.lastAccessedTimeChanged || this.maxInactiveIntervalChanged || !this.delta.isEmpty());
+		}
+
+		void clearChangeFlags() {
+			this.isNew = false;
+			this.lastAccessedTimeChanged = false;
+			this.sessionIdChanged = false;
+			this.maxInactiveIntervalChanged = false;
+			this.delta.clear();
+		}
+
+		private void flushImmediateIfNecessary() {
+			if (Hazelcast4IndexedSessionRepository.this.flushMode == FlushMode.IMMEDIATE) {
+				Hazelcast4IndexedSessionRepository.this.save(this);
+			}
+		}
+
+	}
+
+}

spring-session-hazelcast/hazelcast4/src/main/java/org/springframework/session/hazelcast/Hazelcast4PrincipalNameExtractor.java

@@ -0,0 +1,43 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.hazelcast;
+
+import com.hazelcast.query.extractor.ValueCollector;
+import com.hazelcast.query.extractor.ValueExtractor;
+
+import org.springframework.session.FindByIndexNameSessionRepository;
+import org.springframework.session.MapSession;
+
+/**
+ * Hazelcast {@link ValueExtractor} responsible for extracting principal name from the
+ * {@link MapSession} to be used with Hazelcast 4.
+ *
+ * @author Eleftheria Stein
+ * @since 2.4.0
+ */
+public class Hazelcast4PrincipalNameExtractor implements ValueExtractor<MapSession, String> {
+
+	@Override
+	@SuppressWarnings("unchecked")
+	public void extract(MapSession target, String argument, ValueCollector collector) {
+		String principalName = target.getAttribute(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME);
+		if (principalName != null) {
+			collector.addObject(principalName);
+		}
+	}
+
+}

spring-session-hazelcast/hazelcast4/src/main/java/org/springframework/session/hazelcast/Hazelcast4SessionUpdateEntryProcessor.java

@@ -0,0 +1,88 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.hazelcast;
+
+import java.time.Duration;
+import java.time.Instant;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
+
+import com.hazelcast.map.EntryProcessor;
+import com.hazelcast.map.ExtendedMapEntry;
+
+import org.springframework.session.MapSession;
+
+/**
+ * Hazelcast {@link EntryProcessor} responsible for handling updates to session when using
+ * Hazelcast 4.
+ *
+ * @author Eleftheria Stein
+ * @since 2.4.0
+ */
+public class Hazelcast4SessionUpdateEntryProcessor implements EntryProcessor<String, MapSession, Object> {
+
+	private Instant lastAccessedTime;
+
+	private Duration maxInactiveInterval;
+
+	private Map<String, Object> delta;
+
+	@Override
+	public Object process(Map.Entry<String, MapSession> entry) {
+		MapSession value = entry.getValue();
+		if (value == null) {
+			return Boolean.FALSE;
+		}
+		if (this.lastAccessedTime != null) {
+			value.setLastAccessedTime(this.lastAccessedTime);
+		}
+		if (this.maxInactiveInterval != null) {
+			value.setMaxInactiveInterval(this.maxInactiveInterval);
+		}
+		if (this.delta != null) {
+			for (final Map.Entry<String, Object> attribute : this.delta.entrySet()) {
+				if (attribute.getValue() != null) {
+					value.setAttribute(attribute.getKey(), attribute.getValue());
+				}
+				else {
+					value.removeAttribute(attribute.getKey());
+				}
+			}
+		}
+		if (this.maxInactiveInterval != null) {
+			((ExtendedMapEntry<String, MapSession>) entry).setValue(value, this.maxInactiveInterval.getSeconds(),
+					TimeUnit.SECONDS);
+		}
+		else {
+			entry.setValue(value);
+		}
+		return Boolean.TRUE;
+	}
+
+	void setLastAccessedTime(Instant lastAccessedTime) {
+		this.lastAccessedTime = lastAccessedTime;
+	}
+
+	void setMaxInactiveInterval(Duration maxInactiveInterval) {
+		this.maxInactiveInterval = maxInactiveInterval;
+	}
+
+	void setDelta(Map<String, Object> delta) {
+		this.delta = delta;
+	}
+
+}

spring-session-hazelcast/hazelcast4/src/test/java/org/springframework/session/hazelcast/Hazelcast4IndexedSessionRepositoryTests.java

@@ -0,0 +1,472 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.hazelcast;
+
+import java.time.Duration;
+import java.time.Instant;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
+
+import com.hazelcast.core.HazelcastInstance;
+import com.hazelcast.map.EntryProcessor;
+import com.hazelcast.map.IMap;
+import com.hazelcast.map.listener.MapListener;
+import com.hazelcast.query.impl.predicates.EqualPredicate;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.mockito.ArgumentCaptor;
+
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.session.FindByIndexNameSessionRepository;
+import org.springframework.session.FlushMode;
+import org.springframework.session.MapSession;
+import org.springframework.session.SaveMode;
+import org.springframework.session.hazelcast.Hazelcast4IndexedSessionRepository.HazelcastSession;
+import org.springframework.test.util.ReflectionTestUtils;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyBoolean;
+import static org.mockito.ArgumentMatchers.anyLong;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.ArgumentMatchers.isA;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyZeroInteractions;
+
+/**
+ * Tests for {@link Hazelcast4IndexedSessionRepository}.
+ *
+ * @author Eleftheria Stein
+ */
+class Hazelcast4IndexedSessionRepositoryTests {
+
+	private static final String SPRING_SECURITY_CONTEXT = "SPRING_SECURITY_CONTEXT";
+
+	private HazelcastInstance hazelcastInstance = mock(HazelcastInstance.class);
+
+	@SuppressWarnings("unchecked")
+	private IMap<String, MapSession> sessions = mock(IMap.class);
+
+	private Hazelcast4IndexedSessionRepository repository;
+
+	@BeforeEach
+	void setUp() {
+		given(this.hazelcastInstance.<String, MapSession>getMap(anyString())).willReturn(this.sessions);
+		this.repository = new Hazelcast4IndexedSessionRepository(this.hazelcastInstance);
+		this.repository.init();
+	}
+
+	@Test
+	void constructorNullHazelcastInstance() {
+		assertThatIllegalArgumentException().isThrownBy(() -> new Hazelcast4IndexedSessionRepository(null))
+				.withMessage("HazelcastInstance must not be null");
+	}
+
+	@Test
+	void setSaveModeNull() {
+		assertThatIllegalArgumentException().isThrownBy(() -> this.repository.setSaveMode(null))
+				.withMessage("saveMode must not be null");
+	}
+
+	@Test
+	void createSessionDefaultMaxInactiveInterval() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		HazelcastSession session = this.repository.createSession();
+
+		assertThat(session.getMaxInactiveInterval()).isEqualTo(new MapSession().getMaxInactiveInterval());
+		verifyZeroInteractions(this.sessions);
+	}
+
+	@Test
+	void createSessionCustomMaxInactiveInterval() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		int interval = 1;
+		this.repository.setDefaultMaxInactiveInterval(interval);
+
+		HazelcastSession session = this.repository.createSession();
+
+		assertThat(session.getMaxInactiveInterval()).isEqualTo(Duration.ofSeconds(interval));
+		verifyZeroInteractions(this.sessions);
+	}
+
+	@Test
+	void saveNewFlushModeOnSave() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		HazelcastSession session = this.repository.createSession();
+		verifyZeroInteractions(this.sessions);
+
+		this.repository.save(session);
+		verify(this.sessions, times(1)).set(eq(session.getId()), eq(session.getDelegate()), isA(Long.class),
+				eq(TimeUnit.SECONDS));
+		verifyZeroInteractions(this.sessions);
+	}
+
+	@Test
+	void saveNewFlushModeImmediate() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		this.repository.setFlushMode(FlushMode.IMMEDIATE);
+
+		HazelcastSession session = this.repository.createSession();
+		verify(this.sessions, times(1)).set(eq(session.getId()), eq(session.getDelegate()), isA(Long.class),
+				eq(TimeUnit.SECONDS));
+		verifyZeroInteractions(this.sessions);
+	}
+
+	@Test
+	void saveUpdatedAttributeFlushModeOnSave() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		HazelcastSession session = this.repository.createSession();
+		session.setAttribute("testName", "testValue");
+		verifyZeroInteractions(this.sessions);
+
+		this.repository.save(session);
+		verify(this.sessions, times(1)).set(eq(session.getId()), eq(session.getDelegate()), isA(Long.class),
+				eq(TimeUnit.SECONDS));
+		verifyZeroInteractions(this.sessions);
+	}
+
+	@Test
+	void saveUpdatedAttributeFlushModeImmediate() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		this.repository.setFlushMode(FlushMode.IMMEDIATE);
+
+		HazelcastSession session = this.repository.createSession();
+		session.setAttribute("testName", "testValue");
+		verify(this.sessions, times(1)).set(eq(session.getId()), eq(session.getDelegate()), isA(Long.class),
+				eq(TimeUnit.SECONDS));
+		verify(this.sessions, times(1)).executeOnKey(eq(session.getId()), any(EntryProcessor.class));
+
+		this.repository.save(session);
+		verifyZeroInteractions(this.sessions);
+	}
+
+	@Test
+	void removeAttributeFlushModeOnSave() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		HazelcastSession session = this.repository.createSession();
+		session.removeAttribute("testName");
+		verifyZeroInteractions(this.sessions);
+
+		this.repository.save(session);
+		verify(this.sessions, times(1)).set(eq(session.getId()), eq(session.getDelegate()), isA(Long.class),
+				eq(TimeUnit.SECONDS));
+		verifyZeroInteractions(this.sessions);
+	}
+
+	@Test
+	void removeAttributeFlushModeImmediate() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		this.repository.setFlushMode(FlushMode.IMMEDIATE);
+
+		HazelcastSession session = this.repository.createSession();
+		session.removeAttribute("testName");
+		verify(this.sessions, times(1)).set(eq(session.getId()), eq(session.getDelegate()), isA(Long.class),
+				eq(TimeUnit.SECONDS));
+		verify(this.sessions, times(1)).executeOnKey(eq(session.getId()), any(EntryProcessor.class));
+
+		this.repository.save(session);
+		verifyZeroInteractions(this.sessions);
+	}
+
+	@Test
+	void saveUpdatedLastAccessedTimeFlushModeOnSave() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		HazelcastSession session = this.repository.createSession();
+		session.setLastAccessedTime(Instant.now());
+		verifyZeroInteractions(this.sessions);
+
+		this.repository.save(session);
+		verify(this.sessions, times(1)).set(eq(session.getId()), eq(session.getDelegate()), isA(Long.class),
+				eq(TimeUnit.SECONDS));
+		verifyZeroInteractions(this.sessions);
+	}
+
+	@Test
+	void saveUpdatedLastAccessedTimeFlushModeImmediate() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		this.repository.setFlushMode(FlushMode.IMMEDIATE);
+
+		HazelcastSession session = this.repository.createSession();
+		session.setLastAccessedTime(Instant.now());
+		verify(this.sessions, times(1)).set(eq(session.getId()), eq(session.getDelegate()), isA(Long.class),
+				eq(TimeUnit.SECONDS));
+		verify(this.sessions, times(1)).executeOnKey(eq(session.getId()), any(EntryProcessor.class));
+
+		this.repository.save(session);
+		verifyZeroInteractions(this.sessions);
+	}
+
+	@Test
+	void saveUpdatedMaxInactiveIntervalInSecondsFlushModeOnSave() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		HazelcastSession session = this.repository.createSession();
+		session.setMaxInactiveInterval(Duration.ofSeconds(1));
+		verifyZeroInteractions(this.sessions);
+
+		this.repository.save(session);
+		verify(this.sessions, times(1)).set(eq(session.getId()), eq(session.getDelegate()), isA(Long.class),
+				eq(TimeUnit.SECONDS));
+		verifyZeroInteractions(this.sessions);
+	}
+
+	@Test
+	void saveUpdatedMaxInactiveIntervalInSecondsFlushModeImmediate() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		this.repository.setFlushMode(FlushMode.IMMEDIATE);
+
+		HazelcastSession session = this.repository.createSession();
+		String sessionId = session.getId();
+		session.setMaxInactiveInterval(Duration.ofSeconds(1));
+		verify(this.sessions, times(1)).set(eq(sessionId), eq(session.getDelegate()), isA(Long.class),
+				eq(TimeUnit.SECONDS));
+		verify(this.sessions).setTtl(eq(sessionId), anyLong(), any());
+		verify(this.sessions, times(1)).executeOnKey(eq(sessionId), any(EntryProcessor.class));
+
+		this.repository.save(session);
+		verifyZeroInteractions(this.sessions);
+	}
+
+	@Test
+	void saveUnchangedFlushModeOnSave() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		HazelcastSession session = this.repository.createSession();
+		this.repository.save(session);
+		verify(this.sessions, times(1)).set(eq(session.getId()), eq(session.getDelegate()), isA(Long.class),
+				eq(TimeUnit.SECONDS));
+
+		this.repository.save(session);
+		verifyZeroInteractions(this.sessions);
+	}
+
+	@Test
+	void saveUnchangedFlushModeImmediate() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		this.repository.setFlushMode(FlushMode.IMMEDIATE);
+
+		HazelcastSession session = this.repository.createSession();
+		verify(this.sessions, times(1)).set(eq(session.getId()), eq(session.getDelegate()), isA(Long.class),
+				eq(TimeUnit.SECONDS));
+
+		this.repository.save(session);
+		verifyZeroInteractions(this.sessions);
+	}
+
+	@Test
+	void getSessionNotFound() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		String sessionId = "testSessionId";
+
+		HazelcastSession session = this.repository.findById(sessionId);
+
+		assertThat(session).isNull();
+		verify(this.sessions, times(1)).get(eq(sessionId));
+		verifyZeroInteractions(this.sessions);
+	}
+
+	@Test
+	void getSessionExpired() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		MapSession expired = new MapSession();
+		expired.setLastAccessedTime(Instant.now().minusSeconds(MapSession.DEFAULT_MAX_INACTIVE_INTERVAL_SECONDS + 1));
+		given(this.sessions.get(eq(expired.getId()))).willReturn(expired);
+
+		HazelcastSession session = this.repository.findById(expired.getId());
+
+		assertThat(session).isNull();
+		verify(this.sessions, times(1)).get(eq(expired.getId()));
+		verify(this.sessions, times(1)).remove(eq(expired.getId()));
+		verifyZeroInteractions(this.sessions);
+	}
+
+	@Test
+	void getSessionFound() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		MapSession saved = new MapSession();
+		saved.setAttribute("savedName", "savedValue");
+		given(this.sessions.get(eq(saved.getId()))).willReturn(saved);
+
+		HazelcastSession session = this.repository.findById(saved.getId());
+
+		assertThat(session.getId()).isEqualTo(saved.getId());
+		assertThat(session.<String>getAttribute("savedName")).isEqualTo("savedValue");
+		verify(this.sessions, times(1)).get(eq(saved.getId()));
+		verifyZeroInteractions(this.sessions);
+	}
+
+	@Test
+	void delete() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		String sessionId = "testSessionId";
+
+		this.repository.deleteById(sessionId);
+
+		verify(this.sessions, times(1)).remove(eq(sessionId));
+		verifyZeroInteractions(this.sessions);
+	}
+
+	@Test
+	void findByIndexNameAndIndexValueUnknownIndexName() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		String indexValue = "testIndexValue";
+
+		Map<String, HazelcastSession> sessions = this.repository.findByIndexNameAndIndexValue("testIndexName",
+				indexValue);
+
+		assertThat(sessions).isEmpty();
+		verifyZeroInteractions(this.sessions);
+	}
+
+	@Test
+	void findByIndexNameAndIndexValuePrincipalIndexNameNotFound() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		String principal = "username";
+
+		Map<String, HazelcastSession> sessions = this.repository
+				.findByIndexNameAndIndexValue(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME, principal);
+
+		assertThat(sessions).isEmpty();
+		verify(this.sessions, times(1)).values(isA(EqualPredicate.class));
+		verifyZeroInteractions(this.sessions);
+	}
+
+	@Test
+	void findByIndexNameAndIndexValuePrincipalIndexNameFound() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		String principal = "username";
+		Authentication authentication = new UsernamePasswordAuthenticationToken(principal, "notused",
+				AuthorityUtils.createAuthorityList("ROLE_USER"));
+		List<MapSession> saved = new ArrayList<>(2);
+		MapSession saved1 = new MapSession();
+		saved1.setAttribute(SPRING_SECURITY_CONTEXT, authentication);
+		saved.add(saved1);
+		MapSession saved2 = new MapSession();
+		saved2.setAttribute(SPRING_SECURITY_CONTEXT, authentication);
+		saved.add(saved2);
+		given(this.sessions.values(isA(EqualPredicate.class))).willReturn(saved);
+
+		Map<String, HazelcastSession> sessions = this.repository
+				.findByIndexNameAndIndexValue(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME, principal);
+
+		assertThat(sessions).hasSize(2);
+		verify(this.sessions, times(1)).values(isA(EqualPredicate.class));
+		verifyZeroInteractions(this.sessions);
+	}
+
+	@Test // gh-1120
+	void getAttributeNamesAndRemove() {
+		HazelcastSession session = this.repository.createSession();
+		session.setAttribute("attribute1", "value1");
+		session.setAttribute("attribute2", "value2");
+
+		for (String attributeName : session.getAttributeNames()) {
+			session.removeAttribute(attributeName);
+		}
+
+		assertThat(session.getAttributeNames()).isEmpty();
+	}
+
+	@Test
+	@SuppressWarnings("unchecked")
+	void saveWithSaveModeOnSetAttribute() {
+		verify(this.sessions).addEntryListener(any(MapListener.class), anyBoolean());
+		this.repository.setSaveMode(SaveMode.ON_SET_ATTRIBUTE);
+		MapSession delegate = new MapSession();
+		delegate.setAttribute("attribute1", "value1");
+		delegate.setAttribute("attribute2", "value2");
+		delegate.setAttribute("attribute3", "value3");
+		HazelcastSession session = this.repository.new HazelcastSession(delegate, false);
+		session.getAttribute("attribute2");
+		session.setAttribute("attribute3", "value4");
+		this.repository.save(session);
+		ArgumentCaptor<Hazelcast4SessionUpdateEntryProcessor> captor = ArgumentCaptor
+				.forClass(Hazelcast4SessionUpdateEntryProcessor.class);
+		verify(this.sessions).executeOnKey(eq(session.getId()), captor.capture());
+		assertThat((Map<String, Object>) ReflectionTestUtils.getField(captor.getValue(), "delta")).hasSize(1);
+		verifyZeroInteractions(this.sessions);
+	}
+
+	@Test
+	@SuppressWarnings("unchecked")
+	void saveWithSaveModeOnGetAttribute() {
+		verify(this.sessions).addEntryListener(any(MapListener.class), anyBoolean());
+		this.repository.setSaveMode(SaveMode.ON_GET_ATTRIBUTE);
+		MapSession delegate = new MapSession();
+		delegate.setAttribute("attribute1", "value1");
+		delegate.setAttribute("attribute2", "value2");
+		delegate.setAttribute("attribute3", "value3");
+		HazelcastSession session = this.repository.new HazelcastSession(delegate, false);
+		session.getAttribute("attribute2");
+		session.setAttribute("attribute3", "value4");
+		this.repository.save(session);
+		ArgumentCaptor<Hazelcast4SessionUpdateEntryProcessor> captor = ArgumentCaptor
+				.forClass(Hazelcast4SessionUpdateEntryProcessor.class);
+		verify(this.sessions).executeOnKey(eq(session.getId()), captor.capture());
+		assertThat((Map<String, Object>) ReflectionTestUtils.getField(captor.getValue(), "delta")).hasSize(2);
+		verifyZeroInteractions(this.sessions);
+	}
+
+	@Test
+	@SuppressWarnings("unchecked")
+	void saveWithSaveModeAlways() {
+		verify(this.sessions).addEntryListener(any(MapListener.class), anyBoolean());
+		this.repository.setSaveMode(SaveMode.ALWAYS);
+		MapSession delegate = new MapSession();
+		delegate.setAttribute("attribute1", "value1");
+		delegate.setAttribute("attribute2", "value2");
+		delegate.setAttribute("attribute3", "value3");
+		HazelcastSession session = this.repository.new HazelcastSession(delegate, false);
+		session.getAttribute("attribute2");
+		session.setAttribute("attribute3", "value4");
+		this.repository.save(session);
+		ArgumentCaptor<Hazelcast4SessionUpdateEntryProcessor> captor = ArgumentCaptor
+				.forClass(Hazelcast4SessionUpdateEntryProcessor.class);
+		verify(this.sessions).executeOnKey(eq(session.getId()), captor.capture());
+		assertThat((Map<String, Object>) ReflectionTestUtils.getField(captor.getValue(), "delta")).hasSize(3);
+		verifyZeroInteractions(this.sessions);
+	}
+
+}

spring-session-hazelcast/spring-session-hazelcast.gradle

@@ -1,17 +1,29 @@
 apply plugin: 'io.spring.convention.spring-module'
 
+configurations {
+	hazelcast4
+}
+
 dependencies {
 	compile project(':spring-session-core')
 	compile "com.hazelcast:hazelcast"
 	compile "javax.annotation:javax.annotation-api"
 	compile "org.springframework:spring-context"
 
+	hazelcast4(project(path: ":hazelcast4", configuration: 'classesOnlyElements'))
+	compileOnly(project(":hazelcast4"))
+
 	testCompile "javax.servlet:javax.servlet-api"
 	testCompile "org.springframework:spring-web"
 	testCompile "org.springframework.security:spring-security-core"
 	testCompile "org.junit.jupiter:junit-jupiter-api"
+	testRuntime project(':hazelcast4')
 	testRuntime "org.junit.jupiter:junit-jupiter-engine"
 
 	integrationTestCompile "com.hazelcast:hazelcast-client"
 	integrationTestCompile "org.testcontainers:testcontainers"
 }
+
+jar {
+	from configurations.hazelcast4
+}

spring-session-hazelcast/src/integration-test/java/org/springframework/session/hazelcast/ClientServerHazelcastIndexedSessionRepositoryITests.java

@@ -46,7 +46,7 @@ import org.springframework.test.context.web.WebAppConfiguration;
 @WebAppConfiguration
 class ClientServerHazelcastIndexedSessionRepositoryITests extends AbstractHazelcastIndexedSessionRepositoryITests {
 
-	private static GenericContainer container = new GenericContainer<>("hazelcast/hazelcast:3.12.3")
+	private static GenericContainer container = new GenericContainer<>("hazelcast/hazelcast:3.12.11")
 			.withExposedPorts(5701).withCopyFileToContainer(MountableFile.forClasspathResource("/hazelcast-server.xml"),
 					"/opt/hazelcast/hazelcast.xml");
 

spring-session-hazelcast/src/integration-test/java/org/springframework/session/hazelcast/HazelcastITestUtils.java

@@ -20,9 +20,12 @@ import com.hazelcast.config.Config;
 import com.hazelcast.config.MapAttributeConfig;
 import com.hazelcast.config.MapIndexConfig;
 import com.hazelcast.config.NetworkConfig;
+import com.hazelcast.config.SerializerConfig;
 import com.hazelcast.core.Hazelcast;
 import com.hazelcast.core.HazelcastInstance;
 
+import org.springframework.session.MapSession;
+
 /**
  * Utility class for Hazelcast integration tests.
  *
@@ -48,6 +51,9 @@ final class HazelcastITestUtils {
 		config.getMapConfig(HazelcastIndexedSessionRepository.DEFAULT_SESSION_MAP_NAME)
 				.addMapAttributeConfig(attributeConfig).addMapIndexConfig(
 						new MapIndexConfig(HazelcastIndexedSessionRepository.PRINCIPAL_NAME_ATTRIBUTE, false));
+		SerializerConfig serializerConfig = new SerializerConfig();
+		serializerConfig.setImplementation(new HazelcastSessionSerializer()).setTypeClass(MapSession.class);
+		config.getSerializationConfig().addSerializerConfig(serializerConfig);
 		return Hazelcast.newHazelcastInstance(config);
 	}
 

spring-session-hazelcast/src/main/java/org/springframework/session/hazelcast/HazelcastSessionSerializer.java

@@ -0,0 +1,159 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.hazelcast;
+
+import java.io.EOFException;
+import java.io.IOException;
+import java.time.Duration;
+import java.time.Instant;
+
+import com.hazelcast.nio.ObjectDataInput;
+import com.hazelcast.nio.ObjectDataOutput;
+import com.hazelcast.nio.serialization.StreamSerializer;
+
+import org.springframework.session.MapSession;
+
+/**
+ * A {@link com.hazelcast.nio.serialization.Serializer} implementation that handles the
+ * (de)serialization of {@link MapSession} stored on {@link com.hazelcast.core.IMap}.
+ *
+ * <p>
+ * The use of this serializer is optional and provides faster serialization of sessions.
+ * If not configured to be used, Hazelcast will serialize sessions via
+ * {@link java.io.Serializable} by default.
+ *
+ * <p>
+ * If multiple instances of a Spring application is run, then all of them need to use the
+ * same serialization method. If this serializer is registered on one instance and not
+ * another one, then it will end up with HazelcastSerializationException. The same applies
+ * when clients are configured to use this serializer but not the members, and vice versa.
+ * Also note that, if a new instance is created with this serialization but the existing
+ * Hazelcast cluster contains the values not serialized by this but instead the default
+ * one, this will result in incompatibility again.
+ *
+ * <p>
+ * An example of how to register the serializer on embedded instance can be seen below:
+ *
+ * <pre class="code">
+ * Config config = new Config();
+ *
+ * // ... other configurations for Hazelcast ...
+ *
+ * SerializerConfig serializerConfig = new SerializerConfig();
+ * serializerConfig.setImplementation(new HazelcastSessionSerializer()).setTypeClass(MapSession.class);
+ * config.getSerializationConfig().addSerializerConfig(serializerConfig);
+ *
+ * HazelcastInstance hazelcastInstance = Hazelcast.newHazelcastInstance(config);
+ * </pre>
+ *
+ * Below is the example of how to register the serializer on client instance. Note that,
+ * to use the serializer in client/server mode, the serializer - and hence
+ * {@link MapSession}, must exist on the server's classpath and must be registered via
+ * {@link com.hazelcast.config.SerializerConfig} with the configuration above for each
+ * server.
+ *
+ * <pre class="code">
+ * ClientConfig clientConfig = new ClientConfig();
+ *
+ * // ... other configurations for Hazelcast Client ...
+ *
+ * SerializerConfig serializerConfig = new SerializerConfig();
+ * serializerConfig.setImplementation(new HazelcastSessionSerializer()).setTypeClass(MapSession.class);
+ * clientConfig.getSerializationConfig().addSerializerConfig(serializerConfig);
+ *
+ * HazelcastInstance hazelcastClient = HazelcastClient.newHazelcastClient(clientConfig);
+ * </pre>
+ *
+ * @author Enes Ozcan
+ * @since 2.4.0
+ */
+public class HazelcastSessionSerializer implements StreamSerializer<MapSession> {
+
+	private static final int SERIALIZER_TYPE_ID = 1453;
+
+	@Override
+	public void write(ObjectDataOutput out, MapSession session) throws IOException {
+		out.writeUTF(session.getOriginalId());
+		out.writeUTF(session.getId());
+		writeInstant(out, session.getCreationTime());
+		writeInstant(out, session.getLastAccessedTime());
+		writeDuration(out, session.getMaxInactiveInterval());
+		for (String attrName : session.getAttributeNames()) {
+			Object attrValue = session.getAttribute(attrName);
+			if (attrValue != null) {
+				out.writeUTF(attrName);
+				out.writeObject(attrValue);
+			}
+		}
+	}
+
+	private void writeInstant(ObjectDataOutput out, Instant instant) throws IOException {
+		out.writeLong(instant.getEpochSecond());
+		out.writeInt(instant.getNano());
+	}
+
+	private void writeDuration(ObjectDataOutput out, Duration duration) throws IOException {
+		out.writeLong(duration.getSeconds());
+		out.writeInt(duration.getNano());
+	}
+
+	@Override
+	public MapSession read(ObjectDataInput in) throws IOException {
+		String originalId = in.readUTF();
+		MapSession cached = new MapSession(originalId);
+		cached.setId(in.readUTF());
+		cached.setCreationTime(readInstant(in));
+		cached.setLastAccessedTime(readInstant(in));
+		cached.setMaxInactiveInterval(readDuration(in));
+		try {
+			while (true) {
+				// During write, it's not possible to write
+				// number of non-null attributes without an extra
+				// iteration. Hence the attributes are read until
+				// EOF here.
+				String attrName = in.readUTF();
+				Object attrValue = in.readObject();
+				cached.setAttribute(attrName, attrValue);
+			}
+		}
+		catch (EOFException ignored) {
+		}
+		return cached;
+	}
+
+	private Instant readInstant(ObjectDataInput in) throws IOException {
+		long seconds = in.readLong();
+		int nanos = in.readInt();
+		return Instant.ofEpochSecond(seconds, nanos);
+	}
+
+	private Duration readDuration(ObjectDataInput in) throws IOException {
+		long seconds = in.readLong();
+		int nanos = in.readInt();
+		return Duration.ofSeconds(seconds, nanos);
+	}
+
+	@Override
+	public int getTypeId() {
+		return SERIALIZER_TYPE_ID;
+	}
+
+	@Override
+	public void destroy() {
+	}
+
+}

spring-session-hazelcast/src/main/java/org/springframework/session/hazelcast/config/annotation/web/http/EnableHazelcastHttpSession.java

@@ -33,7 +33,6 @@ import org.springframework.session.Session;
 import org.springframework.session.SessionRepository;
 import org.springframework.session.config.annotation.web.http.EnableSpringHttpSession;
 import org.springframework.session.hazelcast.HazelcastFlushMode;
-import org.springframework.session.hazelcast.HazelcastIndexedSessionRepository;
 import org.springframework.session.web.http.SessionRepositoryFilter;
 
 /**
@@ -81,11 +80,10 @@ public @interface EnableHazelcastHttpSession {
 
 	/**
 	 * This is the name of the Map that will be used in Hazelcast to store the session
-	 * data. Default is
-	 * {@link HazelcastIndexedSessionRepository#DEFAULT_SESSION_MAP_NAME}.
+	 * data. Default is "spring:session:sessions".
 	 * @return the name of the Map to store the sessions in Hazelcast
 	 */
-	String sessionMapName() default HazelcastIndexedSessionRepository.DEFAULT_SESSION_MAP_NAME;
+	String sessionMapName() default "spring:session:sessions";
 
 	/**
 	 * Flush mode for the Hazelcast sessions. The default is {@code ON_SAVE} which only

spring-session-hazelcast/src/main/java/org/springframework/session/hazelcast/config/annotation/web/http/HazelcastHttpSessionConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2020 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -35,12 +35,15 @@ import org.springframework.session.IndexResolver;
 import org.springframework.session.MapSession;
 import org.springframework.session.SaveMode;
 import org.springframework.session.Session;
+import org.springframework.session.SessionRepository;
 import org.springframework.session.config.SessionRepositoryCustomizer;
 import org.springframework.session.config.annotation.web.http.SpringHttpSessionConfiguration;
+import org.springframework.session.hazelcast.Hazelcast4IndexedSessionRepository;
 import org.springframework.session.hazelcast.HazelcastFlushMode;
 import org.springframework.session.hazelcast.HazelcastIndexedSessionRepository;
 import org.springframework.session.hazelcast.config.annotation.SpringSessionHazelcastInstance;
 import org.springframework.session.web.http.SessionRepositoryFilter;
+import org.springframework.util.ClassUtils;
 import org.springframework.util.StringUtils;
 
 /**
@@ -72,23 +75,23 @@ public class HazelcastHttpSessionConfiguration extends SpringHttpSessionConfigur
 
 	private List<SessionRepositoryCustomizer<HazelcastIndexedSessionRepository>> sessionRepositoryCustomizers;
 
+	private List<SessionRepositoryCustomizer<Hazelcast4IndexedSessionRepository>> hazelcast4SessionRepositoryCustomizers;
+
+	private static final boolean hazelcast4;
+
+	static {
+		ClassLoader classLoader = HazelcastHttpSessionConfiguration.class.getClassLoader();
+		hazelcast4 = ClassUtils.isPresent("com.hazelcast.map.IMap", classLoader);
+	}
+
 	@Bean
-	public HazelcastIndexedSessionRepository sessionRepository() {
-		HazelcastIndexedSessionRepository sessionRepository = new HazelcastIndexedSessionRepository(
-				this.hazelcastInstance);
-		sessionRepository.setApplicationEventPublisher(this.applicationEventPublisher);
-		if (this.indexResolver != null) {
-			sessionRepository.setIndexResolver(this.indexResolver);
+	public SessionRepository<?> sessionRepository() {
+		if (hazelcast4) {
+			return createHazelcast4IndexedSessionRepository();
 		}
-		if (StringUtils.hasText(this.sessionMapName)) {
-			sessionRepository.setSessionMapName(this.sessionMapName);
+		else {
+			return createHazelcastIndexedSessionRepository();
 		}
-		sessionRepository.setDefaultMaxInactiveInterval(this.maxInactiveIntervalInSeconds);
-		sessionRepository.setFlushMode(this.flushMode);
-		sessionRepository.setSaveMode(this.saveMode);
-		this.sessionRepositoryCustomizers
-				.forEach((sessionRepositoryCustomizer) -> sessionRepositoryCustomizer.customize(sessionRepository));
-		return sessionRepository;
 	}
 
 	public void setMaxInactiveIntervalInSeconds(int maxInactiveIntervalInSeconds) {
@@ -139,6 +142,13 @@ public class HazelcastHttpSessionConfiguration extends SpringHttpSessionConfigur
 		this.sessionRepositoryCustomizers = sessionRepositoryCustomizers.orderedStream().collect(Collectors.toList());
 	}
 
+	@Autowired(required = false)
+	public void setHazelcast4SessionRepositoryCustomizer(
+			ObjectProvider<SessionRepositoryCustomizer<Hazelcast4IndexedSessionRepository>> sessionRepositoryCustomizers) {
+		this.hazelcast4SessionRepositoryCustomizers = sessionRepositoryCustomizers.orderedStream()
+				.collect(Collectors.toList());
+	}
+
 	@Override
 	@SuppressWarnings("deprecation")
 	public void setImportMetadata(AnnotationMetadata importMetadata) {
@@ -159,4 +169,40 @@ public class HazelcastHttpSessionConfiguration extends SpringHttpSessionConfigur
 		this.saveMode = attributes.getEnum("saveMode");
 	}
 
+	private HazelcastIndexedSessionRepository createHazelcastIndexedSessionRepository() {
+		HazelcastIndexedSessionRepository sessionRepository = new HazelcastIndexedSessionRepository(
+				this.hazelcastInstance);
+		sessionRepository.setApplicationEventPublisher(this.applicationEventPublisher);
+		if (this.indexResolver != null) {
+			sessionRepository.setIndexResolver(this.indexResolver);
+		}
+		if (StringUtils.hasText(this.sessionMapName)) {
+			sessionRepository.setSessionMapName(this.sessionMapName);
+		}
+		sessionRepository.setDefaultMaxInactiveInterval(this.maxInactiveIntervalInSeconds);
+		sessionRepository.setFlushMode(this.flushMode);
+		sessionRepository.setSaveMode(this.saveMode);
+		this.sessionRepositoryCustomizers
+				.forEach((sessionRepositoryCustomizer) -> sessionRepositoryCustomizer.customize(sessionRepository));
+		return sessionRepository;
+	}
+
+	private Hazelcast4IndexedSessionRepository createHazelcast4IndexedSessionRepository() {
+		Hazelcast4IndexedSessionRepository sessionRepository = new Hazelcast4IndexedSessionRepository(
+				this.hazelcastInstance);
+		sessionRepository.setApplicationEventPublisher(this.applicationEventPublisher);
+		if (this.indexResolver != null) {
+			sessionRepository.setIndexResolver(this.indexResolver);
+		}
+		if (StringUtils.hasText(this.sessionMapName)) {
+			sessionRepository.setSessionMapName(this.sessionMapName);
+		}
+		sessionRepository.setDefaultMaxInactiveInterval(this.maxInactiveIntervalInSeconds);
+		sessionRepository.setFlushMode(this.flushMode);
+		sessionRepository.setSaveMode(this.saveMode);
+		this.hazelcast4SessionRepositoryCustomizers
+				.forEach((sessionRepositoryCustomizer) -> sessionRepositoryCustomizer.customize(sessionRepository));
+		return sessionRepository;
+	}
+
 }

spring-session-hazelcast/src/test/java/org/springframework/session/hazelcast/HazelcastSessionSerializerTests.java

@@ -0,0 +1,99 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.hazelcast;
+
+import java.io.Serializable;
+import java.time.Duration;
+import java.time.Instant;
+
+import com.hazelcast.config.SerializationConfig;
+import com.hazelcast.config.SerializerConfig;
+import com.hazelcast.internal.serialization.impl.DefaultSerializationServiceBuilder;
+import com.hazelcast.nio.serialization.Data;
+import com.hazelcast.spi.serialization.SerializationService;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+
+import org.springframework.session.MapSession;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+class HazelcastSessionSerializerTests {
+
+	private SerializationService serializationService;
+
+	@BeforeEach
+	void setUp() {
+		SerializationConfig serializationConfig = new SerializationConfig();
+		SerializerConfig serializerConfig = new SerializerConfig().setImplementation(new HazelcastSessionSerializer())
+				.setTypeClass(MapSession.class);
+		serializationConfig.addSerializerConfig(serializerConfig);
+		this.serializationService = new DefaultSerializationServiceBuilder().setConfig(serializationConfig).build();
+	}
+
+	@Test
+	void serializeSessionWithStreamSerializer() {
+		MapSession originalSession = new MapSession();
+		originalSession.setAttribute("attr1", "value1");
+		originalSession.setAttribute("attr2", "value2");
+		originalSession.setAttribute("attr3", new SerializableTestAttribute(3));
+		originalSession.setMaxInactiveInterval(Duration.ofDays(5));
+		originalSession.setLastAccessedTime(Instant.now());
+		originalSession.setId("custom-id");
+
+		Data serialized = this.serializationService.toData(originalSession);
+		MapSession cached = this.serializationService.toObject(serialized);
+
+		assertThat(originalSession.getCreationTime()).isEqualTo(cached.getCreationTime());
+		assertThat(originalSession.getMaxInactiveInterval()).isEqualTo(cached.getMaxInactiveInterval());
+		assertThat(originalSession.getId()).isEqualTo(cached.getId());
+		assertThat(originalSession.getOriginalId()).isEqualTo(cached.getOriginalId());
+		assertThat(originalSession.getAttributeNames().size()).isEqualTo(cached.getAttributeNames().size());
+		assertThat(originalSession.<String>getAttribute("attr1")).isEqualTo(cached.getAttribute("attr1"));
+		assertThat(originalSession.<String>getAttribute("attr2")).isEqualTo(cached.getAttribute("attr2"));
+		assertThat(originalSession.<SerializableTestAttribute>getAttribute("attr3"))
+				.isEqualTo(cached.getAttribute("attr3"));
+	}
+
+	static class SerializableTestAttribute implements Serializable {
+
+		private int id;
+
+		SerializableTestAttribute(int id) {
+			this.id = id;
+		}
+
+		@Override
+		public boolean equals(Object o) {
+			if (this == o) {
+				return true;
+			}
+			if (!(o instanceof SerializableTestAttribute)) {
+				return false;
+			}
+			SerializableTestAttribute that = (SerializableTestAttribute) o;
+			return this.id == that.id;
+		}
+
+		@Override
+		public int hashCode() {
+			return this.id;
+		}
+
+	}
+
+}

spring-session-jdbc/spring-session-jdbc.gradle

@@ -16,7 +16,7 @@ dependencies {
 	integrationTestCompile "com.h2database:h2"
 	integrationTestCompile "com.ibm.db2:jcc"
 	integrationTestCompile "com.microsoft.sqlserver:mssql-jdbc"
-	integrationTestCompile "com.oracle.ojdbc:ojdbc8"
+	integrationTestCompile "com.oracle.database.jdbc:ojdbc8"
 	integrationTestCompile "com.zaxxer:HikariCP"
 	integrationTestCompile "mysql:mysql-connector-java"
 	integrationTestCompile "org.apache.derby:derby"

spring-session-jdbc/src/main/java/org/springframework/session/jdbc/JdbcIndexedSessionRepository.java

@@ -44,6 +44,7 @@ import org.springframework.jdbc.core.BatchPreparedStatementSetter;
 import org.springframework.jdbc.core.JdbcOperations;
 import org.springframework.jdbc.core.ResultSetExtractor;
 import org.springframework.jdbc.support.lob.DefaultLobHandler;
+import org.springframework.jdbc.support.lob.LobCreator;
 import org.springframework.jdbc.support.lob.LobHandler;
 import org.springframework.session.DelegatingIndexResolver;
 import org.springframework.session.FindByIndexNameSessionRepository;
@@ -103,7 +104,7 @@ import org.springframework.util.StringUtils;
  * );
  *
  * CREATE UNIQUE INDEX SPRING_SESSION_IX1 ON SPRING_SESSION (SESSION_ID);
- * CREATE INDEX SPRING_SESSION_IX1 ON SPRING_SESSION (EXPIRY_TIME);
+ * CREATE INDEX SPRING_SESSION_IX2 ON SPRING_SESSION (EXPIRY_TIME);
  * CREATE INDEX SPRING_SESSION_IX3 ON SPRING_SESSION (PRINCIPAL_NAME);
  *
  * CREATE TABLE SPRING_SESSION_ATTRIBUTES (
@@ -460,63 +461,65 @@ public class JdbcIndexedSessionRepository
 
 	private void insertSessionAttributes(JdbcSession session, List<String> attributeNames) {
 		Assert.notEmpty(attributeNames, "attributeNames must not be null or empty");
-		if (attributeNames.size() > 1) {
-			this.jdbcOperations.batchUpdate(this.createSessionAttributeQuery, new BatchPreparedStatementSetter() {
+		try (LobCreator lobCreator = this.lobHandler.getLobCreator()) {
+			if (attributeNames.size() > 1) {
+				this.jdbcOperations.batchUpdate(this.createSessionAttributeQuery, new BatchPreparedStatementSetter() {
 
-				@Override
-				public void setValues(PreparedStatement ps, int i) throws SQLException {
-					String attributeName = attributeNames.get(i);
+					@Override
+					public void setValues(PreparedStatement ps, int i) throws SQLException {
+						String attributeName = attributeNames.get(i);
+						ps.setString(1, attributeName);
+						lobCreator.setBlobAsBytes(ps, 2, serialize(session.getAttribute(attributeName)));
+						ps.setString(3, session.getId());
+					}
+
+					@Override
+					public int getBatchSize() {
+						return attributeNames.size();
+					}
+
+				});
+			}
+			else {
+				this.jdbcOperations.update(this.createSessionAttributeQuery, (ps) -> {
+					String attributeName = attributeNames.get(0);
 					ps.setString(1, attributeName);
-					getLobHandler().getLobCreator().setBlobAsBytes(ps, 2,
-							serialize(session.getAttribute(attributeName)));
+					lobCreator.setBlobAsBytes(ps, 2, serialize(session.getAttribute(attributeName)));
 					ps.setString(3, session.getId());
-				}
-
-				@Override
-				public int getBatchSize() {
-					return attributeNames.size();
-				}
-
-			});
-		}
-		else {
-			this.jdbcOperations.update(this.createSessionAttributeQuery, (ps) -> {
-				String attributeName = attributeNames.get(0);
-				ps.setString(1, attributeName);
-				getLobHandler().getLobCreator().setBlobAsBytes(ps, 2, serialize(session.getAttribute(attributeName)));
-				ps.setString(3, session.getId());
-			});
+				});
+			}
 		}
 	}
 
 	private void updateSessionAttributes(JdbcSession session, List<String> attributeNames) {
 		Assert.notEmpty(attributeNames, "attributeNames must not be null or empty");
-		if (attributeNames.size() > 1) {
-			this.jdbcOperations.batchUpdate(this.updateSessionAttributeQuery, new BatchPreparedStatementSetter() {
+		try (LobCreator lobCreator = this.lobHandler.getLobCreator()) {
+			if (attributeNames.size() > 1) {
+				this.jdbcOperations.batchUpdate(this.updateSessionAttributeQuery, new BatchPreparedStatementSetter() {
 
-				@Override
-				public void setValues(PreparedStatement ps, int i) throws SQLException {
-					String attributeName = attributeNames.get(i);
-					getLobHandler().getLobCreator().setBlobAsBytes(ps, 1,
-							serialize(session.getAttribute(attributeName)));
+					@Override
+					public void setValues(PreparedStatement ps, int i) throws SQLException {
+						String attributeName = attributeNames.get(i);
+						lobCreator.setBlobAsBytes(ps, 1, serialize(session.getAttribute(attributeName)));
+						ps.setString(2, session.primaryKey);
+						ps.setString(3, attributeName);
+					}
+
+					@Override
+					public int getBatchSize() {
+						return attributeNames.size();
+					}
+
+				});
+			}
+			else {
+				this.jdbcOperations.update(this.updateSessionAttributeQuery, (ps) -> {
+					String attributeName = attributeNames.get(0);
+					lobCreator.setBlobAsBytes(ps, 1, serialize(session.getAttribute(attributeName)));
 					ps.setString(2, session.primaryKey);
 					ps.setString(3, attributeName);
-				}
-
-				@Override
-				public int getBatchSize() {
-					return attributeNames.size();
-				}
-
-			});
-		}
-		else {
-			this.jdbcOperations.update(this.updateSessionAttributeQuery, (ps) -> {
-				String attributeName = attributeNames.get(0);
-				getLobHandler().getLobCreator().setBlobAsBytes(ps, 1, serialize(session.getAttribute(attributeName)));
-				ps.setString(2, session.primaryKey);
-				ps.setString(3, attributeName);
-			});
+				});
+			}
 		}
 	}
 

spring-session-jdbc/src/test/java/org/springframework/session/jdbc/JdbcIndexedSessionRepositoryTests.java

@@ -35,6 +35,8 @@ import org.springframework.jdbc.core.BatchPreparedStatementSetter;
 import org.springframework.jdbc.core.JdbcOperations;
 import org.springframework.jdbc.core.PreparedStatementSetter;
 import org.springframework.jdbc.core.ResultSetExtractor;
+import org.springframework.jdbc.support.lob.DefaultLobHandler;
+import org.springframework.jdbc.support.lob.TemporaryLobCreator;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.AuthorityUtils;
@@ -53,6 +55,8 @@ import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.ArgumentMatchers.isA;
 import static org.mockito.ArgumentMatchers.startsWith;
 import static org.mockito.BDDMockito.given;
+import static org.mockito.Mockito.atLeastOnce;
+import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoMoreInteractions;
@@ -710,4 +714,19 @@ class JdbcIndexedSessionRepositoryTests {
 		verifyNoMoreInteractions(this.jdbcOperations);
 	}
 
+	@Test
+	void saveAndFreeTemporaryLob() {
+		DefaultLobHandler lobHandler = mock(DefaultLobHandler.class);
+		TemporaryLobCreator lobCreator = mock(TemporaryLobCreator.class);
+		given(lobHandler.getLobCreator()).willReturn(lobCreator);
+		lobHandler.setCreateTemporaryLob(true);
+		this.repository.setLobHandler(lobHandler);
+
+		JdbcSession session = this.repository.new JdbcSession(new MapSession(), "primaryKey", false);
+		session.setAttribute("testName", "testValue");
+		this.repository.save(session);
+
+		verify(lobCreator, atLeastOnce()).close();
+	}
+
 }

spring-session-samples/gradle/dependency-management.gradle

@@ -1,23 +1,23 @@
 dependencyManagement {
 	imports {
-		mavenBom 'com.fasterxml.jackson:jackson-bom:2.10.0'
+		mavenBom 'com.fasterxml.jackson:jackson-bom:2.11.3'
 	}
 
 	dependencies {
 		dependency 'ch.qos.logback:logback-classic:1.2.3'
-		dependency 'com.maxmind.geoip2:geoip2:2.3.1'
+		dependency 'com.maxmind.geoip2:geoip2:2.15.0'
 		dependency 'javax.servlet.jsp.jstl:javax.servlet.jsp.jstl-api:1.2.2'
 		dependency 'javax.servlet.jsp:javax.servlet.jsp-api:2.3.3'
 		dependency 'org.apache.taglibs:taglibs-standard-jstlel:1.2.5'
-		dependency 'org.seleniumhq.selenium:htmlunit-driver:2.33.0'
-		dependency 'org.slf4j:jcl-over-slf4j:1.7.28'
-		dependency 'org.slf4j:log4j-over-slf4j:1.7.28'
+		dependency 'org.seleniumhq.selenium:htmlunit-driver:2.44.0'
+		dependency 'org.slf4j:jcl-over-slf4j:1.7.30'
+		dependency 'org.slf4j:log4j-over-slf4j:1.7.30'
 		dependency 'org.webjars:bootstrap:2.3.2'
 		dependency 'org.webjars:html5shiv:3.7.3'
 		dependency 'org.webjars:jquery:1.12.4'
 		dependency 'org.webjars:knockout:2.3.0'
 		dependency 'org.webjars:sockjs-client:0.3.4'
-		dependency 'org.webjars:stomp-websocket:2.3.0'
+		dependency 'org.webjars:stomp-websocket:2.3.3'
 		dependency 'org.webjars:webjars-taglib:0.3'
 	}
 }

spring-session-samples/spring-session-sample-boot-findbyusername/src/integration-test/java/sample/FindByUsernameTests.java

@@ -46,13 +46,15 @@ import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDr
 @SpringBootTest(webEnvironment = WebEnvironment.MOCK)
 class FindByUsernameTests {
 
-	private static final String DOCKER_IMAGE = "redis:5.0.6";
+	private static final String DOCKER_IMAGE = "redis:5.0.10";
 
 	@Autowired
 	private MockMvc mockMvc;
 
 	private WebDriver driver;
 
+	private WebDriver driver2;
+
 	@BeforeEach
 	void setup() {
 		this.driver = MockMvcHtmlUnitDriverBuilder.mockMvcSetup(this.mockMvc).build();
@@ -61,6 +63,9 @@ class FindByUsernameTests {
 	@AfterEach
 	void tearDown() {
 		this.driver.quit();
+		if (this.driver2 != null) {
+			this.driver2.quit();
+		}
 	}
 
 	@Test
@@ -79,6 +84,25 @@ class FindByUsernameTests {
 		home.terminateButtonDisabled();
 	}
 
+	@Test
+	void terminateOtherSession() throws Exception {
+		HomePage forgotToLogout = home(this.driver);
+
+		this.driver2 = MockMvcHtmlUnitDriverBuilder.mockMvcSetup(this.mockMvc).build();
+		HomePage terminateFogotSession = home(this.driver2);
+		terminateFogotSession.terminateSession(forgotToLogout.getSessionId()).assertAt();
+
+		LoginPage login = HomePage.go(this.driver);
+		login.assertAt();
+	}
+
+	private static HomePage home(WebDriver driver) {
+		LoginPage login = HomePage.go(driver);
+		HomePage home = login.form().login(HomePage.class);
+		home.assertAt();
+		return home;
+	}
+
 	@TestConfiguration
 	static class Config {
 

spring-session-samples/spring-session-sample-boot-findbyusername/src/integration-test/java/sample/pages/HomePage.java

@@ -56,6 +56,18 @@ public class HomePage extends BasePage {
 	}
 
 	public void terminateButtonDisabled() {
+		String sessionId = getSessionId();
+		WebElement element = getDriver().findElement(By.id("terminate-" + sessionId));
+		assertThat(element.isEnabled()).isFalse();
+	}
+
+	public HomePage terminateSession(String sessionId) {
+		WebElement terminate = getDriver().findElement(By.id("terminate-" + sessionId));
+		terminate.click();
+		return new HomePage(getDriver());
+	}
+
+	public String getSessionId() {
 		Set<Cookie> cookies = getDriver().manage().getCookies();
 		String cookieValue = null;
 		for (Cookie cookie : cookies) {
@@ -63,8 +75,7 @@ public class HomePage extends BasePage {
 				cookieValue = new String(Base64.getDecoder().decode(cookie.getValue()));
 			}
 		}
-		WebElement element = getDriver().findElement(By.id("terminate-" + cookieValue));
-		assertThat(element.isEnabled()).isFalse();
+		return cookieValue;
 	}
 
 	public HomePage logout() {

spring-session-samples/spring-session-sample-boot-findbyusername/src/main/java/sample/config/SecurityConfig.java

@@ -35,13 +35,14 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.authorizeRequests()
+			.authorizeRequests((authorize) -> authorize
 				.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
 				.anyRequest().authenticated()
-				.and()
-			.formLogin()
+			)
+			.formLogin((formLogin) -> formLogin
 				.loginPage("/login")
-				.permitAll();
+				.permitAll()
+			);
 	}
 	// end::config[]
 	// @formatter:on

spring-session-samples/spring-session-sample-boot-findbyusername/src/main/java/sample/mvc/IndexController.java

@@ -26,8 +26,8 @@ import org.springframework.session.Session;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
 
 /**
  * Controller for sending the user to the login view.
@@ -50,7 +50,7 @@ public class IndexController {
 	}
 	// end::findbyusername[]
 
-	@RequestMapping(value = "/sessions/{sessionIdToDelete}", method = RequestMethod.DELETE)
+	@PostMapping("/sessions/{sessionIdToDelete}")
 	public String removeSession(Principal principal, @PathVariable String sessionIdToDelete) {
 		Set<String> usersSessionIds = this.sessions.findByPrincipalName(principal.getName()).keySet();
 		if (usersSessionIds.contains(sessionIdToDelete)) {

spring-session-samples/spring-session-sample-boot-findbyusername/src/main/resources/templates/index.html

@@ -25,7 +25,7 @@
 				<td th:text="${#temporals.format(sessionElement.lastAccessedTime.atZone(T(java.time.ZoneId).systemDefault()),'dd/MMM/yyyy HH:mm:ss')}"></td>
 				<td th:text="${details?.accessType}"></td>
 				<td>
-					<form th:action="@{'/sessions/' + ${sessionElement.id}}" th:method="delete">
+					<form th:action="@{'/sessions/' + ${sessionElement.id}}" th:method="post">
 						<input th:id="'terminate-' + ${sessionElement.id}" type="submit" value="Terminate" th:disabled="${sessionElement.id == #httpSession.id}"/>
 					</form>
 				</td>

spring-session-samples/spring-session-sample-boot-hazelcast/spring-session-sample-boot-hazelcast.gradle

@@ -0,0 +1,19 @@
+apply plugin: 'io.spring.convention.spring-sample-boot'
+
+dependencies {
+    compile project(':spring-session-hazelcast')
+    compile "org.springframework.boot:spring-boot-starter-web"
+    compile "org.springframework.boot:spring-boot-starter-thymeleaf"
+    compile "org.springframework.boot:spring-boot-starter-security"
+    compile "com.hazelcast:hazelcast-client"
+    compile "nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect"
+    compile "org.webjars:bootstrap"
+    compile "org.webjars:html5shiv"
+    compile "org.webjars:webjars-locator-core"
+
+    testCompile "org.springframework.boot:spring-boot-starter-test"
+    testCompile "org.junit.jupiter:junit-jupiter-api"
+    testRuntime "org.junit.jupiter:junit-jupiter-engine"
+    integrationTestCompile seleniumDependencies
+    integrationTestCompile "org.testcontainers:testcontainers"
+}

spring-session-samples/spring-session-sample-boot-hazelcast/src/integration-test/java/sample/BootTests.java

@@ -0,0 +1,98 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample;
+
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.openqa.selenium.WebDriver;
+import org.testcontainers.containers.GenericContainer;
+import sample.pages.HomePage;
+import sample.pages.LoginPage;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.boot.test.context.TestConfiguration;
+import org.springframework.context.annotation.Bean;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDriverBuilder;
+
+/**
+ * @author Ellie Bahadori
+ */
+@ExtendWith(SpringExtension.class)
+@AutoConfigureMockMvc
+@SpringBootTest(webEnvironment = WebEnvironment.MOCK)
+class BootTests {
+
+	private static final String DOCKER_IMAGE = "hazelcast/hazelcast:latest";
+
+	@Autowired
+	private MockMvc mockMvc;
+
+	private WebDriver driver;
+
+	@BeforeEach
+	void setup() {
+		this.driver = MockMvcHtmlUnitDriverBuilder.mockMvcSetup(this.mockMvc).build();
+	}
+
+	@AfterEach
+	void tearDown() {
+		this.driver.quit();
+	}
+
+	@Test
+	void home() {
+		LoginPage login = HomePage.go(this.driver);
+		login.assertAt();
+	}
+
+	@Test
+	void login() {
+		LoginPage login = HomePage.go(this.driver);
+		HomePage home = login.form().login(HomePage.class);
+		home.assertAt();
+		home.containCookie("SESSION");
+		home.doesNotContainCookie("JSESSIONID");
+	}
+
+	@Test
+	void logout() {
+		LoginPage login = HomePage.go(this.driver);
+		HomePage home = login.form().login(HomePage.class);
+		home.logout();
+		login.assertAt();
+	}
+
+	@TestConfiguration
+	static class Config {
+
+		@Bean
+		GenericContainer hazelcastContainer() {
+			GenericContainer hazelcastContainer = new GenericContainer(DOCKER_IMAGE).withExposedPorts(5701);
+			hazelcastContainer.start();
+			return hazelcastContainer;
+		}
+
+	}
+
+}

spring-session-samples/spring-session-sample-boot-hazelcast/src/integration-test/java/sample/pages/BasePage.java

@@ -0,0 +1,41 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.pages;
+
+import org.openqa.selenium.WebDriver;
+
+/**
+ * @author Ellie Bahadori
+ */
+public class BasePage {
+
+	private WebDriver driver;
+
+	public BasePage(WebDriver driver) {
+		this.driver = driver;
+	}
+
+	public WebDriver getDriver() {
+		return this.driver;
+	}
+
+	public static void get(WebDriver driver, String get) {
+		String baseUrl = "http://localhost";
+		driver.get(baseUrl + get);
+	}
+
+}

spring-session-samples/spring-session-sample-boot-hazelcast/src/integration-test/java/sample/pages/HomePage.java

@@ -0,0 +1,63 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.pages;
+
+import java.util.Set;
+
+import org.openqa.selenium.By;
+import org.openqa.selenium.Cookie;
+import org.openqa.selenium.WebDriver;
+import org.openqa.selenium.WebElement;
+import org.openqa.selenium.support.PageFactory;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * @author Ellie Bahadori
+ */
+public class HomePage extends BasePage {
+
+	public HomePage(WebDriver driver) {
+		super(driver);
+	}
+
+	public static LoginPage go(WebDriver driver) {
+		get(driver, "/");
+		return PageFactory.initElements(driver, LoginPage.class);
+	}
+
+	public void assertAt() {
+		assertThat(getDriver().getTitle()).isEqualTo("Spring Session Sample - Secured Content");
+	}
+
+	public void containCookie(String cookieName) {
+		Set<Cookie> cookies = getDriver().manage().getCookies();
+		assertThat(cookies).extracting("name").contains(cookieName);
+	}
+
+	public void doesNotContainCookie(String cookieName) {
+		Set<Cookie> cookies = getDriver().manage().getCookies();
+		assertThat(cookies).extracting("name").doesNotContain(cookieName);
+	}
+
+	public HomePage logout() {
+		WebElement logout = getDriver().findElement(By.cssSelector("input[type=\"submit\"]"));
+		logout.click();
+		return PageFactory.initElements(getDriver(), HomePage.class);
+	}
+
+}

spring-session-samples/spring-session-sample-boot-hazelcast/src/integration-test/java/sample/pages/LoginPage.java

@@ -0,0 +1,69 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.pages;
+
+import org.openqa.selenium.SearchContext;
+import org.openqa.selenium.WebDriver;
+import org.openqa.selenium.WebElement;
+import org.openqa.selenium.support.FindBy;
+import org.openqa.selenium.support.PageFactory;
+import org.openqa.selenium.support.pagefactory.DefaultElementLocatorFactory;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * @author Ellie Bahadori
+ */
+public class LoginPage extends BasePage {
+
+	public LoginPage(WebDriver driver) {
+		super(driver);
+	}
+
+	public void assertAt() {
+		assertThat(getDriver().getTitle()).isEqualTo("Please sign in");
+	}
+
+	public Form form() {
+		return new Form(getDriver());
+	}
+
+	public class Form {
+
+		@FindBy(name = "username")
+		private WebElement username;
+
+		@FindBy(name = "password")
+		private WebElement password;
+
+		@FindBy(tagName = "button")
+		private WebElement button;
+
+		public Form(SearchContext context) {
+			PageFactory.initElements(new DefaultElementLocatorFactory(context), this);
+		}
+
+		public <T> T login(Class<T> page) {
+			this.username.sendKeys("user");
+			this.password.sendKeys("password");
+			this.button.click();
+			return PageFactory.initElements(getDriver(), page);
+		}
+
+	}
+
+}

spring-session-samples/spring-session-sample-boot-hazelcast/src/integration-test/resources/testcontainers.properties

@@ -0,0 +1 @@
+ryuk.container.timeout=120

spring-session-samples/spring-session-sample-boot-hazelcast/src/main/java/sample/Application.java

@@ -0,0 +1,34 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.cache.annotation.EnableCaching;
+
+/**
+ * @author Ellie Bahadori
+ */
+@EnableCaching
+@SpringBootApplication
+public class Application {
+
+	public static void main(String[] args) {
+		SpringApplication.run(Application.class, args);
+	}
+
+}

spring-session-samples/spring-session-sample-boot-hazelcast/src/main/java/sample/config/IndexController.java

@@ -0,0 +1,30 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.config;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+@Controller
+public class IndexController {
+
+	@RequestMapping("/")
+	public String index() {
+		return "index";
+	}
+
+}

spring-session-samples/spring-session-sample-boot-hazelcast/src/main/java/sample/config/SecurityConfig.java

@@ -0,0 +1,48 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.config;
+
+import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+/**
+ * Spring Security configuration.
+ *
+ * @author Ellie Bahadori
+ */
+@Configuration
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+	// @formatter:off
+	// tag::config[]
+	@Override
+	protected void configure(HttpSecurity http) throws Exception {
+		http
+			.authorizeRequests((authorize) -> authorize
+				.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
+				.anyRequest().authenticated()
+			)
+			.formLogin((formLogin) -> formLogin
+				.permitAll()
+			);
+	}
+	// end::config[]
+	// @formatter:on
+
+}

spring-session-samples/spring-session-sample-boot-hazelcast/src/main/java/sample/config/SessionConfig.java

@@ -0,0 +1,56 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.config;
+
+import com.hazelcast.config.Config;
+import com.hazelcast.config.MapAttributeConfig;
+import com.hazelcast.config.MapIndexConfig;
+import com.hazelcast.config.NetworkConfig;
+import com.hazelcast.config.SerializerConfig;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.session.MapSession;
+import org.springframework.session.hazelcast.HazelcastIndexedSessionRepository;
+import org.springframework.session.hazelcast.HazelcastSessionSerializer;
+import org.springframework.session.hazelcast.PrincipalNameExtractor;
+
+// tag::class[]
+@Configuration
+public class SessionConfig {
+
+	@Bean
+	public Config clientConfig() {
+		Config config = new Config();
+		NetworkConfig networkConfig = config.getNetworkConfig();
+		networkConfig.setPort(0);
+		networkConfig.getJoin().getMulticastConfig().setEnabled(false);
+		MapAttributeConfig attributeConfig = new MapAttributeConfig()
+				.setName(HazelcastIndexedSessionRepository.PRINCIPAL_NAME_ATTRIBUTE)
+				.setExtractor(PrincipalNameExtractor.class.getName());
+		config.getMapConfig(HazelcastIndexedSessionRepository.DEFAULT_SESSION_MAP_NAME)
+				.addMapAttributeConfig(attributeConfig).addMapIndexConfig(
+						new MapIndexConfig(HazelcastIndexedSessionRepository.PRINCIPAL_NAME_ATTRIBUTE, false));
+		SerializerConfig serializerConfig = new SerializerConfig();
+		serializerConfig.setImplementation(new HazelcastSessionSerializer()).setTypeClass(MapSession.class);
+		config.getSerializationConfig().addSerializerConfig(serializerConfig);
+		return config;
+
+	}
+
+}
+// end::class[]

spring-session-samples/spring-session-sample-boot-hazelcast/src/main/resources/application.properties

@@ -0,0 +1 @@
+spring.security.user.password=password

spring-session-samples/spring-session-sample-boot-hazelcast/src/main/resources/templates/index.html

@@ -0,0 +1,11 @@
+<html xmlns:th="https://www.thymeleaf.org" xmlns:layout="https://github.com/ultraq/thymeleaf-layout-dialect" layout:decorate="~{layout}">
+<head>
+	<title>Secured Content</title>
+</head>
+<body>
+	<div layout:fragment="content">
+		<h1>Secured Page</h1>
+		<p>This page is secured using Spring Boot, Spring Session, and Spring Security.</p>
+	</div>
+</body>
+</html>

spring-session-samples/spring-session-sample-boot-hazelcast/src/main/resources/templates/layout.html

@@ -0,0 +1,122 @@
+<!DOCTYPE html SYSTEM "https://www.thymeleaf.org/dtd/xhtml1-strict-thymeleaf-spring4-3.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"
+			xmlns:th="https://www.thymeleaf.org"
+			xmlns:layout="https://github.com/ultraq/thymeleaf-layout-dialect">
+	<head>
+		<title layout:title-pattern="$LAYOUT_TITLE - $CONTENT_TITLE">Spring Session Sample</title>
+		<link rel="icon" type="image/x-icon" th:href="@{/favicon.ico}" href="../static/favicon.ico"/>
+		<link th:href="@{/webjars/bootstrap/css/bootstrap.min.css}" href="/webjars/bootstrap/css/bootstrap.min.css" rel="stylesheet"></link>
+		<style type="text/css">
+			/* Sticky footer styles
+			-------------------------------------------------- */
+
+			html,
+			body {
+				height: 100%;
+				/* The html and body elements cannot have any padding or margin. */
+			}
+
+			/* Wrapper for page content to push down footer */
+			#wrap {
+				min-height: 100%;
+				height: auto !important;
+				height: 100%;
+				/* Negative indent footer by it's height */
+				margin: 0 auto -60px;
+			}
+
+			/* Set the fixed height of the footer here */
+			#push,
+			#footer {
+				height: 60px;
+			}
+			#footer {
+				background-color: #f5f5f5;
+			}
+
+			/* Lastly, apply responsive CSS fixes as necessary */
+			@media (max-width: 767px) {
+				#footer {
+					margin-left: -20px;
+					margin-right: -20px;
+					padding-left: 20px;
+					padding-right: 20px;
+				}
+			}
+
+
+
+			/* Custom page CSS
+			-------------------------------------------------- */
+			/* Not required for template or sticky footer method. */
+
+			.container {
+				width: auto;
+				max-width: 680px;
+			}
+			.container .credit {
+				margin: 20px 0;
+				text-align: center;
+			}
+			a {
+					color: green;
+			}
+			.navbar-form {
+				margin-left: 1em;
+			}
+		</style>
+		<link th:href="@{/webjars/bootstrap/css/bootstrap-responsive.min.css}" href="/webjars/bootstrap/css/bootstrap-responsive.min.css" rel="stylesheet"></link>
+
+		<!-- HTML5 shim, for IE6-8 support of HTML5 elements -->
+		<!--[if lt IE 9]>
+			<script th:src="@{/webjars/html5shiv/html5shiv.min.js}" src="/webjars/html5shiv/html5shiv.min.js"></script>
+		<![endif]-->
+	</head>
+
+
+	<body>
+		<div id="wrap">
+			<div class="navbar navbar-inverse navbar-static-top">
+				<div class="navbar-inner">
+					<div class="container">
+						<a class="brand" th:href="@{/}"><img th:src="@{/images/logo.png}" alt="Spring Security Sample"/></a>
+
+<div class="nav-collapse collapse"
+		th:with="currentUser=${#httpServletRequest.userPrincipal?.principal}">
+	<div th:if="${currentUser != null}">
+			<form class="navbar-form pull-right" th:action="@{/logout}" method="post">
+					<input type="submit" value="Log out" />
+			</form>
+			<p id="un" class="navbar-text pull-right" th:text="${currentUser.username}">
+				sample_user
+			</p>
+	</div>
+	<ul class="nav">
+	</ul>
+</div>
+
+				</div>
+			</div>
+		</div>
+			<!-- Begin page content -->
+			<div class="container">
+				<div class="alert alert-success"
+							th:if="${globalMessage}"
+							th:text="${globalMessage}">
+						Some Success message
+				</div>
+				<div layout:fragment="content">
+						Fake content
+				</div>
+			</div>
+
+			<div id="push"><!--  --></div>
+		</div>
+
+		<div id="footer">
+			<div class="container">
+				<p class="muted credit">Visit the <a href="https://projects.spring.io/spring-session/">Spring Session</a> site for more <a href="https://github.com/spring-projects/spring-session/tree/master/spring-session-samples">samples</a>.</p>
+			</div>
+		</div>
+	</body>
+</html>

spring-session-samples/spring-session-sample-boot-hazelcast4/spring-session-sample-boot-hazelcast4.gradle

@@ -0,0 +1,20 @@
+apply plugin: 'io.spring.convention.spring-sample-boot'
+
+dependencies {
+    compile project(':spring-session-hazelcast')
+    compile project(':hazelcast4')
+    compile "org.springframework.boot:spring-boot-starter-web"
+    compile "org.springframework.boot:spring-boot-starter-thymeleaf"
+    compile "org.springframework.boot:spring-boot-starter-security"
+    compile "com.hazelcast:hazelcast:4.0.3"
+    compile "nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect"
+    compile "org.webjars:bootstrap"
+    compile "org.webjars:html5shiv"
+    compile "org.webjars:webjars-locator-core"
+
+    testCompile "org.springframework.boot:spring-boot-starter-test"
+    testCompile "org.junit.jupiter:junit-jupiter-api"
+    testRuntime "org.junit.jupiter:junit-jupiter-engine"
+    integrationTestCompile seleniumDependencies
+    integrationTestCompile "org.testcontainers:testcontainers"
+}

spring-session-samples/spring-session-sample-boot-hazelcast4/src/integration-test/java/sample/BootTests.java

@@ -0,0 +1,95 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample;
+
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.openqa.selenium.WebDriver;
+import org.testcontainers.containers.GenericContainer;
+import sample.pages.HomePage;
+import sample.pages.LoginPage;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.boot.test.context.TestConfiguration;
+import org.springframework.context.annotation.Bean;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDriverBuilder;
+
+@ExtendWith(SpringExtension.class)
+@AutoConfigureMockMvc
+@SpringBootTest(webEnvironment = WebEnvironment.MOCK)
+class BootTests {
+
+	private static final String DOCKER_IMAGE = "hazelcast/hazelcast:latest";
+
+	@Autowired
+	private MockMvc mockMvc;
+
+	private WebDriver driver;
+
+	@BeforeEach
+	void setup() {
+		this.driver = MockMvcHtmlUnitDriverBuilder.mockMvcSetup(this.mockMvc).build();
+	}
+
+	@AfterEach
+	void tearDown() {
+		this.driver.quit();
+	}
+
+	@Test
+	void home() {
+		LoginPage login = HomePage.go(this.driver);
+		login.assertAt();
+	}
+
+	@Test
+	void login() {
+		LoginPage login = HomePage.go(this.driver);
+		HomePage home = login.form().login(HomePage.class);
+		home.assertAt();
+		home.containCookie("SESSION");
+		home.doesNotContainCookie("JSESSIONID");
+	}
+
+	@Test
+	void logout() {
+		LoginPage login = HomePage.go(this.driver);
+		HomePage home = login.form().login(HomePage.class);
+		home.logout();
+		login.assertAt();
+	}
+
+	@TestConfiguration
+	static class Config {
+
+		@Bean
+		GenericContainer hazelcastContainer() {
+			GenericContainer hazelcastContainer = new GenericContainer(DOCKER_IMAGE).withExposedPorts(5701);
+			hazelcastContainer.start();
+			return hazelcastContainer;
+		}
+
+	}
+
+}

spring-session-samples/spring-session-sample-boot-hazelcast4/src/integration-test/java/sample/pages/BasePage.java

@@ -0,0 +1,38 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.pages;
+
+import org.openqa.selenium.WebDriver;
+
+public class BasePage {
+
+	private WebDriver driver;
+
+	public BasePage(WebDriver driver) {
+		this.driver = driver;
+	}
+
+	public WebDriver getDriver() {
+		return this.driver;
+	}
+
+	public static void get(WebDriver driver, String get) {
+		String baseUrl = "http://localhost";
+		driver.get(baseUrl + get);
+	}
+
+}

spring-session-samples/spring-session-sample-boot-hazelcast4/src/integration-test/java/sample/pages/HomePage.java

@@ -0,0 +1,60 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.pages;
+
+import java.util.Set;
+
+import org.openqa.selenium.By;
+import org.openqa.selenium.Cookie;
+import org.openqa.selenium.WebDriver;
+import org.openqa.selenium.WebElement;
+import org.openqa.selenium.support.PageFactory;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+public class HomePage extends BasePage {
+
+	public HomePage(WebDriver driver) {
+		super(driver);
+	}
+
+	public static LoginPage go(WebDriver driver) {
+		get(driver, "/");
+		return PageFactory.initElements(driver, LoginPage.class);
+	}
+
+	public void assertAt() {
+		assertThat(getDriver().getTitle()).isEqualTo("Spring Session Sample - Secured Content");
+	}
+
+	public void containCookie(String cookieName) {
+		Set<Cookie> cookies = getDriver().manage().getCookies();
+		assertThat(cookies).extracting("name").contains(cookieName);
+	}
+
+	public void doesNotContainCookie(String cookieName) {
+		Set<Cookie> cookies = getDriver().manage().getCookies();
+		assertThat(cookies).extracting("name").doesNotContain(cookieName);
+	}
+
+	public HomePage logout() {
+		WebElement logout = getDriver().findElement(By.cssSelector("input[type=\"submit\"]"));
+		logout.click();
+		return PageFactory.initElements(getDriver(), HomePage.class);
+	}
+
+}

spring-session-samples/spring-session-sample-boot-hazelcast4/src/integration-test/java/sample/pages/LoginPage.java

@@ -0,0 +1,66 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.pages;
+
+import org.openqa.selenium.SearchContext;
+import org.openqa.selenium.WebDriver;
+import org.openqa.selenium.WebElement;
+import org.openqa.selenium.support.FindBy;
+import org.openqa.selenium.support.PageFactory;
+import org.openqa.selenium.support.pagefactory.DefaultElementLocatorFactory;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+public class LoginPage extends BasePage {
+
+	public LoginPage(WebDriver driver) {
+		super(driver);
+	}
+
+	public void assertAt() {
+		assertThat(getDriver().getTitle()).isEqualTo("Please sign in");
+	}
+
+	public Form form() {
+		return new Form(getDriver());
+	}
+
+	public class Form {
+
+		@FindBy(name = "username")
+		private WebElement username;
+
+		@FindBy(name = "password")
+		private WebElement password;
+
+		@FindBy(tagName = "button")
+		private WebElement button;
+
+		public Form(SearchContext context) {
+			PageFactory.initElements(new DefaultElementLocatorFactory(context), this);
+		}
+
+		public <T> T login(Class<T> page) {
+			this.username.sendKeys("user");
+			this.password.sendKeys("password");
+			this.button.click();
+			return PageFactory.initElements(getDriver(), page);
+		}
+
+	}
+
+}

spring-session-samples/spring-session-sample-boot-hazelcast4/src/integration-test/resources/testcontainers.properties

@@ -0,0 +1 @@
+ryuk.container.timeout=120

spring-session-samples/spring-session-sample-boot-hazelcast4/src/main/java/sample/Application.java

@@ -0,0 +1,31 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.cache.annotation.EnableCaching;
+
+@EnableCaching
+@SpringBootApplication
+public class Application {
+
+	public static void main(String[] args) {
+		SpringApplication.run(Application.class, args);
+	}
+
+}

spring-session-samples/spring-session-sample-boot-hazelcast4/src/main/java/sample/config/IndexController.java

@@ -0,0 +1,30 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.config;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+@Controller
+public class IndexController {
+
+	@RequestMapping("/")
+	public String index() {
+		return "index";
+	}
+
+}

spring-session-samples/spring-session-sample-boot-hazelcast4/src/main/java/sample/config/SecurityConfig.java

@@ -0,0 +1,43 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.config;
+
+import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@Configuration
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+	// @formatter:off
+	// tag::config[]
+	@Override
+	protected void configure(HttpSecurity http) throws Exception {
+		http
+			.authorizeRequests((authorize) -> authorize
+				.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
+				.anyRequest().authenticated()
+			)
+			.formLogin((formLogin) -> formLogin
+				.permitAll()
+			);
+	}
+	// end::config[]
+	// @formatter:on
+
+}

spring-session-samples/spring-session-sample-boot-hazelcast4/src/main/java/sample/config/SessionConfig.java

@@ -0,0 +1,57 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.config;
+
+import com.hazelcast.config.AttributeConfig;
+import com.hazelcast.config.Config;
+import com.hazelcast.config.IndexConfig;
+import com.hazelcast.config.IndexType;
+import com.hazelcast.config.NetworkConfig;
+import com.hazelcast.config.SerializerConfig;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.session.MapSession;
+import org.springframework.session.hazelcast.Hazelcast4IndexedSessionRepository;
+import org.springframework.session.hazelcast.Hazelcast4PrincipalNameExtractor;
+import org.springframework.session.hazelcast.HazelcastSessionSerializer;
+
+// tag::class[]
+@Configuration
+public class SessionConfig {
+
+	@Bean
+	public Config clientConfig() {
+		Config config = new Config();
+		NetworkConfig networkConfig = config.getNetworkConfig();
+		networkConfig.setPort(0);
+		networkConfig.getJoin().getMulticastConfig().setEnabled(false);
+		AttributeConfig attributeConfig = new AttributeConfig()
+				.setName(Hazelcast4IndexedSessionRepository.PRINCIPAL_NAME_ATTRIBUTE)
+				.setExtractorClassName(Hazelcast4PrincipalNameExtractor.class.getName());
+		config.getMapConfig(Hazelcast4IndexedSessionRepository.DEFAULT_SESSION_MAP_NAME)
+				.addAttributeConfig(attributeConfig).addIndexConfig(
+						new IndexConfig(IndexType.HASH, Hazelcast4IndexedSessionRepository.PRINCIPAL_NAME_ATTRIBUTE));
+		SerializerConfig serializerConfig = new SerializerConfig();
+		serializerConfig.setImplementation(new HazelcastSessionSerializer()).setTypeClass(MapSession.class);
+		config.getSerializationConfig().addSerializerConfig(serializerConfig);
+		return config;
+
+	}
+
+}
+// end::class[]

spring-session-samples/spring-session-sample-boot-hazelcast4/src/main/resources/application.properties

@@ -0,0 +1 @@
+spring.security.user.password=password