Release 2.5.0-RC2

* Migrate the module's code back into this project.
* Fold the documentation in.
* Update to current Gradle conventions.
* Reformat to match styling.

gradle.properties

@@ -1,3 +1,3 @@
 org.gradle.jvmargs=-Xmx2g -XX:MaxMetaspaceSize=512m -XX:+HeapDumpOnOutOfMemoryError -Dfile.encoding=UTF-8
 org.gradle.parallel=true
-version=2.6.0-RC1
+version=2.6.0-RC2

gradle/dependency-management.gradle

@@ -1,6 +1,7 @@
 dependencyManagement {
 	imports {
 		mavenBom 'io.projectreactor:reactor-bom:2020.0.12'
+		mavenBom 'com.fasterxml.jackson:jackson-bom:2.11.2'
 		mavenBom 'org.junit:junit-bom:5.8.1'
 		mavenBom 'org.springframework:spring-framework-bom:5.3.11'
 		mavenBom 'org.springframework.data:spring-data-bom:2021.1.0-RC1'
@@ -15,6 +16,8 @@ dependencyManagement {
 		}
 
 		dependency 'org.aspectj:aspectjweaver:1.9.7'
+		dependency 'ch.qos.logback:logback-core:1.2.3'
+		dependency 'com.google.code.findbugs:jsr305:3.0.2'
 		dependency 'com.h2database:h2:1.4.200'
 		dependency 'com.ibm.db2:jcc:11.5.6.0'
 		dependency 'com.microsoft.sqlserver:mssql-jdbc:9.4.0.jre8'
@@ -28,9 +31,20 @@ dependencyManagement {
 		dependency 'mysql:mysql-connector-java:8.0.26'
 		dependency 'org.apache.derby:derby:10.14.2.0'
 		dependency 'org.assertj:assertj-core:3.21.0'
+		dependency 'org.hamcrest:hamcrest:2.1'
 		dependency 'org.hsqldb:hsqldb:2.5.2'
 		dependency 'org.mariadb.jdbc:mariadb-java-client:2.7.4'
-		dependency 'org.mockito:mockito-core:4.0.0'
+		dependencySet(group: 'org.mockito', version: '4.0.0') {
+        	entry 'mockito-core'
+			entry 'mockito-junit-jupiter'
+		}
+
+		dependencySet(group: 'org.mongodb', version: '4.2.3') {
+			entry 'mongodb-driver-core'
+			entry 'mongodb-driver-sync'
+			entry 'mongodb-driver-reactivestreams'
+		}
 		dependency 'org.postgresql:postgresql:42.2.24'
 	}
 }
+

settings.gradle

@@ -13,6 +13,7 @@ plugins {
 rootProject.name = 'spring-session-build'
 
 include 'spring-session-core'
+include 'spring-session-data-mongodb'
 include 'spring-session-data-redis'
 include 'spring-session-docs'
 include 'spring-session-hazelcast'

spring-session-data-mongodb/spring-session-data-mongodb.gradle

@@ -0,0 +1,45 @@
+apply plugin: 'io.spring.convention.spring-module'
+
+description = "Spring Session and Spring MongoDB integration"
+
+dependencies {
+
+    compile project(':spring-session-core')
+
+    // Spring Data MongoDB
+
+    compile("org.springframework.data:spring-data-mongodb") {
+        exclude group: "org.mongodb", module: "mongo-java-driver"
+        exclude group: "org.slf4j", module: "jcl-over-slf4j"
+    }
+
+    // MongoDB dependencies
+
+    optional "org.mongodb:mongodb-driver-core"
+    testCompile "org.mongodb:mongodb-driver-sync"
+    testCompile "org.mongodb:mongodb-driver-reactivestreams"
+    integrationTestCompile "org.testcontainers:mongodb"
+
+    // Everything else
+
+    compile "com.fasterxml.jackson.core:jackson-databind"
+    compile "org.springframework.security:spring-security-core"
+    compile "com.google.code.findbugs:jsr305"
+
+    optional "io.projectreactor:reactor-core"
+
+    testCompile "org.springframework:spring-web"
+    testCompile "org.springframework:spring-webflux"
+    testCompile "org.springframework.security:spring-security-config"
+    testCompile "org.springframework.security:spring-security-web"
+    testCompile "org.assertj:assertj-core"
+    testCompile "org.junit.jupiter:junit-jupiter-engine"
+    testCompile "org.junit.jupiter:junit-jupiter-params"
+    testCompile "org.springframework:spring-test"
+    testCompile "org.hamcrest:hamcrest"
+    testCompile "ch.qos.logback:logback-core"
+    testCompile "org.mockito:mockito-core"
+    testCompile "org.mockito:mockito-junit-jupiter"
+    testCompile "io.projectreactor:reactor-test"
+    testCompile "javax.servlet:javax.servlet-api"
+}

spring-session-data-mongodb/src/integration-test/java/org/springframework/session/data/mongo/integration/AbstractClassLoaderTest.java

@@ -0,0 +1,76 @@
+/*
+ * Copyright 2018 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.session.data.mongo.integration;
+
+import java.lang.reflect.Field;
+
+import org.assertj.core.api.AssertionsForClassTypes;
+import org.junit.jupiter.api.Test;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.core.serializer.DefaultDeserializer;
+import org.springframework.core.serializer.support.DeserializingConverter;
+import org.springframework.session.data.mongo.AbstractMongoSessionConverter;
+import org.springframework.session.data.mongo.Assert;
+import org.springframework.session.data.mongo.JdkMongoSessionConverter;
+import org.springframework.util.ReflectionUtils;
+
+/**
+ * Verify container's {@link ClassLoader} is injected into session converter (reactive and
+ * traditional).
+ *
+ * @author Greg Turnquist
+ */
+public abstract class AbstractClassLoaderTest<T> extends AbstractITest {
+
+	@Autowired
+	T sessionRepository;
+
+	@Autowired
+	ApplicationContext applicationContext;
+
+	@Test
+	void verifyContainerClassLoaderLoadedIntoConverter() {
+
+		Field mongoSessionConverterField = ReflectionUtils.findField(this.sessionRepository.getClass(),
+				"mongoSessionConverter");
+		ReflectionUtils.makeAccessible(
+				Assert.requireNonNull(mongoSessionConverterField, "mongoSessionConverter must not be null!"));
+		AbstractMongoSessionConverter sessionConverter = (AbstractMongoSessionConverter) ReflectionUtils
+				.getField(mongoSessionConverterField, this.sessionRepository);
+
+		AssertionsForClassTypes.assertThat(sessionConverter).isInstanceOf(JdkMongoSessionConverter.class);
+
+		JdkMongoSessionConverter jdkMongoSessionConverter = (JdkMongoSessionConverter) sessionConverter;
+
+		DeserializingConverter deserializingConverter = (DeserializingConverter) extractField(
+				JdkMongoSessionConverter.class, "deserializer", jdkMongoSessionConverter);
+		DefaultDeserializer deserializer = (DefaultDeserializer) extractField(DeserializingConverter.class,
+				"deserializer", deserializingConverter);
+		ClassLoader classLoader = (ClassLoader) extractField(DefaultDeserializer.class, "classLoader", deserializer);
+
+		AssertionsForClassTypes.assertThat(classLoader).isEqualTo(this.applicationContext.getClassLoader());
+	}
+
+	private static Object extractField(Class<?> clazz, String fieldName, Object obj) {
+
+		Field field = ReflectionUtils.findField(clazz, fieldName);
+		ReflectionUtils.makeAccessible(Assert.requireNonNull(field, fieldName + " must not be null!"));
+		return ReflectionUtils.getField(field, obj);
+	}
+
+}

spring-session-data-mongodb/src/integration-test/java/org/springframework/session/data/mongo/integration/AbstractITest.java

@@ -0,0 +1,62 @@
+/*
+ * Copyright 2014-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.session.data.mongo.integration;
+
+import java.util.UUID;
+
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.extension.ExtendWith;
+
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.context.web.WebAppConfiguration;
+
+/**
+ * Base class for repositories integration tests
+ *
+ * @author Jakub Kubrynski
+ */
+@ExtendWith(SpringExtension.class)
+@WebAppConfiguration
+public abstract class AbstractITest {
+
+	protected SecurityContext context;
+
+	protected SecurityContext changedContext;
+
+	// @Autowired(required = false)
+	// protected SessionEventRegistry registry;
+
+	@BeforeEach
+	void setup() {
+
+		// if (this.registry != null) {
+		// this.registry.clear();
+		// }
+
+		this.context = SecurityContextHolder.createEmptyContext();
+		this.context.setAuthentication(new UsernamePasswordAuthenticationToken("username-" + UUID.randomUUID(), "na",
+				AuthorityUtils.createAuthorityList("ROLE_USER")));
+
+		this.changedContext = SecurityContextHolder.createEmptyContext();
+		this.changedContext.setAuthentication(new UsernamePasswordAuthenticationToken(
+				"changedContext-" + UUID.randomUUID(), "na", AuthorityUtils.createAuthorityList("ROLE_USER")));
+	}
+
+}

spring-session-data-mongodb/src/integration-test/java/org/springframework/session/data/mongo/integration/AbstractMongoRepositoryITest.java

@@ -0,0 +1,408 @@
+/*
+ * Copyright 2014-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.session.data.mongo.integration;
+
+import java.time.Duration;
+import java.time.Instant;
+import java.util.Map;
+import java.util.UUID;
+
+import com.mongodb.client.MongoClient;
+import com.mongodb.client.MongoClients;
+import org.junit.jupiter.api.Test;
+import org.testcontainers.containers.MongoDBContainer;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.data.mongodb.core.MongoOperations;
+import org.springframework.data.mongodb.core.MongoTemplate;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.session.FindByIndexNameSessionRepository;
+import org.springframework.session.Session;
+import org.springframework.session.data.mongo.MongoIndexedSessionRepository;
+import org.springframework.session.data.mongo.MongoSession;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * Abstract base class for {@link MongoIndexedSessionRepository} tests.
+ *
+ * @author Jakub Kubrynski
+ * @author Vedran Pavic
+ * @author Greg Turnquist
+ */
+public abstract class AbstractMongoRepositoryITest extends AbstractITest {
+
+	protected static final String SPRING_SECURITY_CONTEXT = "SPRING_SECURITY_CONTEXT";
+
+	protected static final String INDEX_NAME = FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME;
+
+	@Autowired
+	protected MongoIndexedSessionRepository repository;
+
+	@Test
+	void saves() {
+
+		String username = "saves-" + System.currentTimeMillis();
+
+		MongoSession toSave = this.repository.createSession();
+		String expectedAttributeName = "a";
+		String expectedAttributeValue = "b";
+		toSave.setAttribute(expectedAttributeName, expectedAttributeValue);
+		Authentication toSaveToken = new UsernamePasswordAuthenticationToken(username, "password",
+				AuthorityUtils.createAuthorityList("ROLE_USER"));
+		SecurityContext toSaveContext = SecurityContextHolder.createEmptyContext();
+		toSaveContext.setAuthentication(toSaveToken);
+		toSave.setAttribute(SPRING_SECURITY_CONTEXT, toSaveContext);
+		toSave.setAttribute(INDEX_NAME, username);
+
+		this.repository.save(toSave);
+
+		Session session = this.repository.findById(toSave.getId());
+
+		assertThat(session.getId()).isEqualTo(toSave.getId());
+		assertThat(session.getAttributeNames()).isEqualTo(toSave.getAttributeNames());
+		assertThat(session.<String>getAttribute(expectedAttributeName))
+				.isEqualTo(toSave.getAttribute(expectedAttributeName));
+
+		this.repository.deleteById(toSave.getId());
+
+		String id = toSave.getId();
+		assertThat(this.repository.findById(id)).isNull();
+	}
+
+	@Test
+	void putAllOnSingleAttrDoesNotRemoveOld() {
+
+		MongoSession toSave = this.repository.createSession();
+		toSave.setAttribute("a", "b");
+
+		this.repository.save(toSave);
+		toSave = this.repository.findById(toSave.getId());
+
+		toSave.setAttribute("1", "2");
+
+		this.repository.save(toSave);
+		toSave = this.repository.findById(toSave.getId());
+
+		Session session = this.repository.findById(toSave.getId());
+		assertThat(session.getAttributeNames().size()).isEqualTo(2);
+		assertThat(session.<String>getAttribute("a")).isEqualTo("b");
+		assertThat(session.<String>getAttribute("1")).isEqualTo("2");
+
+		this.repository.deleteById(toSave.getId());
+	}
+
+	@Test
+	void findByPrincipalName() throws Exception {
+
+		String principalName = "findByPrincipalName" + UUID.randomUUID();
+		MongoSession toSave = this.repository.createSession();
+		toSave.setAttribute(INDEX_NAME, principalName);
+
+		this.repository.save(toSave);
+
+		Map<String, MongoSession> findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME,
+				principalName);
+
+		assertThat(findByPrincipalName).hasSize(1);
+		assertThat(findByPrincipalName.keySet()).containsOnly(toSave.getId());
+
+		this.repository.deleteById(toSave.getId());
+
+		findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME, principalName);
+
+		assertThat(findByPrincipalName).hasSize(0);
+		assertThat(findByPrincipalName.keySet()).doesNotContain(toSave.getId());
+	}
+
+	@Test
+	void nonExistentSessionShouldNotBreakMongo() {
+		this.repository.deleteById("doesn't exist");
+	}
+
+	@Test
+	void findByPrincipalNameNoPrincipalNameChange() throws Exception {
+
+		String principalName = "findByPrincipalNameNoPrincipalNameChange" + UUID.randomUUID();
+		MongoSession toSave = this.repository.createSession();
+		toSave.setAttribute(INDEX_NAME, principalName);
+
+		this.repository.save(toSave);
+
+		toSave.setAttribute("other", "value");
+		this.repository.save(toSave);
+
+		Map<String, MongoSession> findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME,
+				principalName);
+
+		assertThat(findByPrincipalName).hasSize(1);
+		assertThat(findByPrincipalName.keySet()).containsOnly(toSave.getId());
+	}
+
+	@Test
+	void findByPrincipalNameNoPrincipalNameChangeReload() throws Exception {
+
+		String principalName = "findByPrincipalNameNoPrincipalNameChangeReload" + UUID.randomUUID();
+		MongoSession toSave = this.repository.createSession();
+		toSave.setAttribute(INDEX_NAME, principalName);
+
+		this.repository.save(toSave);
+
+		toSave = this.repository.findById(toSave.getId());
+
+		toSave.setAttribute("other", "value");
+		this.repository.save(toSave);
+
+		Map<String, MongoSession> findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME,
+				principalName);
+
+		assertThat(findByPrincipalName).hasSize(1);
+		assertThat(findByPrincipalName.keySet()).containsOnly(toSave.getId());
+	}
+
+	@Test
+	void findByDeletedPrincipalName() throws Exception {
+
+		String principalName = "findByDeletedPrincipalName" + UUID.randomUUID();
+		MongoSession toSave = this.repository.createSession();
+		toSave.setAttribute(INDEX_NAME, principalName);
+
+		this.repository.save(toSave);
+
+		toSave.setAttribute(INDEX_NAME, null);
+		this.repository.save(toSave);
+
+		Map<String, MongoSession> findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME,
+				principalName);
+
+		assertThat(findByPrincipalName).isEmpty();
+	}
+
+	@Test
+	void findByChangedPrincipalName() throws Exception {
+
+		String principalName = "findByChangedPrincipalName" + UUID.randomUUID();
+		String principalNameChanged = "findByChangedPrincipalName" + UUID.randomUUID();
+		MongoSession toSave = this.repository.createSession();
+		toSave.setAttribute(INDEX_NAME, principalName);
+
+		this.repository.save(toSave);
+
+		toSave.setAttribute(INDEX_NAME, principalNameChanged);
+		this.repository.save(toSave);
+
+		Map<String, MongoSession> findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME,
+				principalName);
+		assertThat(findByPrincipalName).isEmpty();
+
+		findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME, principalNameChanged);
+
+		assertThat(findByPrincipalName).hasSize(1);
+		assertThat(findByPrincipalName.keySet()).containsOnly(toSave.getId());
+	}
+
+	@Test
+	void findByDeletedPrincipalNameReload() throws Exception {
+
+		String principalName = "findByDeletedPrincipalName" + UUID.randomUUID();
+		MongoSession toSave = this.repository.createSession();
+		toSave.setAttribute(INDEX_NAME, principalName);
+
+		this.repository.save(toSave);
+
+		MongoSession getSession = this.repository.findById(toSave.getId());
+		getSession.setAttribute(INDEX_NAME, null);
+		this.repository.save(getSession);
+
+		Map<String, MongoSession> findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME,
+				principalName);
+
+		assertThat(findByPrincipalName).isEmpty();
+	}
+
+	@Test
+	void findByChangedPrincipalNameReload() throws Exception {
+
+		String principalName = "findByChangedPrincipalName" + UUID.randomUUID();
+		String principalNameChanged = "findByChangedPrincipalName" + UUID.randomUUID();
+		MongoSession toSave = this.repository.createSession();
+		toSave.setAttribute(INDEX_NAME, principalName);
+
+		this.repository.save(toSave);
+
+		MongoSession getSession = this.repository.findById(toSave.getId());
+
+		getSession.setAttribute(INDEX_NAME, principalNameChanged);
+		this.repository.save(getSession);
+
+		Map<String, MongoSession> findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME,
+				principalName);
+		assertThat(findByPrincipalName).isEmpty();
+
+		findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME, principalNameChanged);
+
+		assertThat(findByPrincipalName).hasSize(1);
+		assertThat(findByPrincipalName.keySet()).containsOnly(toSave.getId());
+	}
+
+	@Test
+	void findBySecurityPrincipalName() throws Exception {
+
+		MongoSession toSave = this.repository.createSession();
+		toSave.setAttribute(SPRING_SECURITY_CONTEXT, this.context);
+
+		this.repository.save(toSave);
+
+		Map<String, MongoSession> findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME,
+				getSecurityName());
+
+		assertThat(findByPrincipalName).hasSize(1);
+		assertThat(findByPrincipalName.keySet()).containsOnly(toSave.getId());
+
+		this.repository.deleteById(toSave.getId());
+
+		findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME, getSecurityName());
+
+		assertThat(findByPrincipalName).hasSize(0);
+		assertThat(findByPrincipalName.keySet()).doesNotContain(toSave.getId());
+	}
+
+	@Test
+	void findByPrincipalNameNoSecurityPrincipalNameChange() throws Exception {
+
+		MongoSession toSave = this.repository.createSession();
+		toSave.setAttribute(SPRING_SECURITY_CONTEXT, this.context);
+
+		this.repository.save(toSave);
+
+		toSave.setAttribute("other", "value");
+		this.repository.save(toSave);
+
+		Map<String, MongoSession> findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME,
+				getSecurityName());
+
+		assertThat(findByPrincipalName).hasSize(1);
+		assertThat(findByPrincipalName.keySet()).containsOnly(toSave.getId());
+	}
+
+	@Test
+	void findByDeletedSecurityPrincipalName() throws Exception {
+
+		MongoSession toSave = this.repository.createSession();
+		toSave.setAttribute(SPRING_SECURITY_CONTEXT, this.context);
+
+		this.repository.save(toSave);
+
+		toSave.setAttribute(SPRING_SECURITY_CONTEXT, null);
+		this.repository.save(toSave);
+
+		Map<String, MongoSession> findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME,
+				getSecurityName());
+
+		assertThat(findByPrincipalName).isEmpty();
+	}
+
+	@Test
+	void findByChangedSecurityPrincipalName() throws Exception {
+
+		MongoSession toSave = this.repository.createSession();
+		toSave.setAttribute(SPRING_SECURITY_CONTEXT, this.context);
+
+		this.repository.save(toSave);
+
+		toSave.setAttribute(SPRING_SECURITY_CONTEXT, this.changedContext);
+		this.repository.save(toSave);
+
+		Map<String, MongoSession> findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME,
+				getSecurityName());
+		assertThat(findByPrincipalName).isEmpty();
+
+		findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME, getChangedSecurityName());
+
+		assertThat(findByPrincipalName).hasSize(1);
+		assertThat(findByPrincipalName.keySet()).containsOnly(toSave.getId());
+	}
+
+	@Test
+	void findByChangedSecurityPrincipalNameReload() throws Exception {
+
+		MongoSession toSave = this.repository.createSession();
+		toSave.setAttribute(SPRING_SECURITY_CONTEXT, this.context);
+
+		this.repository.save(toSave);
+
+		MongoSession getSession = this.repository.findById(toSave.getId());
+
+		getSession.setAttribute(SPRING_SECURITY_CONTEXT, this.changedContext);
+		this.repository.save(getSession);
+
+		Map<String, MongoSession> findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME,
+				getSecurityName());
+		assertThat(findByPrincipalName).isEmpty();
+
+		findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME, getChangedSecurityName());
+
+		assertThat(findByPrincipalName).hasSize(1);
+		assertThat(findByPrincipalName.keySet()).containsOnly(toSave.getId());
+	}
+
+	@Test
+	void loadExpiredSession() throws Exception {
+
+		// given
+		MongoSession expiredSession = this.repository.createSession();
+		Instant thirtyOneMinutesAgo = Instant.ofEpochMilli(System.currentTimeMillis()).minus(Duration.ofMinutes(31));
+		expiredSession.setLastAccessedTime(thirtyOneMinutesAgo);
+		this.repository.save(expiredSession);
+
+		// then
+		MongoSession expiredSessionFromDb = this.repository.findById(expiredSession.getId());
+		assertThat(expiredSessionFromDb).isNull();
+	}
+
+	protected String getSecurityName() {
+		return this.context.getAuthentication().getName();
+	}
+
+	protected String getChangedSecurityName() {
+		return this.changedContext.getAuthentication().getName();
+	}
+
+	protected static class BaseConfig {
+
+		private static final String DOCKER_IMAGE = "mongo:4.0.10";
+
+		@Bean(initMethod = "start", destroyMethod = "stop")
+		public MongoDBContainer mongoContainer() {
+			return new MongoDBContainer(DOCKER_IMAGE).withExposedPorts(27017);
+		}
+
+		@Bean
+		public MongoOperations mongoOperations(MongoDBContainer mongoContainer) {
+
+			MongoClient mongo = MongoClients.create(
+					"mongodb://" + mongoContainer.getContainerIpAddress() + ":" + mongoContainer.getFirstMappedPort());
+			return new MongoTemplate(mongo, "test");
+		}
+
+	}
+
+}

spring-session-data-mongodb/src/integration-test/java/org/springframework/session/data/mongo/integration/MongoDbDeleteJacksonSessionVerificationTest.java

@@ -0,0 +1,199 @@
+/*
+ * Copyright 2019 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.session.data.mongo.integration;
+
+import java.net.URI;
+
+import com.mongodb.reactivestreams.client.MongoClient;
+import com.mongodb.reactivestreams.client.MongoClients;
+import org.assertj.core.api.AssertionsForClassTypes;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.testcontainers.containers.MongoDBContainer;
+import reactor.test.StepVerifier;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.mongodb.core.ReactiveMongoOperations;
+import org.springframework.data.mongodb.core.ReactiveMongoTemplate;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
+import org.springframework.security.config.web.server.ServerHttpSecurity;
+import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.web.server.SecurityWebFilterChain;
+import org.springframework.session.data.mongo.AbstractMongoSessionConverter;
+import org.springframework.session.data.mongo.JacksonMongoSessionConverter;
+import org.springframework.session.data.mongo.config.annotation.web.reactive.EnableMongoWebSession;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.web.reactive.server.FluxExchangeResult;
+import org.springframework.test.web.reactive.server.WebTestClient;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.reactive.config.EnableWebFlux;
+import org.springframework.web.reactive.function.BodyInserters;
+
+/**
+ * @author Boris Finkelshteyn
+ */
+@ExtendWith(SpringExtension.class)
+@ContextConfiguration
+public class MongoDbDeleteJacksonSessionVerificationTest {
+
+	@Autowired
+	ApplicationContext ctx;
+
+	WebTestClient client;
+
+	@BeforeEach
+	void setUp() {
+		this.client = WebTestClient.bindToApplicationContext(this.ctx).build();
+	}
+
+	@Test
+	void logoutShouldDeleteOldSessionFromMongoDB() {
+
+		// 1. Login and capture the SESSION cookie value.
+
+		FluxExchangeResult<String> loginResult = this.client.post().uri("/login")
+				.contentType(MediaType.APPLICATION_FORM_URLENCODED) //
+				.body(BodyInserters //
+						.fromFormData("username", "admin") //
+						.with("password", "password")) //
+				.exchange() //
+				.returnResult(String.class);
+
+		AssertionsForClassTypes.assertThat(loginResult.getResponseHeaders().getLocation()).isEqualTo(URI.create("/"));
+
+		String originalSessionId = loginResult.getResponseCookies().getFirst("SESSION").getValue();
+
+		// 2. Fetch a protected resource using the SESSION cookie.
+
+		this.client.get().uri("/hello") //
+				.cookie("SESSION", originalSessionId) //
+				.exchange() //
+				.expectStatus().isOk() //
+				.returnResult(String.class).getResponseBody() //
+				.as(StepVerifier::create) //
+				.expectNext("HelloWorld") //
+				.verifyComplete();
+
+		// 3. Logout using the SESSION cookie, and capture the new SESSION cookie.
+
+		String newSessionId = this.client.post().uri("/logout") //
+				.cookie("SESSION", originalSessionId) //
+				.exchange() //
+				.expectStatus().isFound() //
+				.returnResult(String.class).getResponseCookies().getFirst("SESSION").getValue();
+
+		AssertionsForClassTypes.assertThat(newSessionId).isNotEqualTo(originalSessionId);
+
+		// 4. Verify the new SESSION cookie is not yet authorized.
+
+		this.client.get().uri("/hello") //
+				.cookie("SESSION", newSessionId) //
+				.exchange() //
+				.expectStatus().isFound() //
+				.expectHeader()
+				.value(HttpHeaders.LOCATION, (value) -> AssertionsForClassTypes.assertThat(value).isEqualTo("/login"));
+
+		// 5. Verify the original SESSION cookie no longer works.
+
+		this.client.get().uri("/hello") //
+				.cookie("SESSION", originalSessionId) //
+				.exchange() //
+				.expectStatus().isFound() //
+				.expectHeader()
+				.value(HttpHeaders.LOCATION, (value) -> AssertionsForClassTypes.assertThat(value).isEqualTo("/login"));
+	}
+
+	@RestController
+	static class TestController {
+
+		@GetMapping("/hello")
+		ResponseEntity<String> hello() {
+			return ResponseEntity.ok("HelloWorld");
+		}
+
+	}
+
+	@EnableWebFluxSecurity
+	static class SecurityConfig {
+
+		@Bean
+		SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
+			return http //
+					.logout()//
+					/**/.and() //
+					.formLogin() //
+					/**/.and() //
+					.csrf().disable() //
+					.authorizeExchange() //
+					.anyExchange().authenticated() //
+					/**/.and() //
+					.build();
+		}
+
+		@Bean
+		MapReactiveUserDetailsService userDetailsService() {
+			return new MapReactiveUserDetailsService(User.withDefaultPasswordEncoder() //
+					.username("admin") //
+					.password("password") //
+					.roles("USER,ADMIN") //
+					.build());
+		}
+
+		@Bean
+		AbstractMongoSessionConverter mongoSessionConverter() {
+			return new JacksonMongoSessionConverter();
+		}
+
+	}
+
+	@Configuration
+	@EnableWebFlux
+	@EnableMongoWebSession
+	static class Config {
+
+		private static final String DOCKER_IMAGE = "mongo:4.0.10";
+
+		@Bean(initMethod = "start", destroyMethod = "stop")
+		MongoDBContainer mongoContainer() {
+			return new MongoDBContainer(DOCKER_IMAGE).withExposedPorts(27017);
+		}
+
+		@Bean
+		ReactiveMongoOperations mongoOperations(MongoDBContainer mongoContainer) {
+
+			MongoClient mongo = MongoClients.create(
+					"mongodb://" + mongoContainer.getContainerIpAddress() + ":" + mongoContainer.getFirstMappedPort());
+			return new ReactiveMongoTemplate(mongo, "DB_Name_DeleteJacksonSessionVerificationTest");
+		}
+
+		@Bean
+		TestController controller() {
+			return new TestController();
+		}
+
+	}
+
+}

spring-session-data-mongodb/src/integration-test/java/org/springframework/session/data/mongo/integration/MongoDbLogoutVerificationTest.java

@@ -0,0 +1,194 @@
+/*
+ * Copyright 2019 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.session.data.mongo.integration;
+
+import java.net.URI;
+
+import com.mongodb.reactivestreams.client.MongoClient;
+import com.mongodb.reactivestreams.client.MongoClients;
+import org.assertj.core.api.AssertionsForClassTypes;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.testcontainers.containers.MongoDBContainer;
+import reactor.test.StepVerifier;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.mongodb.core.ReactiveMongoOperations;
+import org.springframework.data.mongodb.core.ReactiveMongoTemplate;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
+import org.springframework.security.config.web.server.ServerHttpSecurity;
+import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.web.server.SecurityWebFilterChain;
+import org.springframework.session.data.mongo.config.annotation.web.reactive.EnableMongoWebSession;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.web.reactive.server.FluxExchangeResult;
+import org.springframework.test.web.reactive.server.WebTestClient;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.reactive.config.EnableWebFlux;
+import org.springframework.web.reactive.function.BodyInserters;
+
+/**
+ * @author Greg Turnquist
+ */
+@ExtendWith(SpringExtension.class)
+@ContextConfiguration
+public class MongoDbLogoutVerificationTest {
+
+	@Autowired
+	ApplicationContext ctx;
+
+	WebTestClient client;
+
+	@BeforeEach
+	void setUp() {
+		this.client = WebTestClient.bindToApplicationContext(this.ctx).build();
+	}
+
+	@Test
+	void logoutShouldDeleteOldSessionFromMongoDB() {
+
+		// 1. Login and capture the SESSION cookie value.
+
+		FluxExchangeResult<String> loginResult = this.client.post().uri("/login")
+				.contentType(MediaType.APPLICATION_FORM_URLENCODED) //
+				.body(BodyInserters //
+						.fromFormData("username", "admin") //
+						.with("password", "password")) //
+				.exchange() //
+				.returnResult(String.class);
+
+		AssertionsForClassTypes.assertThat(loginResult.getResponseHeaders().getLocation()).isEqualTo(URI.create("/"));
+
+		String originalSessionId = loginResult.getResponseCookies().getFirst("SESSION").getValue();
+
+		// 2. Fetch a protected resource using the SESSION cookie.
+
+		this.client.get().uri("/hello") //
+				.cookie("SESSION", originalSessionId) //
+				.exchange() //
+				.expectStatus().isOk() //
+				.returnResult(String.class).getResponseBody() //
+				.as(StepVerifier::create) //
+				.expectNext("HelloWorld") //
+				.verifyComplete();
+
+		// 3. Logout using the SESSION cookie, and capture the new SESSION cookie.
+
+		String newSessionId = this.client.post().uri("/logout") //
+				.cookie("SESSION", originalSessionId) //
+				.exchange() //
+				.expectStatus().isFound() //
+				.returnResult(String.class).getResponseCookies().getFirst("SESSION").getValue();
+
+		AssertionsForClassTypes.assertThat(newSessionId).isNotEqualTo(originalSessionId);
+
+		// 4. Verify the new SESSION cookie is not yet authorized.
+
+		this.client.get().uri("/hello") //
+				.cookie("SESSION", newSessionId) //
+				.exchange() //
+				.expectStatus().isFound() //
+				.expectHeader()
+				.value(HttpHeaders.LOCATION, (value) -> AssertionsForClassTypes.assertThat(value).isEqualTo("/login"));
+
+		// 5. Verify the original SESSION cookie no longer works.
+
+		this.client.get().uri("/hello") //
+				.cookie("SESSION", originalSessionId) //
+				.exchange() //
+				.expectStatus().isFound() //
+				.expectHeader()
+				.value(HttpHeaders.LOCATION, (value) -> AssertionsForClassTypes.assertThat(value).isEqualTo("/login"));
+	}
+
+	@RestController
+	static class TestController {
+
+		@GetMapping("/hello")
+		ResponseEntity<String> hello() {
+			return ResponseEntity.ok("HelloWorld");
+		}
+
+	}
+
+	@EnableWebFluxSecurity
+	static class SecurityConfig {
+
+		@Bean
+		SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
+
+			return http //
+					.logout()//
+					/**/.and() //
+					.formLogin() //
+					/**/.and() //
+					.csrf().disable() //
+					.authorizeExchange() //
+					.anyExchange().authenticated() //
+					/**/.and() //
+					.build();
+		}
+
+		@Bean
+		MapReactiveUserDetailsService userDetailsService() {
+
+			return new MapReactiveUserDetailsService(User.withDefaultPasswordEncoder() //
+					.username("admin") //
+					.password("password") //
+					.roles("USER,ADMIN") //
+					.build());
+		}
+
+	}
+
+	@Configuration
+	@EnableWebFlux
+	@EnableMongoWebSession
+	static class Config {
+
+		private static final String DOCKER_IMAGE = "mongo:4.0.10";
+
+		@Bean(initMethod = "start", destroyMethod = "stop")
+		MongoDBContainer mongoContainer() {
+			return new MongoDBContainer(DOCKER_IMAGE).withExposedPorts(27017);
+		}
+
+		@Bean
+		ReactiveMongoOperations mongoOperations(MongoDBContainer mongoContainer) {
+
+			MongoClient mongo = MongoClients.create(
+					"mongodb://" + mongoContainer.getContainerIpAddress() + ":" + mongoContainer.getFirstMappedPort());
+			return new ReactiveMongoTemplate(mongo, "test");
+		}
+
+		@Bean
+		TestController controller() {
+			return new TestController();
+		}
+
+	}
+
+}

spring-session-data-mongodb/src/integration-test/java/org/springframework/session/data/mongo/integration/MongoRepositoryJacksonITest.java

@@ -0,0 +1,75 @@
+/*
+ * Copyright 2014-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.session.data.mongo.integration;
+
+import java.util.Collections;
+import java.util.Map;
+import java.util.UUID;
+
+import org.junit.jupiter.api.Test;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.geo.GeoModule;
+import org.springframework.session.data.mongo.AbstractMongoSessionConverter;
+import org.springframework.session.data.mongo.JacksonMongoSessionConverter;
+import org.springframework.session.data.mongo.MongoSession;
+import org.springframework.session.data.mongo.config.annotation.web.http.EnableMongoHttpSession;
+import org.springframework.test.context.ContextConfiguration;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * Integration tests for
+ * {@link org.springframework.session.data.mongo.MongoIndexedSessionRepository} that use
+ * {@link JacksonMongoSessionConverter} based session serialization.
+ *
+ * @author Jakub Kubrynski
+ * @author Vedran Pavic
+ * @author Greg Turnquist
+ */
+@ContextConfiguration
+public class MongoRepositoryJacksonITest extends AbstractMongoRepositoryITest {
+
+	@Test
+	void findByCustomIndex() throws Exception {
+
+		MongoSession toSave = this.repository.createSession();
+		String cartId = "cart-" + UUID.randomUUID();
+		toSave.setAttribute("cartId", cartId);
+
+		this.repository.save(toSave);
+
+		Map<String, MongoSession> findByCartId = this.repository.findByIndexNameAndIndexValue("cartId", cartId);
+
+		assertThat(findByCartId).hasSize(1);
+		assertThat(findByCartId.keySet()).containsOnly(toSave.getId());
+	}
+
+	// tag::sample[]
+	@Configuration
+	@EnableMongoHttpSession
+	static class Config extends BaseConfig {
+
+		@Bean
+		AbstractMongoSessionConverter mongoSessionConverter() {
+			return new JacksonMongoSessionConverter(Collections.singletonList(new GeoModule()));
+		}
+
+	}
+	// end::sample[]
+
+}

spring-session-data-mongodb/src/integration-test/java/org/springframework/session/data/mongo/integration/MongoRepositoryJdkSerializationITest.java

@@ -0,0 +1,96 @@
+/*
+ * Copyright 2014-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.session.data.mongo.integration;
+
+import java.time.Duration;
+import java.util.Map;
+
+import org.junit.jupiter.api.Test;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.session.data.mongo.AbstractMongoSessionConverter;
+import org.springframework.session.data.mongo.JdkMongoSessionConverter;
+import org.springframework.session.data.mongo.MongoSession;
+import org.springframework.session.data.mongo.config.annotation.web.http.EnableMongoHttpSession;
+import org.springframework.test.context.ContextConfiguration;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * Integration tests for
+ * {@link org.springframework.session.data.mongo.MongoIndexedSessionRepository} that use
+ * {@link JdkMongoSessionConverter} based session serialization.
+ *
+ * @author Jakub Kubrynski
+ * @author Vedran Pavic
+ * @author Greg Turnquist
+ */
+@ContextConfiguration
+public class MongoRepositoryJdkSerializationITest extends AbstractMongoRepositoryITest {
+
+	@Test
+	void findByDeletedSecurityPrincipalNameReload() throws Exception {
+
+		MongoSession toSave = this.repository.createSession();
+		toSave.setAttribute(SPRING_SECURITY_CONTEXT, this.context);
+
+		this.repository.save(toSave);
+
+		MongoSession getSession = this.repository.findById(toSave.getId());
+		getSession.setAttribute(INDEX_NAME, null);
+		this.repository.save(getSession);
+
+		Map<String, MongoSession> findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME,
+				getChangedSecurityName());
+
+		assertThat(findByPrincipalName).isEmpty();
+	}
+
+	@Test
+	void findByPrincipalNameNoSecurityPrincipalNameChangeReload() throws Exception {
+
+		MongoSession toSave = this.repository.createSession();
+		toSave.setAttribute(SPRING_SECURITY_CONTEXT, this.context);
+
+		this.repository.save(toSave);
+
+		toSave = this.repository.findById(toSave.getId());
+
+		toSave.setAttribute("other", "value");
+		this.repository.save(toSave);
+
+		Map<String, MongoSession> findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME,
+				getSecurityName());
+
+		assertThat(findByPrincipalName).hasSize(1);
+		assertThat(findByPrincipalName.keySet()).containsOnly(toSave.getId());
+	}
+
+	// tag::sample[]
+	@Configuration
+	@EnableMongoHttpSession
+	static class Config extends BaseConfig {
+
+		@Bean
+		AbstractMongoSessionConverter mongoSessionConverter() {
+			return new JdkMongoSessionConverter(Duration.ofMinutes(30));
+		}
+
+	}
+	// end::sample[]
+
+}

spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/AbstractMongoSessionConverter.java

@@ -0,0 +1,129 @@
+/*
+ * Copyright 2014-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.data.mongo;
+
+import java.util.Collections;
+import java.util.Set;
+
+import com.mongodb.DBObject;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.bson.Document;
+
+import org.springframework.core.convert.TypeDescriptor;
+import org.springframework.core.convert.converter.GenericConverter;
+import org.springframework.data.domain.Sort;
+import org.springframework.data.mongodb.core.index.Index;
+import org.springframework.data.mongodb.core.index.IndexInfo;
+import org.springframework.data.mongodb.core.index.IndexOperations;
+import org.springframework.data.mongodb.core.query.Query;
+import org.springframework.lang.Nullable;
+import org.springframework.session.DelegatingIndexResolver;
+import org.springframework.session.FindByIndexNameSessionRepository;
+import org.springframework.session.IndexResolver;
+import org.springframework.session.PrincipalNameIndexResolver;
+
+/**
+ * Base class for serializing and deserializing session objects. To create custom
+ * serializer you have to implement this interface and simply register your class as a
+ * bean.
+ *
+ * @author Jakub Kubrynski
+ * @author Greg Turnquist
+ * @since 1.2
+ */
+public abstract class AbstractMongoSessionConverter implements GenericConverter {
+
+	static final String EXPIRE_AT_FIELD_NAME = "expireAt";
+
+	private static final Log LOG = LogFactory.getLog(AbstractMongoSessionConverter.class);
+
+	private static final String SPRING_SECURITY_CONTEXT = "SPRING_SECURITY_CONTEXT";
+
+	private IndexResolver<MongoSession> indexResolver = new DelegatingIndexResolver<>(
+			new PrincipalNameIndexResolver<>());
+
+	/**
+	 * Returns query to be executed to return sessions based on a particular index.
+	 * @param indexName name of the index
+	 * @param indexValue value to query against
+	 * @return built query or null if indexName is not supported
+	 */
+	@Nullable
+	protected abstract Query getQueryForIndex(String indexName, Object indexValue);
+
+	/**
+	 * Method ensures that there is a TTL index on {@literal expireAt} field. It's has
+	 * {@literal expireAfterSeconds} set to zero seconds, so the expiration time is
+	 * controlled by the application. It can be extended in custom converters when there
+	 * is a need for creating additional custom indexes.
+	 * @param sessionCollectionIndexes {@link IndexOperations} to use
+	 */
+	protected void ensureIndexes(IndexOperations sessionCollectionIndexes) {
+
+		for (IndexInfo info : sessionCollectionIndexes.getIndexInfo()) {
+			if (EXPIRE_AT_FIELD_NAME.equals(info.getName())) {
+				LOG.debug("TTL index on field " + EXPIRE_AT_FIELD_NAME + " already exists");
+				return;
+			}
+		}
+
+		LOG.info("Creating TTL index on field " + EXPIRE_AT_FIELD_NAME);
+
+		sessionCollectionIndexes
+				.ensureIndex(new Index(EXPIRE_AT_FIELD_NAME, Sort.Direction.ASC).named(EXPIRE_AT_FIELD_NAME).expire(0));
+	}
+
+	protected String extractPrincipal(MongoSession expiringSession) {
+
+		return this.indexResolver.resolveIndexesFor(expiringSession)
+				.get(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME);
+	}
+
+	public Set<ConvertiblePair> getConvertibleTypes() {
+
+		return Collections.singleton(new ConvertiblePair(DBObject.class, MongoSession.class));
+	}
+
+	@SuppressWarnings("unchecked")
+	@Nullable
+	public Object convert(Object source, TypeDescriptor sourceType, TypeDescriptor targetType) {
+
+		if (source == null) {
+			return null;
+		}
+
+		if (DBObject.class.isAssignableFrom(sourceType.getType())) {
+			return convert(new Document(((DBObject) source).toMap()));
+		}
+		else if (Document.class.isAssignableFrom(sourceType.getType())) {
+			return convert((Document) source);
+		}
+		else {
+			return convert((MongoSession) source);
+		}
+	}
+
+	protected abstract DBObject convert(MongoSession session);
+
+	protected abstract MongoSession convert(Document sessionWrapper);
+
+	public void setIndexResolver(IndexResolver<MongoSession> indexResolver) {
+		this.indexResolver = Assert.requireNonNull(indexResolver, "indexResolver must not be null!");
+	}
+
+}

spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/Assert.java

@@ -0,0 +1,39 @@
+/*
+ * Copyright 2019 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.session.data.mongo;
+
+import org.springframework.lang.Nullable;
+
+/**
+ * Utility to verify non null fields.
+ *
+ * @author Greg Turnquist
+ */
+public final class Assert {
+
+	private Assert() {
+	}
+
+	public static <T> T requireNonNull(@Nullable T item, String message) {
+
+		if (item == null) {
+			throw new IllegalArgumentException(message);
+		}
+
+		return item;
+	}
+
+}

spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/JacksonMongoSessionConverter.java

@@ -0,0 +1,187 @@
+/*
+ * Copyright 2014-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.session.data.mongo;
+
+import java.io.IOException;
+import java.util.Collections;
+import java.util.Date;
+import java.util.HashMap;
+
+import com.fasterxml.jackson.annotation.JsonAutoDetect;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.PropertyAccessor;
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.DeserializationFeature;
+import com.fasterxml.jackson.databind.Module;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.PropertyNamingStrategy;
+import com.mongodb.BasicDBObject;
+import com.mongodb.DBObject;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.bson.Document;
+import org.bson.json.JsonMode;
+import org.bson.json.JsonWriterSettings;
+
+import org.springframework.data.mongodb.core.query.Criteria;
+import org.springframework.data.mongodb.core.query.Query;
+import org.springframework.lang.Nullable;
+import org.springframework.security.jackson2.SecurityJackson2Modules;
+import org.springframework.session.FindByIndexNameSessionRepository;
+import org.springframework.util.Assert;
+
+/**
+ * {@code AbstractMongoSessionConverter} implementation using Jackson.
+ *
+ * @author Jakub Kubrynski
+ * @author Greg Turnquist
+ * @author Michael Ruf
+ * @since 1.2
+ */
+public class JacksonMongoSessionConverter extends AbstractMongoSessionConverter {
+
+	private static final Log LOG = LogFactory.getLog(JacksonMongoSessionConverter.class);
+
+	private static final String ATTRS_FIELD_NAME = "attrs.";
+
+	private static final String PRINCIPAL_FIELD_NAME = "principal";
+
+	private static final String EXPIRE_AT_FIELD_NAME = "expireAt";
+
+	private final ObjectMapper objectMapper;
+
+	public JacksonMongoSessionConverter() {
+		this(Collections.emptyList());
+	}
+
+	public JacksonMongoSessionConverter(Iterable<Module> modules) {
+
+		this.objectMapper = buildObjectMapper();
+		this.objectMapper.registerModules(modules);
+	}
+
+	public JacksonMongoSessionConverter(ObjectMapper objectMapper) {
+
+		Assert.notNull(objectMapper, "ObjectMapper can NOT be null!");
+		this.objectMapper = objectMapper;
+	}
+
+	@Nullable
+	protected Query getQueryForIndex(String indexName, Object indexValue) {
+
+		if (FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME.equals(indexName)) {
+			return Query.query(Criteria.where(PRINCIPAL_FIELD_NAME).is(indexValue));
+		}
+		else {
+			return Query.query(Criteria.where(ATTRS_FIELD_NAME + MongoSession.coverDot(indexName)).is(indexValue));
+		}
+	}
+
+	private ObjectMapper buildObjectMapper() {
+
+		ObjectMapper objectMapper = new ObjectMapper();
+
+		// serialize fields instead of properties
+		objectMapper.setVisibility(PropertyAccessor.ALL, JsonAutoDetect.Visibility.NONE);
+		objectMapper.setVisibility(PropertyAccessor.FIELD, JsonAutoDetect.Visibility.ANY);
+
+		// ignore unresolved fields (mostly 'principal')
+		objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
+
+		objectMapper.setPropertyNamingStrategy(new MongoIdNamingStrategy());
+
+		objectMapper.registerModules(SecurityJackson2Modules.getModules(getClass().getClassLoader()));
+		objectMapper.addMixIn(MongoSession.class, MongoSessionMixin.class);
+		objectMapper.addMixIn(HashMap.class, HashMapMixin.class);
+
+		return objectMapper;
+	}
+
+	@Override
+	protected DBObject convert(MongoSession source) {
+
+		try {
+			DBObject dbSession = BasicDBObject.parse(this.objectMapper.writeValueAsString(source));
+
+			// Override default serialization with proper values.
+			dbSession.put(PRINCIPAL_FIELD_NAME, extractPrincipal(source));
+			dbSession.put(EXPIRE_AT_FIELD_NAME, source.getExpireAt());
+			return dbSession;
+		}
+		catch (JsonProcessingException ex) {
+			throw new IllegalStateException("Cannot convert MongoExpiringSession", ex);
+		}
+	}
+
+	@Override
+	@Nullable
+	protected MongoSession convert(Document source) {
+
+		Date expireAt = (Date) source.remove(EXPIRE_AT_FIELD_NAME);
+		source.remove("originalSessionId");
+		String json = source.toJson(JsonWriterSettings.builder().outputMode(JsonMode.RELAXED).build());
+
+		try {
+			MongoSession mongoSession = this.objectMapper.readValue(json, MongoSession.class);
+			mongoSession.setExpireAt(expireAt);
+			return mongoSession;
+		}
+		catch (IOException ex) {
+			LOG.error("Error during Mongo Session deserialization", ex);
+			return null;
+		}
+	}
+
+	/**
+	 * Used to whitelist {@link MongoSession} for {@link SecurityJackson2Modules}.
+	 */
+	private static class MongoSessionMixin {
+
+		@JsonCreator
+		MongoSessionMixin(@JsonProperty("_id") String id,
+				@JsonProperty("intervalSeconds") long maxInactiveIntervalInSeconds) {
+		}
+
+	}
+
+	/**
+	 * Used to whitelist {@link HashMap} for {@link SecurityJackson2Modules}.
+	 */
+	private static class HashMapMixin {
+
+		// Nothing special
+
+	}
+
+	private static class MongoIdNamingStrategy extends PropertyNamingStrategy.PropertyNamingStrategyBase {
+
+		@Override
+		public String translate(String propertyName) {
+
+			switch (propertyName) {
+			case "id":
+				return "_id";
+			case "_id":
+				return "id";
+			default:
+				return propertyName;
+			}
+		}
+
+	}
+
+}

spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/JdkMongoSessionConverter.java

@@ -0,0 +1,174 @@
+/*
+ * Copyright 2014-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.data.mongo;
+
+import java.time.Duration;
+import java.time.Instant;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+
+import com.mongodb.BasicDBObject;
+import com.mongodb.DBObject;
+import org.bson.Document;
+import org.bson.types.Binary;
+
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.core.serializer.support.DeserializingConverter;
+import org.springframework.core.serializer.support.SerializingConverter;
+import org.springframework.data.mongodb.core.query.Criteria;
+import org.springframework.data.mongodb.core.query.Query;
+import org.springframework.lang.Nullable;
+import org.springframework.session.FindByIndexNameSessionRepository;
+import org.springframework.session.Session;
+import org.springframework.util.Assert;
+
+/**
+ * {@code AbstractMongoSessionConverter} implementation using standard Java serialization.
+ *
+ * @author Jakub Kubrynski
+ * @author Rob Winch
+ * @author Greg Turnquist
+ * @since 1.2
+ */
+public class JdkMongoSessionConverter extends AbstractMongoSessionConverter {
+
+	private static final String ID = "_id";
+
+	private static final String CREATION_TIME = "created";
+
+	private static final String LAST_ACCESSED_TIME = "accessed";
+
+	private static final String MAX_INTERVAL = "interval";
+
+	private static final String ATTRIBUTES = "attr";
+
+	private static final String PRINCIPAL_FIELD_NAME = "principal";
+
+	private final Converter<Object, byte[]> serializer;
+
+	private final Converter<byte[], Object> deserializer;
+
+	private Duration maxInactiveInterval;
+
+	public JdkMongoSessionConverter(Duration maxInactiveInterval) {
+		this(new SerializingConverter(), new DeserializingConverter(), maxInactiveInterval);
+	}
+
+	public JdkMongoSessionConverter(Converter<Object, byte[]> serializer, Converter<byte[], Object> deserializer,
+			Duration maxInactiveInterval) {
+
+		Assert.notNull(serializer, "serializer cannot be null");
+		Assert.notNull(deserializer, "deserializer cannot be null");
+		Assert.notNull(maxInactiveInterval, "maxInactiveInterval cannot be null");
+
+		this.serializer = serializer;
+		this.deserializer = deserializer;
+		this.maxInactiveInterval = maxInactiveInterval;
+	}
+
+	@Override
+	@Nullable
+	public Query getQueryForIndex(String indexName, Object indexValue) {
+
+		if (FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME.equals(indexName)) {
+			return Query.query(Criteria.where(PRINCIPAL_FIELD_NAME).is(indexValue));
+		}
+		else {
+			return null;
+		}
+	}
+
+	@Override
+	protected DBObject convert(MongoSession session) {
+
+		BasicDBObject basicDBObject = new BasicDBObject();
+
+		basicDBObject.put(ID, session.getId());
+		basicDBObject.put(CREATION_TIME, session.getCreationTime());
+		basicDBObject.put(LAST_ACCESSED_TIME, session.getLastAccessedTime());
+		basicDBObject.put(MAX_INTERVAL, session.getMaxInactiveInterval());
+		basicDBObject.put(PRINCIPAL_FIELD_NAME, extractPrincipal(session));
+		basicDBObject.put(EXPIRE_AT_FIELD_NAME, session.getExpireAt());
+		basicDBObject.put(ATTRIBUTES, serializeAttributes(session));
+
+		return basicDBObject;
+	}
+
+	@Override
+	protected MongoSession convert(Document sessionWrapper) {
+
+		Object maxInterval = sessionWrapper.getOrDefault(MAX_INTERVAL, this.maxInactiveInterval);
+
+		Duration maxIntervalDuration = (maxInterval instanceof Duration) ? (Duration) maxInterval
+				: Duration.parse(maxInterval.toString());
+
+		MongoSession session = new MongoSession(sessionWrapper.getString(ID), maxIntervalDuration.getSeconds());
+
+		Object creationTime = sessionWrapper.get(CREATION_TIME);
+		if (creationTime instanceof Instant) {
+			session.setCreationTime(((Instant) creationTime).toEpochMilli());
+		}
+		else if (creationTime instanceof Date) {
+			session.setCreationTime(((Date) creationTime).getTime());
+		}
+
+		Object lastAccessedTime = sessionWrapper.get(LAST_ACCESSED_TIME);
+		if (lastAccessedTime instanceof Instant) {
+			session.setLastAccessedTime((Instant) lastAccessedTime);
+		}
+		else if (lastAccessedTime instanceof Date) {
+			session.setLastAccessedTime(Instant.ofEpochMilli(((Date) lastAccessedTime).getTime()));
+		}
+
+		session.setExpireAt((Date) sessionWrapper.get(EXPIRE_AT_FIELD_NAME));
+
+		deserializeAttributes(sessionWrapper, session);
+
+		return session;
+	}
+
+	@Nullable
+	private byte[] serializeAttributes(Session session) {
+
+		Map<String, Object> attributes = new HashMap<>();
+
+		for (String attrName : session.getAttributeNames()) {
+			attributes.put(attrName, session.getAttribute(attrName));
+		}
+
+		return this.serializer.convert(attributes);
+	}
+
+	@SuppressWarnings("unchecked")
+	private void deserializeAttributes(Document sessionWrapper, Session session) {
+
+		Object sessionAttributes = sessionWrapper.get(ATTRIBUTES);
+
+		byte[] attributesBytes = ((sessionAttributes instanceof Binary) ? ((Binary) sessionAttributes).getData()
+				: (byte[]) sessionAttributes);
+
+		Map<String, Object> attributes = (Map<String, Object>) this.deserializer.convert(attributesBytes);
+
+		if (attributes != null) {
+			for (Map.Entry<String, Object> entry : attributes.entrySet()) {
+				session.setAttribute(entry.getKey(), entry.getValue());
+			}
+		}
+	}
+
+}

spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/MongoIndexedSessionRepository.java

@@ -0,0 +1,192 @@
+/*
+ * Copyright 2019 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.session.data.mongo;
+
+import java.time.Duration;
+import java.util.Collections;
+import java.util.Map;
+import java.util.Optional;
+import java.util.stream.Collectors;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.bson.Document;
+
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.context.ApplicationEvent;
+import org.springframework.context.ApplicationEventPublisher;
+import org.springframework.context.ApplicationEventPublisherAware;
+import org.springframework.data.mongodb.core.MongoOperations;
+import org.springframework.data.mongodb.core.index.IndexOperations;
+import org.springframework.lang.Nullable;
+import org.springframework.session.FindByIndexNameSessionRepository;
+import org.springframework.session.events.SessionCreatedEvent;
+import org.springframework.session.events.SessionDeletedEvent;
+import org.springframework.session.events.SessionExpiredEvent;
+
+/**
+ * Session repository implementation which stores sessions in Mongo. Uses
+ * {@link AbstractMongoSessionConverter} to transform session objects from/to native Mongo
+ * representation ({@code DBObject}). Repository is also responsible for removing expired
+ * sessions from database. Cleanup is done every minute.
+ *
+ * @author Jakub Kubrynski
+ * @author Greg Turnquist
+ * @since 2.2.0
+ */
+public class MongoIndexedSessionRepository
+		implements FindByIndexNameSessionRepository<MongoSession>, ApplicationEventPublisherAware, InitializingBean {
+
+	/**
+	 * The default time period in seconds in which a session will expire.
+	 */
+	public static final int DEFAULT_INACTIVE_INTERVAL = 1800;
+
+	/**
+	 * the default collection name for storing session.
+	 */
+	public static final String DEFAULT_COLLECTION_NAME = "sessions";
+
+	private static final Log logger = LogFactory.getLog(MongoIndexedSessionRepository.class);
+
+	private final MongoOperations mongoOperations;
+
+	private Integer maxInactiveIntervalInSeconds = DEFAULT_INACTIVE_INTERVAL;
+
+	private String collectionName = DEFAULT_COLLECTION_NAME;
+
+	private AbstractMongoSessionConverter mongoSessionConverter = new JdkMongoSessionConverter(
+			Duration.ofSeconds(this.maxInactiveIntervalInSeconds));
+
+	private ApplicationEventPublisher eventPublisher;
+
+	public MongoIndexedSessionRepository(MongoOperations mongoOperations) {
+		this.mongoOperations = mongoOperations;
+	}
+
+	@Override
+	public MongoSession createSession() {
+
+		MongoSession session = new MongoSession();
+
+		if (this.maxInactiveIntervalInSeconds != null) {
+			session.setMaxInactiveInterval(Duration.ofSeconds(this.maxInactiveIntervalInSeconds));
+		}
+
+		publishEvent(new SessionCreatedEvent(this, session));
+
+		return session;
+	}
+
+	@Override
+	public void save(MongoSession session) {
+		this.mongoOperations
+				.save(Assert.requireNonNull(MongoSessionUtils.convertToDBObject(this.mongoSessionConverter, session),
+						"convertToDBObject must not null!"), this.collectionName);
+	}
+
+	@Override
+	@Nullable
+	public MongoSession findById(String id) {
+
+		Document sessionWrapper = findSession(id);
+
+		if (sessionWrapper == null) {
+			return null;
+		}
+
+		MongoSession session = MongoSessionUtils.convertToSession(this.mongoSessionConverter, sessionWrapper);
+
+		if (session != null && session.isExpired()) {
+			publishEvent(new SessionExpiredEvent(this, session));
+			deleteById(id);
+			return null;
+		}
+
+		return session;
+	}
+
+	/**
+	 * Currently this repository allows only querying against
+	 * {@code PRINCIPAL_NAME_INDEX_NAME}.
+	 * @param indexName the name if the index (i.e.
+	 * {@link FindByIndexNameSessionRepository#PRINCIPAL_NAME_INDEX_NAME})
+	 * @param indexValue the value of the index to search for.
+	 * @return sessions map
+	 */
+	@Override
+	public Map<String, MongoSession> findByIndexNameAndIndexValue(String indexName, String indexValue) {
+
+		return Optional.ofNullable(this.mongoSessionConverter.getQueryForIndex(indexName, indexValue))
+				.map((query) -> this.mongoOperations.find(query, Document.class, this.collectionName))
+				.orElse(Collections.emptyList()).stream()
+				.map((dbSession) -> MongoSessionUtils.convertToSession(this.mongoSessionConverter, dbSession))
+				.collect(Collectors.toMap(MongoSession::getId, (mapSession) -> mapSession));
+	}
+
+	@Override
+	public void deleteById(String id) {
+
+		Optional.ofNullable(findSession(id)).ifPresent((document) -> {
+
+			MongoSession session = MongoSessionUtils.convertToSession(this.mongoSessionConverter, document);
+			if (session != null) {
+				publishEvent(new SessionDeletedEvent(this, session));
+			}
+			this.mongoOperations.remove(document, this.collectionName);
+		});
+	}
+
+	@Override
+	public void afterPropertiesSet() {
+
+		IndexOperations indexOperations = this.mongoOperations.indexOps(this.collectionName);
+		this.mongoSessionConverter.ensureIndexes(indexOperations);
+	}
+
+	@Nullable
+	private Document findSession(String id) {
+		return this.mongoOperations.findById(id, Document.class, this.collectionName);
+	}
+
+	@Override
+	public void setApplicationEventPublisher(ApplicationEventPublisher eventPublisher) {
+		this.eventPublisher = eventPublisher;
+	}
+
+	private void publishEvent(ApplicationEvent event) {
+
+		try {
+			this.eventPublisher.publishEvent(event);
+		}
+		catch (Throwable ex) {
+			logger.error("Error publishing " + event + ".", ex);
+		}
+	}
+
+	public void setMaxInactiveIntervalInSeconds(final Integer maxInactiveIntervalInSeconds) {
+		this.maxInactiveIntervalInSeconds = maxInactiveIntervalInSeconds;
+	}
+
+	public void setCollectionName(final String collectionName) {
+		this.collectionName = collectionName;
+	}
+
+	public void setMongoSessionConverter(final AbstractMongoSessionConverter mongoSessionConverter) {
+		this.mongoSessionConverter = mongoSessionConverter;
+	}
+
+}

spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/MongoOperationsSessionRepository.java

@@ -0,0 +1,35 @@
+/*
+ * Copyright 2014-2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.session.data.mongo;
+
+import org.springframework.data.mongodb.core.MongoOperations;
+
+/**
+ * This {@link org.springframework.session.FindByIndexNameSessionRepository}
+ * implementation is kept to support backwards compatibility.
+ *
+ * @author Rob Winch
+ * @since 1.2
+ * @deprecated since 2.2.0 in favor of {@link MongoIndexedSessionRepository}.
+ */
+@Deprecated
+public class MongoOperationsSessionRepository extends MongoIndexedSessionRepository {
+
+	public MongoOperationsSessionRepository(MongoOperations mongoOperations) {
+		super(mongoOperations);
+	}
+
+}

spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/MongoSession.java

@@ -0,0 +1,194 @@
+/*
+ * Copyright 2014-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.session.data.mongo;
+
+import java.time.Duration;
+import java.time.Instant;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Set;
+import java.util.UUID;
+import java.util.stream.Collectors;
+
+import org.springframework.lang.Nullable;
+import org.springframework.session.Session;
+
+/**
+ * Session object providing additional information about the datetime of expiration.
+ *
+ * @author Jakub Kubrynski
+ * @author Greg Turnquist
+ * @since 1.2
+ */
+public class MongoSession implements Session {
+
+	/**
+	 * Mongo doesn't support {@literal dot} in field names. We replace it with a very
+	 * rarely used character
+	 */
+	private static final char DOT_COVER_CHAR = '';
+
+	private String id;
+
+	private String originalSessionId;
+
+	private long createdMillis = System.currentTimeMillis();
+
+	private long accessedMillis;
+
+	private long intervalSeconds;
+
+	private Date expireAt;
+
+	private Map<String, Object> attrs = new HashMap<>();
+
+	public MongoSession() {
+		this(MongoIndexedSessionRepository.DEFAULT_INACTIVE_INTERVAL);
+	}
+
+	public MongoSession(long maxInactiveIntervalInSeconds) {
+		this(UUID.randomUUID().toString(), maxInactiveIntervalInSeconds);
+	}
+
+	public MongoSession(String id, long maxInactiveIntervalInSeconds) {
+
+		this.id = id;
+		this.originalSessionId = id;
+		this.intervalSeconds = maxInactiveIntervalInSeconds;
+		setLastAccessedTime(Instant.ofEpochMilli(this.createdMillis));
+	}
+
+	static String coverDot(String attributeName) {
+		return attributeName.replace('.', DOT_COVER_CHAR);
+	}
+
+	static String uncoverDot(String attributeName) {
+		return attributeName.replace(DOT_COVER_CHAR, '.');
+	}
+
+	@Override
+	public String changeSessionId() {
+
+		String changedId = UUID.randomUUID().toString();
+		this.id = changedId;
+		return changedId;
+	}
+
+	@Override
+	@Nullable
+	public <T> T getAttribute(String attributeName) {
+		return (T) this.attrs.get(coverDot(attributeName));
+	}
+
+	@Override
+	public Set<String> getAttributeNames() {
+		return this.attrs.keySet().stream().map(MongoSession::uncoverDot).collect(Collectors.toSet());
+	}
+
+	@Override
+	public void setAttribute(String attributeName, Object attributeValue) {
+
+		if (attributeValue == null) {
+			removeAttribute(coverDot(attributeName));
+		}
+		else {
+			this.attrs.put(coverDot(attributeName), attributeValue);
+		}
+	}
+
+	@Override
+	public void removeAttribute(String attributeName) {
+		this.attrs.remove(coverDot(attributeName));
+	}
+
+	@Override
+	public Instant getCreationTime() {
+		return Instant.ofEpochMilli(this.createdMillis);
+	}
+
+	public void setCreationTime(long created) {
+		this.createdMillis = created;
+	}
+
+	@Override
+	public Instant getLastAccessedTime() {
+		return Instant.ofEpochMilli(this.accessedMillis);
+	}
+
+	@Override
+	public void setLastAccessedTime(Instant lastAccessedTime) {
+
+		this.accessedMillis = lastAccessedTime.toEpochMilli();
+		this.expireAt = Date.from(lastAccessedTime.plus(Duration.ofSeconds(this.intervalSeconds)));
+	}
+
+	@Override
+	public Duration getMaxInactiveInterval() {
+		return Duration.ofSeconds(this.intervalSeconds);
+	}
+
+	@Override
+	public void setMaxInactiveInterval(Duration interval) {
+		this.intervalSeconds = interval.getSeconds();
+	}
+
+	@Override
+	public boolean isExpired() {
+		return this.intervalSeconds >= 0 && new Date().after(this.expireAt);
+	}
+
+	@Override
+	public boolean equals(Object o) {
+
+		if (this == o) {
+			return true;
+		}
+		if (o == null || getClass() != o.getClass()) {
+			return false;
+		}
+		MongoSession that = (MongoSession) o;
+		return Objects.equals(this.id, that.id);
+	}
+
+	@Override
+	public int hashCode() {
+		return Objects.hash(this.id);
+	}
+
+	@Override
+	public String getId() {
+		return this.id;
+	}
+
+	public Date getExpireAt() {
+		return this.expireAt;
+	}
+
+	public void setExpireAt(final Date expireAt) {
+		this.expireAt = expireAt;
+	}
+
+	boolean hasChangedSessionId() {
+		return !getId().equals(this.originalSessionId);
+	}
+
+	String getOriginalSessionId() {
+		return this.originalSessionId;
+	}
+
+}

spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/MongoSessionUtils.java

@@ -0,0 +1,48 @@
+/*
+ * Copyright 2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.session.data.mongo;
+
+import com.mongodb.DBObject;
+import org.bson.Document;
+
+import org.springframework.core.convert.TypeDescriptor;
+import org.springframework.lang.Nullable;
+
+/**
+ * Utility for MongoSession.
+ *
+ * @author Greg Turnquist
+ */
+public final class MongoSessionUtils {
+
+	private MongoSessionUtils() {
+	}
+
+	@Nullable
+	static DBObject convertToDBObject(AbstractMongoSessionConverter mongoSessionConverter, MongoSession session) {
+
+		return (DBObject) mongoSessionConverter.convert(session, TypeDescriptor.valueOf(MongoSession.class),
+				TypeDescriptor.valueOf(DBObject.class));
+	}
+
+	@Nullable
+	static MongoSession convertToSession(AbstractMongoSessionConverter mongoSessionConverter, Document session) {
+
+		return (MongoSession) mongoSessionConverter.convert(session, TypeDescriptor.valueOf(Document.class),
+				TypeDescriptor.valueOf(MongoSession.class));
+	}
+
+}

spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/ReactiveMongoOperationsSessionRepository.java

@@ -0,0 +1,35 @@
+/*
+ * Copyright 2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.session.data.mongo;
+
+import org.springframework.data.mongodb.core.ReactiveMongoOperations;
+import org.springframework.session.ReactiveSessionRepository;
+
+/**
+ * This {@link ReactiveSessionRepository} implementation is kept to support migration to
+ * {@link ReactiveMongoSessionRepository} in a backwards compatible manner.
+ *
+ * @author Greg Turnquist
+ * @deprecated since 2.2.0 in favor of {@link ReactiveMongoSessionRepository}.
+ */
+@Deprecated
+public class ReactiveMongoOperationsSessionRepository extends ReactiveMongoSessionRepository {
+
+	public ReactiveMongoOperationsSessionRepository(ReactiveMongoOperations mongoOperations) {
+		super(mongoOperations);
+	}
+
+}

spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/ReactiveMongoSessionRepository.java

@@ -0,0 +1,196 @@
+/*
+ * Copyright 2019 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.session.data.mongo;
+
+import java.time.Duration;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.bson.Document;
+import reactor.core.publisher.Mono;
+
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.context.ApplicationEvent;
+import org.springframework.context.ApplicationEventPublisher;
+import org.springframework.context.ApplicationEventPublisherAware;
+import org.springframework.data.mongodb.core.MongoOperations;
+import org.springframework.data.mongodb.core.ReactiveMongoOperations;
+import org.springframework.data.mongodb.core.index.IndexOperations;
+import org.springframework.data.mongodb.core.query.Criteria;
+import org.springframework.data.mongodb.core.query.Query;
+import org.springframework.session.ReactiveSessionRepository;
+import org.springframework.session.events.SessionCreatedEvent;
+import org.springframework.session.events.SessionDeletedEvent;
+
+/**
+ * A {@link ReactiveSessionRepository} implementation that uses Spring Data MongoDB.
+ *
+ * @author Greg Turnquist
+ * @since 2.2.0
+ */
+public class ReactiveMongoSessionRepository
+		implements ReactiveSessionRepository<MongoSession>, ApplicationEventPublisherAware, InitializingBean {
+
+	/**
+	 * The default time period in seconds in which a session will expire.
+	 */
+	public static final int DEFAULT_INACTIVE_INTERVAL = 1800;
+
+	/**
+	 * The default collection name for storing session.
+	 */
+	public static final String DEFAULT_COLLECTION_NAME = "sessions";
+
+	private static final Log logger = LogFactory.getLog(ReactiveMongoSessionRepository.class);
+
+	private final ReactiveMongoOperations mongoOperations;
+
+	private Integer maxInactiveIntervalInSeconds = DEFAULT_INACTIVE_INTERVAL;
+
+	private String collectionName = DEFAULT_COLLECTION_NAME;
+
+	private AbstractMongoSessionConverter mongoSessionConverter = new JdkMongoSessionConverter(
+			Duration.ofSeconds(this.maxInactiveIntervalInSeconds));
+
+	private MongoOperations blockingMongoOperations;
+
+	private ApplicationEventPublisher eventPublisher;
+
+	public ReactiveMongoSessionRepository(ReactiveMongoOperations mongoOperations) {
+		this.mongoOperations = mongoOperations;
+	}
+
+	/**
+	 * Creates a new {@link MongoSession} that is capable of being persisted by this
+	 * {@link ReactiveSessionRepository}.
+	 * <p>
+	 * This allows optimizations and customizations in how the {@link MongoSession} is
+	 * persisted. For example, the implementation returned might keep track of the changes
+	 * ensuring that only the delta needs to be persisted on a save.
+	 * </p>
+	 * @return a new {@link MongoSession} that is capable of being persisted by this
+	 * {@link ReactiveSessionRepository}
+	 */
+	@Override
+	public Mono<MongoSession> createSession() {
+
+		return Mono.justOrEmpty(this.maxInactiveIntervalInSeconds) //
+				.map(MongoSession::new) //
+				.doOnNext((mongoSession) -> publishEvent(new SessionCreatedEvent(this, mongoSession))) //
+				.switchIfEmpty(Mono.just(new MongoSession()));
+	}
+
+	@Override
+	public Mono<Void> save(MongoSession session) {
+
+		return Mono //
+				.justOrEmpty(MongoSessionUtils.convertToDBObject(this.mongoSessionConverter, session)) //
+				.flatMap((dbObject) -> {
+					if (session.hasChangedSessionId()) {
+
+						return this.mongoOperations
+								.remove(Query.query(Criteria.where("_id").is(session.getOriginalSessionId())),
+										this.collectionName) //
+								.then(this.mongoOperations.save(dbObject, this.collectionName));
+					}
+					else {
+
+						return this.mongoOperations.save(dbObject, this.collectionName);
+					}
+				}) //
+				.then();
+	}
+
+	@Override
+	public Mono<MongoSession> findById(String id) {
+
+		return findSession(id) //
+				.map((document) -> MongoSessionUtils.convertToSession(this.mongoSessionConverter, document)) //
+				.filter((mongoSession) -> !mongoSession.isExpired()) //
+				.switchIfEmpty(Mono.defer(() -> this.deleteById(id).then(Mono.empty())));
+	}
+
+	@Override
+	public Mono<Void> deleteById(String id) {
+
+		return findSession(id) //
+				.flatMap((document) -> this.mongoOperations.remove(document, this.collectionName) //
+						.then(Mono.just(document))) //
+				.map((document) -> MongoSessionUtils.convertToSession(this.mongoSessionConverter, document)) //
+				.doOnNext((mongoSession) -> publishEvent(new SessionDeletedEvent(this, mongoSession))) //
+				.then();
+	}
+
+	/**
+	 * Do not use
+	 * {@link org.springframework.data.mongodb.core.index.ReactiveIndexOperations} to
+	 * ensure indexes exist. Instead, get a blocking {@link IndexOperations} and use that
+	 * instead, if possible.
+	 */
+	@Override
+	public void afterPropertiesSet() {
+
+		if (this.blockingMongoOperations != null) {
+
+			IndexOperations indexOperations = this.blockingMongoOperations.indexOps(this.collectionName);
+			this.mongoSessionConverter.ensureIndexes(indexOperations);
+		}
+	}
+
+	private Mono<Document> findSession(String id) {
+		return this.mongoOperations.findById(id, Document.class, this.collectionName);
+	}
+
+	@Override
+	public void setApplicationEventPublisher(ApplicationEventPublisher eventPublisher) {
+		this.eventPublisher = eventPublisher;
+	}
+
+	private void publishEvent(ApplicationEvent event) {
+
+		try {
+			this.eventPublisher.publishEvent(event);
+		}
+		catch (Throwable ex) {
+			logger.error("Error publishing " + event + ".", ex);
+		}
+	}
+
+	public Integer getMaxInactiveIntervalInSeconds() {
+		return this.maxInactiveIntervalInSeconds;
+	}
+
+	public void setMaxInactiveIntervalInSeconds(final Integer maxInactiveIntervalInSeconds) {
+		this.maxInactiveIntervalInSeconds = maxInactiveIntervalInSeconds;
+	}
+
+	public String getCollectionName() {
+		return this.collectionName;
+	}
+
+	public void setCollectionName(final String collectionName) {
+		this.collectionName = collectionName;
+	}
+
+	public void setMongoSessionConverter(final AbstractMongoSessionConverter mongoSessionConverter) {
+		this.mongoSessionConverter = mongoSessionConverter;
+	}
+
+	public void setBlockingMongoOperations(final MongoOperations blockingMongoOperations) {
+		this.blockingMongoOperations = blockingMongoOperations;
+	}
+
+}

spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/config/annotation/web/http/EnableMongoHttpSession.java

@@ -0,0 +1,69 @@
+/*
+ * Copyright 2014-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.session.data.mongo.config.annotation.web.http;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Import;
+import org.springframework.session.data.mongo.MongoIndexedSessionRepository;
+
+/**
+ * Add this annotation to a {@code @Configuration} class to expose the
+ * SessionRepositoryFilter as a bean named "springSessionRepositoryFilter" and backed by
+ * Mongo. Use {@code collectionName} to change default name of the collection used to
+ * store sessions.
+ *
+ * <pre>
+ * <code>
+ * {@literal @EnableMongoHttpSession}
+ * public class MongoHttpSessionConfig {
+ *
+ *     {@literal @Bean}
+ *     public MongoOperations mongoOperations() throws UnknownHostException {
+ *         return new MongoTemplate(new MongoClient(), "databaseName");
+ *     }
+ *
+ * }
+ * </code> </pre>
+ *
+ * @author Jakub Kubrynski
+ * @since 1.2
+ */
+@Retention(RetentionPolicy.RUNTIME)
+@Target(ElementType.TYPE)
+@Documented
+@Import(MongoHttpSessionConfiguration.class)
+@Configuration(proxyBeanMethods = false)
+public @interface EnableMongoHttpSession {
+
+	/**
+	 * The maximum time a session will be kept if it is inactive.
+	 * @return default max inactive interval in seconds
+	 */
+	int maxInactiveIntervalInSeconds() default MongoIndexedSessionRepository.DEFAULT_INACTIVE_INTERVAL;
+
+	/**
+	 * The collection name to use.
+	 * @return name of the collection to store session
+	 */
+	String collectionName() default MongoIndexedSessionRepository.DEFAULT_COLLECTION_NAME;
+
+}

spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/config/annotation/web/http/MongoHttpSessionConfiguration.java

@@ -0,0 +1,157 @@
+/*
+ * Copyright 2014-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.session.data.mongo.config.annotation.web.http;
+
+import java.time.Duration;
+import java.util.List;
+import java.util.stream.Collectors;
+
+import org.springframework.beans.factory.BeanClassLoaderAware;
+import org.springframework.beans.factory.ObjectProvider;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.EmbeddedValueResolverAware;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.ImportAware;
+import org.springframework.core.annotation.AnnotationAttributes;
+import org.springframework.core.serializer.support.DeserializingConverter;
+import org.springframework.core.serializer.support.SerializingConverter;
+import org.springframework.core.type.AnnotationMetadata;
+import org.springframework.data.mongodb.core.MongoOperations;
+import org.springframework.session.IndexResolver;
+import org.springframework.session.config.SessionRepositoryCustomizer;
+import org.springframework.session.config.annotation.web.http.SpringHttpSessionConfiguration;
+import org.springframework.session.data.mongo.AbstractMongoSessionConverter;
+import org.springframework.session.data.mongo.JdkMongoSessionConverter;
+import org.springframework.session.data.mongo.MongoIndexedSessionRepository;
+import org.springframework.session.data.mongo.MongoSession;
+import org.springframework.util.StringUtils;
+import org.springframework.util.StringValueResolver;
+
+/**
+ * Configuration class registering {@code MongoSessionRepository} bean. To import this
+ * configuration use {@link EnableMongoHttpSession} annotation.
+ *
+ * @author Jakub Kubrynski
+ * @author Eddú Meléndez
+ * @since 1.2
+ */
+@Configuration(proxyBeanMethods = false)
+public class MongoHttpSessionConfiguration extends SpringHttpSessionConfiguration
+		implements BeanClassLoaderAware, EmbeddedValueResolverAware, ImportAware {
+
+	private AbstractMongoSessionConverter mongoSessionConverter;
+
+	private Integer maxInactiveIntervalInSeconds;
+
+	private String collectionName;
+
+	private StringValueResolver embeddedValueResolver;
+
+	private List<SessionRepositoryCustomizer<MongoIndexedSessionRepository>> sessionRepositoryCustomizers;
+
+	private ClassLoader classLoader;
+
+	private IndexResolver<MongoSession> indexResolver;
+
+	@Bean
+	public MongoIndexedSessionRepository mongoSessionRepository(MongoOperations mongoOperations) {
+
+		MongoIndexedSessionRepository repository = new MongoIndexedSessionRepository(mongoOperations);
+		repository.setMaxInactiveIntervalInSeconds(this.maxInactiveIntervalInSeconds);
+
+		if (this.mongoSessionConverter != null) {
+			repository.setMongoSessionConverter(this.mongoSessionConverter);
+
+			if (this.indexResolver != null) {
+				this.mongoSessionConverter.setIndexResolver(this.indexResolver);
+			}
+		}
+		else {
+			JdkMongoSessionConverter mongoSessionConverter = new JdkMongoSessionConverter(new SerializingConverter(),
+					new DeserializingConverter(this.classLoader),
+					Duration.ofSeconds(MongoIndexedSessionRepository.DEFAULT_INACTIVE_INTERVAL));
+
+			if (this.indexResolver != null) {
+				mongoSessionConverter.setIndexResolver(this.indexResolver);
+			}
+
+			repository.setMongoSessionConverter(mongoSessionConverter);
+		}
+
+		if (StringUtils.hasText(this.collectionName)) {
+			repository.setCollectionName(this.collectionName);
+		}
+
+		this.sessionRepositoryCustomizers
+				.forEach((sessionRepositoryCustomizer) -> sessionRepositoryCustomizer.customize(repository));
+
+		return repository;
+	}
+
+	public void setCollectionName(String collectionName) {
+		this.collectionName = collectionName;
+	}
+
+	public void setMaxInactiveIntervalInSeconds(Integer maxInactiveIntervalInSeconds) {
+		this.maxInactiveIntervalInSeconds = maxInactiveIntervalInSeconds;
+	}
+
+	public void setImportMetadata(AnnotationMetadata importMetadata) {
+
+		AnnotationAttributes attributes = AnnotationAttributes
+				.fromMap(importMetadata.getAnnotationAttributes(EnableMongoHttpSession.class.getName()));
+
+		if (attributes != null) {
+			this.maxInactiveIntervalInSeconds = attributes.getNumber("maxInactiveIntervalInSeconds");
+		}
+		else {
+			this.maxInactiveIntervalInSeconds = MongoIndexedSessionRepository.DEFAULT_INACTIVE_INTERVAL;
+		}
+
+		String collectionNameValue = (attributes != null) ? attributes.getString("collectionName") : "";
+		if (StringUtils.hasText(collectionNameValue)) {
+			this.collectionName = this.embeddedValueResolver.resolveStringValue(collectionNameValue);
+		}
+	}
+
+	@Autowired(required = false)
+	public void setMongoSessionConverter(AbstractMongoSessionConverter mongoSessionConverter) {
+		this.mongoSessionConverter = mongoSessionConverter;
+	}
+
+	@Autowired(required = false)
+	public void setSessionRepositoryCustomizers(
+			ObjectProvider<SessionRepositoryCustomizer<MongoIndexedSessionRepository>> sessionRepositoryCustomizers) {
+		this.sessionRepositoryCustomizers = sessionRepositoryCustomizers.orderedStream().collect(Collectors.toList());
+	}
+
+	@Override
+	public void setBeanClassLoader(ClassLoader classLoader) {
+		this.classLoader = classLoader;
+	}
+
+	@Override
+	public void setEmbeddedValueResolver(StringValueResolver resolver) {
+		this.embeddedValueResolver = resolver;
+	}
+
+	@Autowired(required = false)
+	public void setIndexResolver(IndexResolver<MongoSession> indexResolver) {
+		this.indexResolver = indexResolver;
+	}
+
+}

spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/config/annotation/web/reactive/EnableMongoWebSession.java

@@ -0,0 +1,69 @@
+/*
+ * Copyright 2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.session.data.mongo.config.annotation.web.reactive;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Import;
+import org.springframework.session.data.mongo.ReactiveMongoSessionRepository;
+
+/**
+ * Add this annotation to a {@code @Configuration} class to configure a MongoDB-based
+ * {@code WebSessionManager} for a WebFlux application. This annotation assumes a
+ * {@code ReactorMongoOperations} is defined somewhere in the application context. If not,
+ * it will fail with a clear error messages. For example:
+ *
+ * <pre>
+ * <code>
+ * {@literal @Configuration}
+ * {@literal @EnableMongoWebSession}
+ * public class SpringWebFluxConfig {
+ *
+ *     {@literal @Bean}
+ *     public ReactorMongoOperations operations() {
+ *         return new MaReactorMongoOperations(...);
+ *     }
+ *
+ * }
+ * </code> </pre>
+ *
+ * @author Greg Turnquist
+ * @author Vedran Pavić
+ * @since 2.0
+ */
+@Retention(java.lang.annotation.RetentionPolicy.RUNTIME)
+@Target({ java.lang.annotation.ElementType.TYPE })
+@Documented
+@Import(ReactiveMongoWebSessionConfiguration.class)
+@Configuration(proxyBeanMethods = false)
+public @interface EnableMongoWebSession {
+
+	/**
+	 * The maximum time a session will be kept if it is inactive.
+	 * @return default max inactive interval in seconds
+	 */
+	int maxInactiveIntervalInSeconds() default ReactiveMongoSessionRepository.DEFAULT_INACTIVE_INTERVAL;
+
+	/**
+	 * The collection name to use.
+	 * @return name of the collection to store session
+	 */
+	String collectionName() default ReactiveMongoSessionRepository.DEFAULT_COLLECTION_NAME;
+
+}

spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/config/annotation/web/reactive/ReactiveMongoWebSessionConfiguration.java

@@ -0,0 +1,178 @@
+/*
+ * Copyright 2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.session.data.mongo.config.annotation.web.reactive;
+
+import java.time.Duration;
+import java.util.List;
+import java.util.stream.Collectors;
+
+import org.springframework.beans.factory.BeanClassLoaderAware;
+import org.springframework.beans.factory.ObjectProvider;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.EmbeddedValueResolverAware;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.ImportAware;
+import org.springframework.core.annotation.AnnotationAttributes;
+import org.springframework.core.serializer.support.DeserializingConverter;
+import org.springframework.core.serializer.support.SerializingConverter;
+import org.springframework.core.type.AnnotationMetadata;
+import org.springframework.data.mongodb.core.MongoOperations;
+import org.springframework.data.mongodb.core.ReactiveMongoOperations;
+import org.springframework.session.IndexResolver;
+import org.springframework.session.config.ReactiveSessionRepositoryCustomizer;
+import org.springframework.session.config.annotation.web.server.SpringWebSessionConfiguration;
+import org.springframework.session.data.mongo.AbstractMongoSessionConverter;
+import org.springframework.session.data.mongo.JdkMongoSessionConverter;
+import org.springframework.session.data.mongo.MongoSession;
+import org.springframework.session.data.mongo.ReactiveMongoSessionRepository;
+import org.springframework.util.StringUtils;
+import org.springframework.util.StringValueResolver;
+
+/**
+ * Configure a {@link ReactiveMongoSessionRepository} using a provided
+ * {@link ReactiveMongoOperations}.
+ *
+ * @author Greg Turnquist
+ * @author Vedran Pavić
+ */
+@Configuration(proxyBeanMethods = false)
+public class ReactiveMongoWebSessionConfiguration extends SpringWebSessionConfiguration
+		implements BeanClassLoaderAware, EmbeddedValueResolverAware, ImportAware {
+
+	private AbstractMongoSessionConverter mongoSessionConverter;
+
+	private Integer maxInactiveIntervalInSeconds;
+
+	private String collectionName;
+
+	private StringValueResolver embeddedValueResolver;
+
+	private List<ReactiveSessionRepositoryCustomizer<ReactiveMongoSessionRepository>> sessionRepositoryCustomizers;
+
+	@Autowired(required = false)
+	private MongoOperations mongoOperations;
+
+	private ClassLoader classLoader;
+
+	private IndexResolver<MongoSession> indexResolver;
+
+	@Bean
+	public ReactiveMongoSessionRepository reactiveMongoSessionRepository(ReactiveMongoOperations operations) {
+
+		ReactiveMongoSessionRepository repository = new ReactiveMongoSessionRepository(operations);
+
+		if (this.mongoSessionConverter != null) {
+			repository.setMongoSessionConverter(this.mongoSessionConverter);
+
+			if (this.indexResolver != null) {
+				this.mongoSessionConverter.setIndexResolver(this.indexResolver);
+			}
+
+		}
+		else {
+			JdkMongoSessionConverter mongoSessionConverter = new JdkMongoSessionConverter(new SerializingConverter(),
+					new DeserializingConverter(this.classLoader),
+					Duration.ofSeconds(ReactiveMongoSessionRepository.DEFAULT_INACTIVE_INTERVAL));
+
+			if (this.indexResolver != null) {
+				mongoSessionConverter.setIndexResolver(this.indexResolver);
+			}
+
+			repository.setMongoSessionConverter(mongoSessionConverter);
+		}
+
+		if (this.maxInactiveIntervalInSeconds != null) {
+			repository.setMaxInactiveIntervalInSeconds(this.maxInactiveIntervalInSeconds);
+		}
+
+		if (this.collectionName != null) {
+			repository.setCollectionName(this.collectionName);
+		}
+
+		if (this.mongoOperations != null) {
+			repository.setBlockingMongoOperations(this.mongoOperations);
+		}
+
+		this.sessionRepositoryCustomizers
+				.forEach((sessionRepositoryCustomizer) -> sessionRepositoryCustomizer.customize(repository));
+
+		return repository;
+	}
+
+	@Autowired(required = false)
+	public void setMongoSessionConverter(AbstractMongoSessionConverter mongoSessionConverter) {
+		this.mongoSessionConverter = mongoSessionConverter;
+	}
+
+	@Override
+	public void setImportMetadata(AnnotationMetadata importMetadata) {
+
+		AnnotationAttributes attributes = AnnotationAttributes
+				.fromMap(importMetadata.getAnnotationAttributes(EnableMongoWebSession.class.getName()));
+
+		if (attributes != null) {
+			this.maxInactiveIntervalInSeconds = attributes.getNumber("maxInactiveIntervalInSeconds");
+		}
+		else {
+			this.maxInactiveIntervalInSeconds = ReactiveMongoSessionRepository.DEFAULT_INACTIVE_INTERVAL;
+		}
+
+		String collectionNameValue = (attributes != null) ? attributes.getString("collectionName") : "";
+		if (StringUtils.hasText(collectionNameValue)) {
+			this.collectionName = this.embeddedValueResolver.resolveStringValue(collectionNameValue);
+		}
+
+	}
+
+	@Override
+	public void setBeanClassLoader(ClassLoader classLoader) {
+		this.classLoader = classLoader;
+	}
+
+	@Override
+	public void setEmbeddedValueResolver(StringValueResolver embeddedValueResolver) {
+		this.embeddedValueResolver = embeddedValueResolver;
+	}
+
+	public Integer getMaxInactiveIntervalInSeconds() {
+		return this.maxInactiveIntervalInSeconds;
+	}
+
+	public void setMaxInactiveIntervalInSeconds(Integer maxInactiveIntervalInSeconds) {
+		this.maxInactiveIntervalInSeconds = maxInactiveIntervalInSeconds;
+	}
+
+	public String getCollectionName() {
+		return this.collectionName;
+	}
+
+	public void setCollectionName(String collectionName) {
+		this.collectionName = collectionName;
+	}
+
+	@Autowired(required = false)
+	public void setSessionRepositoryCustomizers(
+			ObjectProvider<ReactiveSessionRepositoryCustomizer<ReactiveMongoSessionRepository>> sessionRepositoryCustomizers) {
+		this.sessionRepositoryCustomizers = sessionRepositoryCustomizers.orderedStream().collect(Collectors.toList());
+	}
+
+	@Autowired(required = false)
+	public void setIndexResolver(IndexResolver<MongoSession> indexResolver) {
+		this.indexResolver = indexResolver;
+	}
+
+}

spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/package-info.java

@@ -0,0 +1,25 @@
+/*
+ * Copyright 2019 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * Spring Session MongoDB support.
+ *
+ * @author Greg Turnquist
+ */
+@NonNullApi
+package org.springframework.session.data.mongo;
+
+import org.springframework.lang.NonNullApi;

spring-session-data-mongodb/src/test/java/org/springframework/session/data/mongo/AbstractMongoSessionConverterTest.java

@@ -0,0 +1,141 @@
+/*
+ * Copyright 2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.session.data.mongo;
+
+import java.time.Duration;
+
+import com.mongodb.DBObject;
+import org.bson.Document;
+import org.junit.jupiter.api.Test;
+
+import org.springframework.core.convert.TypeDescriptor;
+import org.springframework.lang.Nullable;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextImpl;
+import org.springframework.session.FindByIndexNameSessionRepository;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * @author Greg Turnquist
+ */
+public abstract class AbstractMongoSessionConverterTest {
+
+	abstract AbstractMongoSessionConverter getMongoSessionConverter();
+
+	@Test
+	void verifyRoundTripSerialization() throws Exception {
+
+		// given
+		MongoSession toSerialize = new MongoSession();
+		toSerialize.setAttribute("username", "john_the_springer");
+
+		// when
+		DBObject dbObject = convertToDBObject(toSerialize);
+		MongoSession deserialized = convertToSession(dbObject);
+
+		// then
+		assertThat(deserialized).isEqualToComparingFieldByField(toSerialize);
+	}
+
+	@Test
+	void verifyRoundTripSecuritySerialization() {
+
+		// given
+		MongoSession toSerialize = new MongoSession();
+		String principalName = "john_the_springer";
+		SecurityContextImpl context = new SecurityContextImpl();
+		context.setAuthentication(new UsernamePasswordAuthenticationToken(principalName, null));
+		toSerialize.setAttribute("SPRING_SECURITY_CONTEXT", context);
+
+		// when
+		DBObject serialized = convertToDBObject(toSerialize);
+		MongoSession deserialized = convertToSession(serialized);
+
+		// then
+		assertThat(deserialized).isEqualToComparingOnlyGivenFields(toSerialize, "id", "createdMillis", "accessedMillis",
+				"intervalSeconds", "expireAt");
+
+		SecurityContextImpl springSecurityContextBefore = toSerialize.getAttribute("SPRING_SECURITY_CONTEXT");
+		SecurityContextImpl springSecurityContextAfter = deserialized.getAttribute("SPRING_SECURITY_CONTEXT");
+
+		assertThat(springSecurityContextBefore).isEqualToComparingOnlyGivenFields(springSecurityContextAfter,
+				"authentication.principal", "authentication.authorities", "authentication.authenticated");
+		assertThat(springSecurityContextAfter.getAuthentication().getPrincipal()).isEqualTo("john_the_springer");
+		assertThat(springSecurityContextAfter.getAuthentication().getCredentials()).isNull();
+	}
+
+	@Test
+	void shouldExtractPrincipalNameFromAttributes() throws Exception {
+
+		// given
+		MongoSession toSerialize = new MongoSession();
+		String principalName = "john_the_springer";
+		toSerialize.setAttribute(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME, principalName);
+
+		// when
+		DBObject dbObject = convertToDBObject(toSerialize);
+
+		// then
+		assertThat(dbObject.get("principal")).isEqualTo(principalName);
+	}
+
+	@Test
+	void shouldExtractPrincipalNameFromAuthentication() throws Exception {
+
+		// given
+		MongoSession toSerialize = new MongoSession();
+		String principalName = "john_the_springer";
+		SecurityContextImpl context = new SecurityContextImpl();
+		context.setAuthentication(new UsernamePasswordAuthenticationToken(principalName, null));
+		toSerialize.setAttribute("SPRING_SECURITY_CONTEXT", context);
+
+		// when
+		DBObject dbObject = convertToDBObject(toSerialize);
+
+		// then
+		assertThat(dbObject.get("principal")).isEqualTo(principalName);
+	}
+
+	@Test
+	void sessionWrapperWithNoMaxIntervalShouldFallbackToDefaultValues() {
+
+		// given
+		MongoSession toSerialize = new MongoSession();
+		DBObject dbObject = convertToDBObject(toSerialize);
+		Document document = new Document(dbObject.toMap());
+		document.remove("interval");
+
+		// when
+		MongoSession convertedSession = getMongoSessionConverter().convert(document);
+
+		// then
+		assertThat(convertedSession.getMaxInactiveInterval()).isEqualTo(Duration.ofMinutes(30));
+	}
+
+	@Nullable
+	MongoSession convertToSession(DBObject session) {
+		return (MongoSession) getMongoSessionConverter().convert(session, TypeDescriptor.valueOf(DBObject.class),
+				TypeDescriptor.valueOf(MongoSession.class));
+	}
+
+	@Nullable
+	DBObject convertToDBObject(MongoSession session) {
+		return (DBObject) getMongoSessionConverter().convert(session, TypeDescriptor.valueOf(MongoSession.class),
+				TypeDescriptor.valueOf(DBObject.class));
+	}
+
+}

spring-session-data-mongodb/src/test/java/org/springframework/session/data/mongo/JacksonMongoSessionConverterTest.java

@@ -0,0 +1,129 @@
+/*
+ * Copyright 2014-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.session.data.mongo;
+
+import java.lang.reflect.Field;
+import java.util.Date;
+import java.util.HashMap;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.mongodb.DBObject;
+import org.assertj.core.api.Assertions;
+import org.assertj.core.api.AssertionsForClassTypes;
+import org.bson.Document;
+import org.bson.types.ObjectId;
+import org.junit.jupiter.api.Test;
+
+import org.springframework.data.mongodb.core.query.Query;
+import org.springframework.util.ReflectionUtils;
+
+/**
+ * @author Jakub Kubrynski
+ * @author Greg Turnquist
+ */
+public class JacksonMongoSessionConverterTest extends AbstractMongoSessionConverterTest {
+
+	JacksonMongoSessionConverter mongoSessionConverter = new JacksonMongoSessionConverter();
+
+	@Override
+	AbstractMongoSessionConverter getMongoSessionConverter() {
+		return this.mongoSessionConverter;
+	}
+
+	@Test
+	void shouldSaveIdField() {
+
+		// given
+		MongoSession session = new MongoSession();
+
+		// when
+		DBObject convert = this.mongoSessionConverter.convert(session);
+
+		// then
+		AssertionsForClassTypes.assertThat(convert.get("_id")).isEqualTo(session.getId());
+		AssertionsForClassTypes.assertThat(convert.get("id")).isNull();
+	}
+
+	@Test
+	void shouldQueryAgainstAttribute() throws Exception {
+
+		// when
+		Query cart = this.mongoSessionConverter.getQueryForIndex("cart", "my-cart");
+
+		// then
+		AssertionsForClassTypes.assertThat(cart.getQueryObject().get("attrs.cart")).isEqualTo("my-cart");
+	}
+
+	@Test
+	void shouldAllowCustomObjectMapper() {
+
+		// given
+		ObjectMapper myMapper = new ObjectMapper();
+
+		// when
+		JacksonMongoSessionConverter converter = new JacksonMongoSessionConverter(myMapper);
+
+		// then
+		Field objectMapperField = ReflectionUtils.findField(JacksonMongoSessionConverter.class, "objectMapper");
+		ReflectionUtils.makeAccessible(objectMapperField);
+		ObjectMapper converterMapper = (ObjectMapper) ReflectionUtils.getField(objectMapperField, converter);
+
+		AssertionsForClassTypes.assertThat(converterMapper).isEqualTo(myMapper);
+	}
+
+	@Test
+	void shouldNotAllowNullObjectMapperToBeInjected() {
+
+		Assertions.assertThatIllegalArgumentException()
+				.isThrownBy(() -> new JacksonMongoSessionConverter((ObjectMapper) null));
+	}
+
+	@Test
+	void shouldSaveExpireAtAsDate() {
+
+		// given
+		MongoSession session = new MongoSession();
+
+		// when
+		DBObject convert = this.mongoSessionConverter.convert(session);
+
+		// then
+		AssertionsForClassTypes.assertThat(convert.get("expireAt")).isInstanceOf(Date.class);
+		AssertionsForClassTypes.assertThat(convert.get("expireAt")).isEqualTo(session.getExpireAt());
+	}
+
+	@Test
+	void shouldLoadExpireAtFromDocument() {
+
+		// given
+		Date now = new Date();
+		HashMap<String, Object> data = new HashMap<>();
+
+		data.put("expireAt", now);
+		data.put("@class", MongoSession.class.getName());
+		data.put("_id", new ObjectId().toString());
+
+		Document document = new Document(data);
+
+		// when
+		MongoSession convertedSession = this.mongoSessionConverter.convert(document);
+
+		// then
+		AssertionsForClassTypes.assertThat(convertedSession).isNotNull();
+		AssertionsForClassTypes.assertThat(convertedSession.getExpireAt()).isEqualTo(now);
+	}
+
+}

spring-session-data-mongodb/src/test/java/org/springframework/session/data/mongo/JdkMongoSessionConverterTest.java

@@ -0,0 +1,55 @@
+/*
+ * Copyright 2014-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.session.data.mongo;
+
+import java.time.Duration;
+
+import org.junit.jupiter.api.Test;
+
+import org.springframework.core.serializer.support.DeserializingConverter;
+import org.springframework.core.serializer.support.SerializingConverter;
+
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+
+/**
+ * @author Jakub Kubrynski
+ * @author Rob Winch
+ * @author Greg Turnquist
+ */
+public class JdkMongoSessionConverterTest extends AbstractMongoSessionConverterTest {
+
+	Duration inactiveInterval = Duration.ofMinutes(30);
+
+	JdkMongoSessionConverter mongoSessionConverter = new JdkMongoSessionConverter(this.inactiveInterval);
+
+	@Override
+	AbstractMongoSessionConverter getMongoSessionConverter() {
+		return this.mongoSessionConverter;
+	}
+
+	@Test
+	void constructorNullSerializer() {
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> new JdkMongoSessionConverter(null, new DeserializingConverter(), this.inactiveInterval));
+	}
+
+	@Test
+	void constructorNullDeserializer() {
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> new JdkMongoSessionConverter(new SerializingConverter(), null, this.inactiveInterval));
+	}
+
+}

spring-session-data-mongodb/src/test/java/org/springframework/session/data/mongo/MongoIndexedSessionRepositoryTest.java

@@ -0,0 +1,225 @@
+/*
+ * Copyright 2014-2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.data.mongo;
+
+import java.util.Collections;
+import java.util.Map;
+import java.util.UUID;
+
+import com.mongodb.BasicDBObject;
+import com.mongodb.DBObject;
+import org.bson.Document;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+
+import org.springframework.core.convert.TypeDescriptor;
+import org.springframework.data.mongodb.core.MongoOperations;
+import org.springframework.data.mongodb.core.query.Query;
+import org.springframework.session.FindByIndexNameSessionRepository;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.BDDMockito.mock;
+import static org.mockito.BDDMockito.verify;
+
+/**
+ * Tests for {@link MongoIndexedSessionRepository}.
+ *
+ * @author Jakub Kubrynski
+ * @author Vedran Pavic
+ * @author Greg Turnquist
+ */
+@ExtendWith(MockitoExtension.class)
+public class MongoIndexedSessionRepositoryTest {
+
+	@Mock
+	private AbstractMongoSessionConverter converter;
+
+	@Mock
+	private MongoOperations mongoOperations;
+
+	private MongoIndexedSessionRepository repository;
+
+	@BeforeEach
+	void setUp() {
+
+		this.repository = new MongoIndexedSessionRepository(this.mongoOperations);
+		this.repository.setMongoSessionConverter(this.converter);
+	}
+
+	@Test
+	void shouldCreateSession() {
+
+		// when
+		MongoSession session = this.repository.createSession();
+
+		// then
+		assertThat(session.getId()).isNotEmpty();
+		assertThat(session.getMaxInactiveInterval().getSeconds())
+				.isEqualTo(MongoIndexedSessionRepository.DEFAULT_INACTIVE_INTERVAL);
+	}
+
+	@Test
+	void shouldCreateSessionWhenMaxInactiveIntervalNotDefined() {
+
+		// when
+		this.repository.setMaxInactiveIntervalInSeconds(null);
+		MongoSession session = this.repository.createSession();
+
+		// then
+		assertThat(session.getId()).isNotEmpty();
+		assertThat(session.getMaxInactiveInterval().getSeconds())
+				.isEqualTo(MongoIndexedSessionRepository.DEFAULT_INACTIVE_INTERVAL);
+	}
+
+	@Test
+	void shouldSaveSession() {
+
+		// given
+		MongoSession session = new MongoSession();
+		BasicDBObject dbSession = new BasicDBObject();
+
+		given(this.converter.convert(session, TypeDescriptor.valueOf(MongoSession.class),
+				TypeDescriptor.valueOf(DBObject.class))).willReturn(dbSession);
+		// when
+		this.repository.save(session);
+
+		// then
+		verify(this.mongoOperations).save(dbSession, MongoIndexedSessionRepository.DEFAULT_COLLECTION_NAME);
+	}
+
+	@Test
+	void shouldGetSession() {
+
+		// given
+		String sessionId = UUID.randomUUID().toString();
+		Document sessionDocument = new Document();
+
+		given(this.mongoOperations.findById(sessionId, Document.class,
+				MongoIndexedSessionRepository.DEFAULT_COLLECTION_NAME)).willReturn(sessionDocument);
+
+		MongoSession session = new MongoSession();
+
+		given(this.converter.convert(sessionDocument, TypeDescriptor.valueOf(Document.class),
+				TypeDescriptor.valueOf(MongoSession.class))).willReturn(session);
+
+		// when
+		MongoSession retrievedSession = this.repository.findById(sessionId);
+
+		// then
+		assertThat(retrievedSession).isEqualTo(session);
+	}
+
+	@Test
+	void shouldHandleExpiredSession() {
+
+		// given
+		String sessionId = UUID.randomUUID().toString();
+		Document sessionDocument = new Document();
+
+		given(this.mongoOperations.findById(sessionId, Document.class,
+				MongoIndexedSessionRepository.DEFAULT_COLLECTION_NAME)).willReturn(sessionDocument);
+
+		MongoSession session = mock(MongoSession.class);
+
+		given(session.isExpired()).willReturn(true);
+		given(this.converter.convert(sessionDocument, TypeDescriptor.valueOf(Document.class),
+				TypeDescriptor.valueOf(MongoSession.class))).willReturn(session);
+		given(session.getId()).willReturn("sessionId");
+
+		// when
+		this.repository.findById(sessionId);
+
+		// then
+		verify(this.mongoOperations).remove(any(Document.class),
+				eq(MongoIndexedSessionRepository.DEFAULT_COLLECTION_NAME));
+	}
+
+	@Test
+	void shouldDeleteSession() {
+
+		// given
+		String sessionId = UUID.randomUUID().toString();
+
+		Document sessionDocument = new Document();
+		sessionDocument.put("id", sessionId);
+
+		MongoSession mongoSession = new MongoSession(sessionId,
+				MongoIndexedSessionRepository.DEFAULT_INACTIVE_INTERVAL);
+
+		given(this.converter.convert(sessionDocument, TypeDescriptor.valueOf(Document.class),
+				TypeDescriptor.valueOf(MongoSession.class))).willReturn(mongoSession);
+		given(this.mongoOperations.findById(eq(sessionId), eq(Document.class),
+				eq(MongoIndexedSessionRepository.DEFAULT_COLLECTION_NAME))).willReturn(sessionDocument);
+
+		// when
+		this.repository.deleteById(sessionId);
+
+		// then
+		verify(this.mongoOperations).remove(any(Document.class),
+				eq(MongoIndexedSessionRepository.DEFAULT_COLLECTION_NAME));
+	}
+
+	@Test
+	void shouldGetSessionsMapByPrincipal() {
+
+		// given
+		String principalNameIndexName = FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME;
+
+		Document document = new Document();
+
+		given(this.converter.getQueryForIndex(anyString(), any(Object.class))).willReturn(mock(Query.class));
+		given(this.mongoOperations.find(any(Query.class), eq(Document.class),
+				eq(MongoIndexedSessionRepository.DEFAULT_COLLECTION_NAME)))
+						.willReturn(Collections.singletonList(document));
+
+		String sessionId = UUID.randomUUID().toString();
+
+		MongoSession session = new MongoSession(sessionId, 1800);
+
+		given(this.converter.convert(document, TypeDescriptor.valueOf(Document.class),
+				TypeDescriptor.valueOf(MongoSession.class))).willReturn(session);
+
+		// when
+		Map<String, MongoSession> sessionsMap = this.repository.findByIndexNameAndIndexValue(principalNameIndexName,
+				"john");
+
+		// then
+		assertThat(sessionsMap).containsOnlyKeys(sessionId);
+		assertThat(sessionsMap).containsValues(session);
+	}
+
+	@Test
+	void shouldReturnEmptyMapForNotSupportedIndex() {
+
+		// given
+		String index = "some_not_supported_index_name";
+
+		// when
+		Map<String, MongoSession> sessionsMap = this.repository.findByIndexNameAndIndexValue(index, "some_value");
+
+		// then
+		assertThat(sessionsMap).isEmpty();
+	}
+
+}

spring-session-data-mongodb/src/test/java/org/springframework/session/data/mongo/MongoSessionTest.java

@@ -0,0 +1,42 @@
+/*
+ * Copyright 2014-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.data.mongo;
+
+import java.time.Duration;
+import java.time.Instant;
+
+import org.junit.jupiter.api.Test;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * @author Rob Winch
+ * @author Greg Turnquist
+ */
+public class MongoSessionTest {
+
+	@Test
+	void isExpiredWhenIntervalNegativeThenFalse() {
+
+		MongoSession session = new MongoSession();
+		session.setMaxInactiveInterval(Duration.ofSeconds(-1));
+		session.setLastAccessedTime(Instant.ofEpochMilli(0L));
+
+		assertThat(session.isExpired()).isFalse();
+	}
+
+}

spring-session-data-mongodb/src/test/java/org/springframework/session/data/mongo/ReactiveMongoSessionRepositoryTest.java

@@ -0,0 +1,229 @@
+/*
+ * Copyright 2014-2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.data.mongo;
+
+import java.util.UUID;
+
+import com.mongodb.BasicDBObject;
+import com.mongodb.DBObject;
+import com.mongodb.client.result.DeleteResult;
+import org.bson.Document;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+import reactor.core.publisher.Mono;
+import reactor.test.StepVerifier;
+
+import org.springframework.context.ApplicationEventPublisher;
+import org.springframework.core.convert.TypeDescriptor;
+import org.springframework.data.mongodb.core.MongoOperations;
+import org.springframework.data.mongodb.core.ReactiveMongoOperations;
+import org.springframework.data.mongodb.core.index.IndexOperations;
+import org.springframework.session.events.SessionDeletedEvent;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.BDDMockito.any;
+import static org.mockito.BDDMockito.eq;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.BDDMockito.mock;
+import static org.mockito.BDDMockito.times;
+import static org.mockito.BDDMockito.verify;
+
+/**
+ * Tests for {@link ReactiveMongoSessionRepository}.
+ *
+ * @author Jakub Kubrynski
+ * @author Vedran Pavic
+ * @author Greg Turnquist
+ */
+@ExtendWith(MockitoExtension.class)
+public class ReactiveMongoSessionRepositoryTest {
+
+	@Mock
+	private AbstractMongoSessionConverter converter;
+
+	@Mock
+	private ReactiveMongoOperations mongoOperations;
+
+	@Mock
+	private MongoOperations blockingMongoOperations;
+
+	@Mock
+	private ApplicationEventPublisher eventPublisher;
+
+	private ReactiveMongoSessionRepository repository;
+
+	@BeforeEach
+	void setUp() {
+
+		this.repository = new ReactiveMongoSessionRepository(this.mongoOperations);
+		this.repository.setMongoSessionConverter(this.converter);
+		this.repository.setApplicationEventPublisher(this.eventPublisher);
+	}
+
+	@Test
+	void shouldCreateSession() {
+
+		this.repository.createSession() //
+				.as(StepVerifier::create) //
+				.expectNextMatches((mongoSession) -> {
+					assertThat(mongoSession.getId()).isNotEmpty();
+					assertThat(mongoSession.getMaxInactiveInterval().getSeconds())
+							.isEqualTo(ReactiveMongoSessionRepository.DEFAULT_INACTIVE_INTERVAL);
+					return true;
+				}) //
+				.verifyComplete();
+	}
+
+	@Test
+	void shouldCreateSessionWhenMaxInactiveIntervalNotDefined() {
+
+		// when
+		this.repository.setMaxInactiveIntervalInSeconds(null);
+
+		// then
+		this.repository.createSession() //
+				.as(StepVerifier::create) //
+				.expectNextMatches((mongoSession) -> {
+					assertThat(mongoSession.getId()).isNotEmpty();
+					assertThat(mongoSession.getMaxInactiveInterval().getSeconds())
+							.isEqualTo(ReactiveMongoSessionRepository.DEFAULT_INACTIVE_INTERVAL);
+					return true;
+				}) //
+				.verifyComplete();
+	}
+
+	@Test
+	void shouldSaveSession() {
+
+		// given
+		MongoSession session = new MongoSession();
+		BasicDBObject dbSession = new BasicDBObject();
+
+		given(this.converter.convert(session, TypeDescriptor.valueOf(MongoSession.class),
+				TypeDescriptor.valueOf(DBObject.class))).willReturn(dbSession);
+
+		given(this.mongoOperations.save(dbSession, "sessions")).willReturn(Mono.just(dbSession));
+
+		// when
+		this.repository.save(session) //
+				.as(StepVerifier::create) //
+				.verifyComplete();
+
+		verify(this.mongoOperations).save(dbSession, ReactiveMongoSessionRepository.DEFAULT_COLLECTION_NAME);
+	}
+
+	@Test
+	void shouldGetSession() {
+
+		// given
+		String sessionId = UUID.randomUUID().toString();
+		Document sessionDocument = new Document();
+
+		given(this.mongoOperations.findById(sessionId, Document.class,
+				ReactiveMongoSessionRepository.DEFAULT_COLLECTION_NAME)).willReturn(Mono.just(sessionDocument));
+
+		MongoSession session = new MongoSession();
+
+		given(this.converter.convert(sessionDocument, TypeDescriptor.valueOf(Document.class),
+				TypeDescriptor.valueOf(MongoSession.class))).willReturn(session);
+
+		// when
+		this.repository.findById(sessionId) //
+				.as(StepVerifier::create) //
+				.expectNext(session) //
+				.verifyComplete();
+	}
+
+	@Test
+	void shouldHandleExpiredSession() {
+
+		// given
+		String sessionId = UUID.randomUUID().toString();
+		Document sessionDocument = new Document();
+
+		given(this.mongoOperations.findById(sessionId, Document.class,
+				ReactiveMongoSessionRepository.DEFAULT_COLLECTION_NAME)).willReturn(Mono.just(sessionDocument));
+
+		given(this.mongoOperations.remove(sessionDocument, ReactiveMongoSessionRepository.DEFAULT_COLLECTION_NAME))
+				.willReturn(Mono.just(DeleteResult.acknowledged(1)));
+
+		MongoSession session = mock(MongoSession.class);
+
+		given(session.isExpired()).willReturn(true);
+		given(this.converter.convert(sessionDocument, TypeDescriptor.valueOf(Document.class),
+				TypeDescriptor.valueOf(MongoSession.class))).willReturn(session);
+
+		// when
+		this.repository.findById(sessionId) //
+				.as(StepVerifier::create) //
+				.verifyComplete();
+
+		// then
+		verify(this.mongoOperations).remove(any(Document.class),
+				eq(ReactiveMongoSessionRepository.DEFAULT_COLLECTION_NAME));
+	}
+
+	@Test
+	void shouldDeleteSession() {
+
+		// given
+		String sessionId = UUID.randomUUID().toString();
+		Document sessionDocument = new Document();
+
+		given(this.mongoOperations.findById(sessionId, Document.class,
+				ReactiveMongoSessionRepository.DEFAULT_COLLECTION_NAME)).willReturn(Mono.just(sessionDocument));
+
+		given(this.mongoOperations.remove(sessionDocument, "sessions"))
+				.willReturn(Mono.just(DeleteResult.acknowledged(1)));
+
+		MongoSession session = mock(MongoSession.class);
+
+		given(this.converter.convert(sessionDocument, TypeDescriptor.valueOf(Document.class),
+				TypeDescriptor.valueOf(MongoSession.class))).willReturn(session);
+
+		// when
+		this.repository.deleteById(sessionId) //
+				.as(StepVerifier::create) //
+				.verifyComplete();
+
+		verify(this.mongoOperations).remove(any(Document.class),
+				eq(ReactiveMongoSessionRepository.DEFAULT_COLLECTION_NAME));
+
+		verify(this.eventPublisher).publishEvent(any(SessionDeletedEvent.class));
+	}
+
+	@Test
+	void shouldInvokeMethodToCreateIndexesImperatively() {
+
+		// given
+		IndexOperations indexOperations = mock(IndexOperations.class);
+		given(this.blockingMongoOperations.indexOps((String) any())).willReturn(indexOperations);
+
+		this.repository.setBlockingMongoOperations(this.blockingMongoOperations);
+
+		// when
+		this.repository.afterPropertiesSet();
+
+		// then
+		verify(this.blockingMongoOperations, times(1)).indexOps((String) any());
+		verify(this.converter, times(1)).ensureIndexes(indexOperations);
+	}
+
+}

spring-session-data-mongodb/src/test/java/org/springframework/session/data/mongo/config/annotation/web/http/MongoHttpSessionConfigurationTest.java

@@ -0,0 +1,334 @@
+/*
+ * Copyright 2014-2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.session.data.mongo.config.annotation.web.http;
+
+import java.net.UnknownHostException;
+
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.Order;
+import org.junit.jupiter.api.Test;
+
+import org.springframework.beans.factory.UnsatisfiedDependencyException;
+import org.springframework.context.annotation.AnnotationConfigApplicationContext;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Import;
+import org.springframework.context.support.PropertySourcesPlaceholderConfigurer;
+import org.springframework.data.mongodb.core.MongoOperations;
+import org.springframework.data.mongodb.core.index.IndexOperations;
+import org.springframework.mock.env.MockEnvironment;
+import org.springframework.session.IndexResolver;
+import org.springframework.session.config.SessionRepositoryCustomizer;
+import org.springframework.session.data.mongo.AbstractMongoSessionConverter;
+import org.springframework.session.data.mongo.JacksonMongoSessionConverter;
+import org.springframework.session.data.mongo.MongoIndexedSessionRepository;
+import org.springframework.session.data.mongo.MongoSession;
+import org.springframework.test.util.ReflectionTestUtils;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.BDDMockito.mock;
+
+/**
+ * Tests for {@link MongoHttpSessionConfiguration}.
+ *
+ * @author Eddú Meléndez
+ * @author Vedran Pavic
+ */
+public class MongoHttpSessionConfigurationTest {
+
+	private static final String COLLECTION_NAME = "testSessions";
+
+	private static final int MAX_INACTIVE_INTERVAL_IN_SECONDS = 600;
+
+	private AnnotationConfigApplicationContext context = new AnnotationConfigApplicationContext();
+
+	@AfterEach
+	void after() {
+
+		if (this.context != null) {
+			this.context.close();
+		}
+	}
+
+	@Test
+	void noMongoOperationsConfiguration() {
+
+		assertThatExceptionOfType(UnsatisfiedDependencyException.class)
+				.isThrownBy(() -> registerAndRefresh(EmptyConfiguration.class))
+				.withMessageContaining("mongoSessionRepository");
+	}
+
+	@Test
+	void defaultConfiguration() {
+
+		registerAndRefresh(DefaultConfiguration.class);
+
+		assertThat(this.context.getBean(MongoIndexedSessionRepository.class)).isNotNull();
+	}
+
+	@Test
+	void customCollectionName() {
+
+		registerAndRefresh(CustomCollectionNameConfiguration.class);
+
+		MongoIndexedSessionRepository repository = this.context.getBean(MongoIndexedSessionRepository.class);
+
+		assertThat(repository).isNotNull();
+		assertThat(ReflectionTestUtils.getField(repository, "collectionName")).isEqualTo(COLLECTION_NAME);
+	}
+
+	@Test
+	void setCustomCollectionName() {
+
+		registerAndRefresh(CustomCollectionNameSetConfiguration.class);
+
+		MongoHttpSessionConfiguration session = this.context.getBean(MongoHttpSessionConfiguration.class);
+
+		assertThat(session).isNotNull();
+		assertThat(ReflectionTestUtils.getField(session, "collectionName")).isEqualTo(COLLECTION_NAME);
+	}
+
+	@Test
+	void customMaxInactiveIntervalInSeconds() {
+
+		registerAndRefresh(CustomMaxInactiveIntervalInSecondsConfiguration.class);
+
+		MongoIndexedSessionRepository repository = this.context.getBean(MongoIndexedSessionRepository.class);
+
+		assertThat(repository).isNotNull();
+		assertThat(ReflectionTestUtils.getField(repository, "maxInactiveIntervalInSeconds"))
+				.isEqualTo(MAX_INACTIVE_INTERVAL_IN_SECONDS);
+	}
+
+	@Test
+	void setCustomMaxInactiveIntervalInSeconds() {
+
+		registerAndRefresh(CustomMaxInactiveIntervalInSecondsSetConfiguration.class);
+
+		MongoIndexedSessionRepository repository = this.context.getBean(MongoIndexedSessionRepository.class);
+
+		assertThat(repository).isNotNull();
+		assertThat(ReflectionTestUtils.getField(repository, "maxInactiveIntervalInSeconds"))
+				.isEqualTo(MAX_INACTIVE_INTERVAL_IN_SECONDS);
+	}
+
+	@Test
+	void setCustomSessionConverterConfiguration() {
+
+		registerAndRefresh(CustomSessionConverterConfiguration.class);
+
+		MongoIndexedSessionRepository repository = this.context.getBean(MongoIndexedSessionRepository.class);
+		AbstractMongoSessionConverter mongoSessionConverter = this.context.getBean(AbstractMongoSessionConverter.class);
+
+		assertThat(repository).isNotNull();
+		assertThat(mongoSessionConverter).isNotNull();
+		assertThat(ReflectionTestUtils.getField(repository, "mongoSessionConverter")).isEqualTo(mongoSessionConverter);
+	}
+
+	@Test
+	void resolveCollectionNameByPropertyPlaceholder() {
+
+		this.context
+				.setEnvironment(new MockEnvironment().withProperty("session.mongo.collectionName", COLLECTION_NAME));
+		registerAndRefresh(CustomMongoJdbcSessionConfiguration.class);
+
+		MongoHttpSessionConfiguration configuration = this.context.getBean(MongoHttpSessionConfiguration.class);
+
+		assertThat(ReflectionTestUtils.getField(configuration, "collectionName")).isEqualTo(COLLECTION_NAME);
+	}
+
+	@Test
+	void sessionRepositoryCustomizer() {
+
+		registerAndRefresh(MongoConfiguration.class, SessionRepositoryCustomizerConfiguration.class);
+
+		MongoIndexedSessionRepository sessionRepository = this.context.getBean(MongoIndexedSessionRepository.class);
+
+		assertThat(sessionRepository).hasFieldOrPropertyWithValue("maxInactiveIntervalInSeconds", 10000);
+	}
+
+	@Test
+	void customIndexResolverConfigurationWithDefaultMongoSessionConverter() {
+
+		registerAndRefresh(MongoConfiguration.class,
+				CustomIndexResolverConfigurationWithDefaultMongoSessionConverter.class);
+
+		MongoIndexedSessionRepository repository = this.context.getBean(MongoIndexedSessionRepository.class);
+		IndexResolver<MongoSession> indexResolver = this.context.getBean(IndexResolver.class);
+
+		assertThat(repository).isNotNull();
+		assertThat(indexResolver).isNotNull();
+		assertThat(repository).extracting("mongoSessionConverter").hasFieldOrPropertyWithValue("indexResolver",
+				indexResolver);
+	}
+
+	@Test
+	void customIndexResolverConfigurationWithProvidedMongoSessionConverter() {
+
+		registerAndRefresh(MongoConfiguration.class,
+				CustomIndexResolverConfigurationWithProvidedMongoSessionConverter.class);
+
+		MongoIndexedSessionRepository repository = this.context.getBean(MongoIndexedSessionRepository.class);
+		IndexResolver<MongoSession> indexResolver = this.context.getBean(IndexResolver.class);
+
+		assertThat(repository).isNotNull();
+		assertThat(indexResolver).isNotNull();
+		assertThat(repository).extracting("mongoSessionConverter").hasFieldOrPropertyWithValue("indexResolver",
+				indexResolver);
+	}
+
+	private void registerAndRefresh(Class<?>... annotatedClasses) {
+
+		this.context.register(annotatedClasses);
+		this.context.refresh();
+	}
+
+	@Configuration
+	@EnableMongoHttpSession
+	static class EmptyConfiguration {
+
+	}
+
+	static class BaseConfiguration {
+
+		@Bean
+		MongoOperations mongoOperations() throws UnknownHostException {
+
+			MongoOperations mongoOperations = mock(MongoOperations.class);
+			IndexOperations indexOperations = mock(IndexOperations.class);
+
+			given(mongoOperations.indexOps(anyString())).willReturn(indexOperations);
+
+			return mongoOperations;
+		}
+
+	}
+
+	@Configuration
+	@EnableMongoHttpSession
+	static class DefaultConfiguration extends BaseConfiguration {
+
+	}
+
+	@Configuration
+	static class MongoConfiguration extends BaseConfiguration {
+
+	}
+
+	@Configuration
+	@EnableMongoHttpSession(collectionName = COLLECTION_NAME)
+	static class CustomCollectionNameConfiguration extends BaseConfiguration {
+
+	}
+
+	@Configuration
+	@Import(MongoConfiguration.class)
+	static class CustomCollectionNameSetConfiguration extends MongoHttpSessionConfiguration {
+
+		CustomCollectionNameSetConfiguration() {
+			setCollectionName(COLLECTION_NAME);
+		}
+
+	}
+
+	@Configuration
+	@EnableMongoHttpSession(maxInactiveIntervalInSeconds = MAX_INACTIVE_INTERVAL_IN_SECONDS)
+	static class CustomMaxInactiveIntervalInSecondsConfiguration extends BaseConfiguration {
+
+	}
+
+	@Configuration
+	@Import(MongoConfiguration.class)
+	static class CustomMaxInactiveIntervalInSecondsSetConfiguration extends MongoHttpSessionConfiguration {
+
+		CustomMaxInactiveIntervalInSecondsSetConfiguration() {
+			setMaxInactiveIntervalInSeconds(MAX_INACTIVE_INTERVAL_IN_SECONDS);
+		}
+
+	}
+
+	@Configuration
+	@Import(MongoConfiguration.class)
+	static class CustomSessionConverterConfiguration extends MongoHttpSessionConfiguration {
+
+		@Bean
+		AbstractMongoSessionConverter mongoSessionConverter() {
+			return mock(AbstractMongoSessionConverter.class);
+		}
+
+	}
+
+	@Configuration
+	@EnableMongoHttpSession(collectionName = "${session.mongo.collectionName}")
+	static class CustomMongoJdbcSessionConfiguration extends BaseConfiguration {
+
+		@Bean
+		PropertySourcesPlaceholderConfigurer propertySourcesPlaceholderConfigurer() {
+			return new PropertySourcesPlaceholderConfigurer();
+		}
+
+	}
+
+	@EnableMongoHttpSession
+	static class SessionRepositoryCustomizerConfiguration {
+
+		@Bean
+		@Order(0)
+		SessionRepositoryCustomizer<MongoIndexedSessionRepository> sessionRepositoryCustomizerOne() {
+			return (sessionRepository) -> sessionRepository.setMaxInactiveIntervalInSeconds(0);
+		}
+
+		@Bean
+		@Order(1)
+		SessionRepositoryCustomizer<MongoIndexedSessionRepository> sessionRepositoryCustomizerTwo() {
+			return (sessionRepository) -> sessionRepository.setMaxInactiveIntervalInSeconds(10000);
+		}
+
+	}
+
+	@Configuration
+	@EnableMongoHttpSession
+	static class CustomIndexResolverConfigurationWithDefaultMongoSessionConverter {
+
+		@Bean
+		@SuppressWarnings("unchecked")
+		IndexResolver<MongoSession> indexResolver() {
+			return mock(IndexResolver.class);
+		}
+
+	}
+
+	@Configuration
+	@EnableMongoHttpSession
+	static class CustomIndexResolverConfigurationWithProvidedMongoSessionConverter {
+
+		@Bean
+		AbstractMongoSessionConverter mongoSessionConverter() {
+			return new JacksonMongoSessionConverter();
+		}
+
+		@Bean
+		@SuppressWarnings("unchecked")
+		IndexResolver<MongoSession> indexResolver() {
+			return mock(IndexResolver.class);
+		}
+
+	}
+
+}

spring-session-data-mongodb/src/test/java/org/springframework/session/data/mongo/config/annotation/web/reactive/ReactiveMongoWebSessionConfigurationTest.java

@@ -0,0 +1,385 @@
+/*
+ * Copyright 2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.session.data.mongo.config.annotation.web.reactive;
+
+import java.lang.reflect.Field;
+import java.util.Collections;
+
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.Order;
+import org.junit.jupiter.api.Test;
+
+import org.springframework.beans.factory.UnsatisfiedDependencyException;
+import org.springframework.context.annotation.AnnotationConfigApplicationContext;
+import org.springframework.context.annotation.Bean;
+import org.springframework.data.mongodb.core.MongoOperations;
+import org.springframework.data.mongodb.core.ReactiveMongoOperations;
+import org.springframework.data.mongodb.core.index.IndexOperations;
+import org.springframework.session.IndexResolver;
+import org.springframework.session.ReactiveSessionRepository;
+import org.springframework.session.config.ReactiveSessionRepositoryCustomizer;
+import org.springframework.session.config.annotation.web.server.EnableSpringWebSession;
+import org.springframework.session.data.mongo.AbstractMongoSessionConverter;
+import org.springframework.session.data.mongo.JacksonMongoSessionConverter;
+import org.springframework.session.data.mongo.JdkMongoSessionConverter;
+import org.springframework.session.data.mongo.MongoSession;
+import org.springframework.session.data.mongo.ReactiveMongoSessionRepository;
+import org.springframework.util.ReflectionUtils;
+import org.springframework.web.server.adapter.WebHttpHandlerBuilder;
+import org.springframework.web.server.session.WebSessionManager;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.mockito.BDDMockito.any;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.BDDMockito.mock;
+import static org.mockito.BDDMockito.times;
+import static org.mockito.BDDMockito.verify;
+
+/**
+ * Verify various configurations through {@link EnableSpringWebSession}.
+ *
+ * @author Greg Turnquist
+ * @author Vedran Pavić
+ */
+public class ReactiveMongoWebSessionConfigurationTest {
+
+	private AnnotationConfigApplicationContext context;
+
+	@AfterEach
+	void tearDown() {
+
+		if (this.context != null) {
+			this.context.close();
+		}
+	}
+
+	@Test
+	void enableSpringWebSessionConfiguresThings() {
+
+		this.context = new AnnotationConfigApplicationContext();
+		this.context.register(GoodConfig.class);
+		this.context.refresh();
+
+		WebSessionManager webSessionManagerFoundByType = this.context.getBean(WebSessionManager.class);
+		Object webSessionManagerFoundByName = this.context.getBean(WebHttpHandlerBuilder.WEB_SESSION_MANAGER_BEAN_NAME);
+
+		assertThat(webSessionManagerFoundByType).isNotNull();
+		assertThat(webSessionManagerFoundByName).isNotNull();
+		assertThat(webSessionManagerFoundByType).isEqualTo(webSessionManagerFoundByName);
+
+		assertThat(this.context.getBean(ReactiveSessionRepository.class)).isNotNull();
+	}
+
+	@Test
+	void missingReactorSessionRepositoryBreaksAppContext() {
+
+		this.context = new AnnotationConfigApplicationContext();
+		this.context.register(BadConfig.class);
+
+		assertThatExceptionOfType(UnsatisfiedDependencyException.class).isThrownBy(this.context::refresh)
+				.withMessageContaining("Error creating bean with name 'reactiveMongoSessionRepository'")
+				.withMessageContaining(
+						"No qualifying bean of type '" + ReactiveMongoOperations.class.getCanonicalName());
+	}
+
+	@Test
+	void defaultSessionConverterShouldBeJdkWhenOnClasspath() throws IllegalAccessException {
+
+		this.context = new AnnotationConfigApplicationContext();
+		this.context.register(GoodConfig.class);
+		this.context.refresh();
+
+		ReactiveMongoSessionRepository repository = this.context.getBean(ReactiveMongoSessionRepository.class);
+
+		AbstractMongoSessionConverter converter = findMongoSessionConverter(repository);
+
+		assertThat(converter).isOfAnyClassIn(JdkMongoSessionConverter.class);
+	}
+
+	@Test
+	void overridingMongoSessionConverterWithBeanShouldWork() throws IllegalAccessException {
+
+		this.context = new AnnotationConfigApplicationContext();
+		this.context.register(OverrideSessionConverterConfig.class);
+		this.context.refresh();
+
+		ReactiveMongoSessionRepository repository = this.context.getBean(ReactiveMongoSessionRepository.class);
+
+		AbstractMongoSessionConverter converter = findMongoSessionConverter(repository);
+
+		assertThat(converter).isOfAnyClassIn(JacksonMongoSessionConverter.class);
+	}
+
+	@Test
+	void overridingIntervalAndCollectionNameThroughAnnotationShouldWork() throws IllegalAccessException {
+
+		this.context = new AnnotationConfigApplicationContext();
+		this.context.register(OverrideMongoParametersConfig.class);
+		this.context.refresh();
+
+		ReactiveMongoSessionRepository repository = this.context.getBean(ReactiveMongoSessionRepository.class);
+
+		Field inactiveField = ReflectionUtils.findField(ReactiveMongoSessionRepository.class,
+				"maxInactiveIntervalInSeconds");
+		ReflectionUtils.makeAccessible(inactiveField);
+		Integer inactiveSeconds = (Integer) inactiveField.get(repository);
+
+		Field collectionNameField = ReflectionUtils.findField(ReactiveMongoSessionRepository.class, "collectionName");
+		ReflectionUtils.makeAccessible(collectionNameField);
+		String collectionName = (String) collectionNameField.get(repository);
+
+		assertThat(inactiveSeconds).isEqualTo(123);
+		assertThat(collectionName).isEqualTo("test-case");
+	}
+
+	@Test
+	void reactiveAndBlockingMongoOperationsShouldEnsureIndexing() {
+
+		this.context = new AnnotationConfigApplicationContext();
+		this.context.register(ConfigWithReactiveAndImperativeMongoOperations.class);
+		this.context.refresh();
+
+		MongoOperations operations = this.context.getBean(MongoOperations.class);
+		IndexOperations indexOperations = this.context.getBean(IndexOperations.class);
+
+		verify(operations, times(1)).indexOps((String) any());
+		verify(indexOperations, times(1)).getIndexInfo();
+		verify(indexOperations, times(1)).ensureIndex(any());
+	}
+
+	@Test
+	void overrideCollectionAndInactiveIntervalThroughConfigurationOptions() {
+
+		this.context = new AnnotationConfigApplicationContext();
+		this.context.register(CustomizedReactiveConfiguration.class);
+		this.context.refresh();
+
+		ReactiveMongoSessionRepository repository = this.context.getBean(ReactiveMongoSessionRepository.class);
+
+		assertThat(repository.getCollectionName()).isEqualTo("custom-collection");
+		assertThat(repository.getMaxInactiveIntervalInSeconds()).isEqualTo(123);
+	}
+
+	@Test
+	void sessionRepositoryCustomizer() {
+
+		this.context = new AnnotationConfigApplicationContext();
+		this.context.register(SessionRepositoryCustomizerConfiguration.class);
+		this.context.refresh();
+
+		ReactiveMongoSessionRepository repository = this.context.getBean(ReactiveMongoSessionRepository.class);
+
+		assertThat(repository).hasFieldOrPropertyWithValue("maxInactiveIntervalInSeconds", 10000);
+	}
+
+	@Test
+	void customIndexResolverConfigurationWithDefaultMongoSessionConverter() {
+
+		this.context = new AnnotationConfigApplicationContext();
+		this.context.register(CustomIndexResolverConfigurationWithDefaultMongoSessionConverter.class);
+		this.context.refresh();
+
+		ReactiveMongoSessionRepository repository = this.context.getBean(ReactiveMongoSessionRepository.class);
+		IndexResolver<MongoSession> indexResolver = this.context.getBean(IndexResolver.class);
+
+		assertThat(repository).isNotNull();
+		assertThat(indexResolver).isNotNull();
+		assertThat(repository).extracting("mongoSessionConverter").hasFieldOrPropertyWithValue("indexResolver",
+				indexResolver);
+	}
+
+	@Test
+	void customIndexResolverConfigurationWithProvidedMongoSessionConverter() {
+
+		this.context = new AnnotationConfigApplicationContext();
+		this.context.register(CustomIndexResolverConfigurationWithProvidedtMongoSessionConverter.class);
+		this.context.refresh();
+
+		ReactiveMongoSessionRepository repository = this.context.getBean(ReactiveMongoSessionRepository.class);
+		IndexResolver<MongoSession> indexResolver = this.context.getBean(IndexResolver.class);
+
+		assertThat(repository).isNotNull();
+		assertThat(indexResolver).isNotNull();
+		assertThat(repository).extracting("mongoSessionConverter").hasFieldOrPropertyWithValue("indexResolver",
+				indexResolver);
+	}
+
+	/**
+	 * Reflectively extract the {@link AbstractMongoSessionConverter} from the
+	 * {@link ReactiveMongoSessionRepository}. This is to avoid expanding the surface area
+	 * of the API.
+	 */
+	private AbstractMongoSessionConverter findMongoSessionConverter(ReactiveMongoSessionRepository repository) {
+
+		Field field = ReflectionUtils.findField(ReactiveMongoSessionRepository.class, "mongoSessionConverter");
+		ReflectionUtils.makeAccessible(field);
+		try {
+			return (AbstractMongoSessionConverter) field.get(repository);
+		}
+		catch (IllegalAccessException ex) {
+			throw new RuntimeException(ex);
+		}
+	}
+
+	/**
+	 * A configuration with all the right parts.
+	 */
+	@EnableMongoWebSession
+	static class GoodConfig {
+
+		@Bean
+		ReactiveMongoOperations operations() {
+			return mock(ReactiveMongoOperations.class);
+		}
+
+	}
+
+	/**
+	 * A configuration where no {@link ReactiveMongoOperations} is defined. It's BAD!
+	 */
+	@EnableMongoWebSession
+	static class BadConfig {
+
+	}
+
+	@EnableMongoWebSession
+	static class OverrideSessionConverterConfig {
+
+		@Bean
+		ReactiveMongoOperations operations() {
+			return mock(ReactiveMongoOperations.class);
+		}
+
+		@Bean
+		AbstractMongoSessionConverter mongoSessionConverter() {
+			return new JacksonMongoSessionConverter();
+		}
+
+	}
+
+	@EnableMongoWebSession(maxInactiveIntervalInSeconds = 123, collectionName = "test-case")
+	static class OverrideMongoParametersConfig {
+
+		@Bean
+		ReactiveMongoOperations operations() {
+			return mock(ReactiveMongoOperations.class);
+		}
+
+	}
+
+	@EnableMongoWebSession
+	static class ConfigWithReactiveAndImperativeMongoOperations {
+
+		@Bean
+		ReactiveMongoOperations reactiveMongoOperations() {
+			return mock(ReactiveMongoOperations.class);
+		}
+
+		@Bean
+		IndexOperations indexOperations() {
+
+			IndexOperations indexOperations = mock(IndexOperations.class);
+			given(indexOperations.getIndexInfo()).willReturn(Collections.emptyList());
+			return indexOperations;
+		}
+
+		@Bean
+		MongoOperations mongoOperations(IndexOperations indexOperations) {
+
+			MongoOperations mongoOperations = mock(MongoOperations.class);
+			given(mongoOperations.indexOps((String) any())).willReturn(indexOperations);
+			return mongoOperations;
+		}
+
+	}
+
+	@EnableSpringWebSession
+	static class CustomizedReactiveConfiguration extends ReactiveMongoWebSessionConfiguration {
+
+		CustomizedReactiveConfiguration() {
+
+			this.setCollectionName("custom-collection");
+			this.setMaxInactiveIntervalInSeconds(123);
+		}
+
+		@Bean
+		ReactiveMongoOperations reactiveMongoOperations() {
+			return mock(ReactiveMongoOperations.class);
+		}
+
+	}
+
+	@EnableMongoWebSession
+	static class SessionRepositoryCustomizerConfiguration {
+
+		@Bean
+		ReactiveMongoOperations operations() {
+			return mock(ReactiveMongoOperations.class);
+		}
+
+		@Bean
+		@Order(0)
+		ReactiveSessionRepositoryCustomizer<ReactiveMongoSessionRepository> sessionRepositoryCustomizerOne() {
+			return (sessionRepository) -> sessionRepository.setMaxInactiveIntervalInSeconds(0);
+		}
+
+		@Bean
+		@Order(1)
+		ReactiveSessionRepositoryCustomizer<ReactiveMongoSessionRepository> sessionRepositoryCustomizerTwo() {
+			return (sessionRepository) -> sessionRepository.setMaxInactiveIntervalInSeconds(10000);
+		}
+
+	}
+
+	@EnableMongoWebSession
+	static class CustomIndexResolverConfigurationWithDefaultMongoSessionConverter {
+
+		@Bean
+		ReactiveMongoOperations operations() {
+			return mock(ReactiveMongoOperations.class);
+		}
+
+		@Bean
+		@SuppressWarnings("unchecked")
+		IndexResolver<MongoSession> indexResolver() {
+			return mock(IndexResolver.class);
+		}
+
+	}
+
+	@EnableMongoWebSession
+	static class CustomIndexResolverConfigurationWithProvidedtMongoSessionConverter {
+
+		@Bean
+		ReactiveMongoOperations operations() {
+			return mock(ReactiveMongoOperations.class);
+		}
+
+		@Bean
+		JacksonMongoSessionConverter jacksonMongoSessionConverter() {
+			return new JacksonMongoSessionConverter();
+		}
+
+		@Bean
+		@SuppressWarnings("unchecked")
+		IndexResolver<MongoSession> indexResolver() {
+			return mock(IndexResolver.class);
+		}
+
+	}
+
+}

spring-session-data-mongodb/src/test/resources/logback.xml

@@ -0,0 +1,17 @@
+<configuration>
+	<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+		<encoder>
+			<pattern>%d{HH:mm:ss.SSS} [%8.-8thread] %-5level %logger{36} - %msg%n</pattern>
+		</encoder>
+	</appender>
+
+<!--	<logger name="org.springframework.web" level="TRACE" />-->
+<!--	<logger name="org.springframework.web.reactive" level="TRACE" />-->
+<!--	<logger name="org.springframework.security" level="TRACE" />-->
+<!--	<logger name="org.springframework.session" level="TRACE" />-->
+<!--	<logger name="org.springframework.data.mongodb" level="TRACE" />-->
+
+	<root level="WARN">
+		<appender-ref ref="STDOUT" />
+	</root>
+</configuration>

spring-session-docs/modules/ROOT/nav.adoc

@@ -6,6 +6,7 @@
 ***** {gh-samples-url}spring-session-sample-boot-redis-json[JSON serialization]
 ***** {gh-samples-url}spring-session-sample-boot-redis-simple[Simple Redis]
 ***** xref:guides/boot-redis.adoc[Redis with Events]
+**** xref:guides/boot-mongo.adoc[MongoDB]
 **** xref:guides/boot-jdbc.adoc[JDBC]
 **** {gh-samples-url}spring-session-sample-boot-hazelcast[HttpSession with Hazelcast]
 *** xref:guides/boot-findbyusername.adoc[Find by Username]

spring-session-docs/modules/ROOT/pages/guides/boot-mongo.adoc

@@ -0,0 +1,174 @@
+= Spring Session - MongoDB Repositories
+Jakub Kubrynski, Greg Turnquist
+:stylesdir: ../
+:highlightjsdir: ../js/highlight
+:docinfodir: guides
+
+This guide describes how to use Spring Session backed by MongoDB.
+
+NOTE: The completed guide can be found in the <<mongo-sample, mongo sample application>>.
+
+[#index-link]
+link:../index.html[Index]
+
+== Updating Dependencies
+Before you use Spring Session MongoDB, you must ensure to update your dependencies.
+We assume you are working with a working Spring Boot web application.
+If you are using Maven, ensure to add the following dependencies:
+
+====
+[source,xml]
+[subs="verbatim,attributes"]
+.pom.xml
+----
+<dependencies>
+	<!-- ... -->
+	<dependency>
+		<groupId>org.springframework.session</groupId>
+		<artifactId>spring-session-data-mongodb</artifactId>
+	</dependency>
+</dependencies>
+----
+====
+
+ifeval::["{version-snapshot}" == "true"]
+Since We are using a SNAPSHOT version, we need to ensure to add the Spring Snapshot Maven Repository.
+Ensure you have the following in your pom.xml:
+
+====
+[source,xml]
+.pom.xml
+----
+<repositories>
+	<!-- ... -->
+	<repository>
+		<id>spring-snapshot</id>
+		<url>https://repo.spring.io/libs-snapshot</url>
+	</repository>
+</repositories>
+----
+====
+endif::[]
+
+ifeval::["{version-milestone}" == "true"]
+Since We are using a Milestone version, we need to ensure to add the Spring Milestone Maven Repository.
+Ensure you have the following in your pom.xml:
+
+====
+[source,xml]
+.pom.xml
+----
+<repository>
+	<id>spring-milestone</id>
+	<url>https://repo.spring.io/libs-milestone</url>
+</repository>
+----
+====
+endif::[]
+
+[[mongo-spring-configuration]]
+== Spring Configuration
+
+After adding the required dependencies, we can create our Spring configuration.
+The Spring configuration is responsible for creating a Servlet Filter that replaces the `HttpSession` implementation with an implementation backed by Spring Session.
+
+// tag::config[]
+All you have to do is to add the following Spring Configuration:
+
+====
+[source,java]
+----
+include::{samples-dir}spring-session-sample-boot-mongodb-traditional/src/main/java/org/springframework/session/mongodb/examples/config/HttpSessionConfig.java[tag=class]
+----
+<1> The `@EnableMongoHttpSession` annotation creates a Spring Bean with the name of `springSessionRepositoryFilter` that implements Filter.
+This filter is what replaces the default `HttpSession` with the MongoDB-backed bean.
+<2> Configures the session timeout to 30 minutes.
+====
+
+// end::config[]
+
+[[boot-mongo-configuration]]
+== Configuring the MongoDB Connection
+
+Spring Boot automatically creates a `MongoClient` that connects Spring Session to a MongoDB Server on localhost on port 27017 (default port).
+In a production environment you need to ensure to update your configuration to point to your MongoDB server.
+For example, you can include the following in your *application.properties*
+
+====
+.src/main/resources/application.properties
+----
+spring.data.mongodb.host=mongo-srv
+spring.data.mongodb.port=27018
+spring.data.mongodb.database=prod
+----
+====
+
+For more information, refer to https://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#boot-features-connecting-to-mongodb[Connecting to MongoDB] portion of the Spring Boot documentation.
+
+[[boot-servlet-configuration]]
+== Servlet Container Initialization
+
+Our <<boot-mongo-configuration,Spring Configuration>> created a Spring Bean named `springSessionRepositoryFilter` that implements `Filter`.
+The `springSessionRepositoryFilter` bean is responsible for replacing the `HttpSession` with a custom implementation that is backed by Spring Session.
+
+In order for our `Filter` to do its magic, Spring needs to load our `Config` class.
+Last we need to ensure that our Servlet Container (i.e. Tomcat) uses our `springSessionRepositoryFilter` for every request.
+Fortunately, Spring Boot takes care of both of these steps for us.
+
+[[mongo-sample]]
+== MongoDB Sample Application
+
+The MongoDB Sample Application demonstrates how to use Spring Session to transparently leverage MongoDB to back a web application's `HttpSession` when using Spring Boot.
+
+[[mongo-running]]
+=== Running the MongoDB Sample Application
+
+You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
+
+====
+----
+$ ./gradlew :samples:mongo:bootRun
+----
+====
+
+You should now be able to access the application at http://localhost:8080/
+
+[[boot-explore]]
+=== Exploring the security Sample Application
+
+Try using the application. Enter the following to log in:
+
+* **Username** _user_
+* **Password** _password_
+
+Now click the **Login** button.
+You should now see a message indicating your are logged in with the user entered previously.
+The user's information is stored in MongoDB rather than Tomcat's `HttpSession` implementation.
+
+[[mongo-how]]
+=== How does it work?
+
+Instead of using Tomcat's `HttpSession`, we are actually persisting the values in Mongo.
+Spring Session replaces the `HttpSession` with an implementation that is backed by Mongo.
+When Spring Security's `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession` it is then persisted into Mongo.
+
+When a new `HttpSession` is created, Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
+Go ahead and view the cookies (click for help with https://developer.chrome.com/devtools/docs/resources#cookies[Chrome] or https://getfirebug.com/wiki/index.php/Cookies_Panel#Cookies_List[Firefox]).
+
+If you like, you can easily inspect the session using mongo client. For example, on a Linux based system you can type:
+
+[NOTE]
+====
+The sample application uses an embedded MongoDB instance that listens on a randomly allocated port.
+The port used by embedded MongoDB together with exact command to connect to it is logged during application startup.
+====
+
+	$ mongo --port ...
+	> use test
+	> db.sessions.find().pretty()
+
+Alternatively, you can also delete the explicit key. Enter the following into your terminal ensuring to replace `60f17293-839b-477c-bb92-07a9c3658843` with the value of your SESSION cookie:
+
+	> db.sessions.remove({"_id":"60f17293-839b-477c-bb92-07a9c3658843"})
+
+Now visit the application at http://localhost:8080/ and observe that we are no longer authenticated.

spring-session-docs/modules/ROOT/pages/http-session.adoc

@@ -41,6 +41,68 @@ You can read the basic steps for integration in the next few sections, but we en
 
 include::guides/xml-redis.adoc[tags=config,leveloffset=+2]
 
+[[httpsession-mongo]]
+=== HttpSession with Mongo
+
+Using Spring Session with `HttpSession` is enabled by adding a Servlet Filter before anything that uses the `HttpSession`.
+
+This section describes how to use Mongo to back `HttpSession` using Java based configuration.
+
+NOTE: The <<samples, HttpSession Mongo Sample>> provides a working sample on how to integrate Spring Session and `HttpSession` using Java configuration.
+You can read the basic steps for integration below, but you are encouraged to follow along with the detailed HttpSession Guide when integrating with your own application.
+
+include::guides/boot-mongo.adoc[tags=config,leveloffset=+3]
+
+==== Session serialization mechanisms
+
+To be able to persist session objects in MongoDB we need to provide the serialization/deserialization mechanism.
+
+By default, Spring Session MongoDB will use `JdkMongoSessionConverter`.
+
+However, you may switch to `JacksonMongoSessionConverter` by merely adding the following code to your Boot app:
+
+[source,java]
+----
+@Bean
+JacksonMongoSessionConverter mongoSessionConverter() {
+    return new JacksonMongoSessionConverter();
+}
+----
+
+===== JacksonMongoSessionConverter
+
+This mechanism uses Jackson to serialize session objects to/from JSON.
+
+By creating the following bean:
+
+[source,java]
+----
+@Bean
+JacksonMongoSessionConverter mongoSessionConverter() {
+    return new JacksonMongoSessionConverter();
+}
+----
+
+...you are able to switch from the default (JDK-based serialization) to using Jackson.
+
+IMPORTANT: If you are integrating with Spring Security (by storing your sessions in MongoDB), this configuration will
+register the proper whitelisted components so Spring Security works properly.
+
+If you would like to provide custom Jackson modules you can do it by explicitly registering modules as shown below:
+
+[source,java,indent=0]
+----
+include::{code-dir}/src/test/java/org/springframework/session/data/mongo/integration/MongoRepositoryJacksonITest.java[tag=sample]
+----
+
+===== JdkMongoSessionConverter
+
+`JdkMongoSessionConverter` uses standard Java serialization to persist session attributes map to MongoDB in a binary form.
+However, standard session elements like id, access time, etc are still written as a plain Mongo objects and can be read and queried without additional effort.
+`JdkMongoSessionConverter` is used if no explicit `AbstractMongoSessionConverter` Bean has been defined.
+
+There is also a constructor taking `Serializer` and `Deserializer` objects, allowing you to pass custom implementations, which is especially important when you want to use non-default classloader.
+
 [[httpsession-jdbc]]
 == `HttpSession` with JDBC
 

spring-session-docs/modules/ROOT/pages/modules.adoc

@@ -4,20 +4,19 @@
 In Spring Session 1.x, all of the Spring Session's `SessionRepository` implementations were available within the `spring-session` artifact.
 While convenient, this approach was not sustainable long-term as more features and `SessionRepository` implementations were added to the project.
 
-Starting with Spring Session 2.0, the project has been split into Spring Session Core module and several other modules that carry `SessionRepository` implementations and functionality related to the specific data store.
-Users of Spring Data should find this arrangement familiar, with Spring Session Core module taking a role equivalent to Spring Data Commons and providing core functionalities and APIs, with other modules containing data store specific implementations.
-As part of this split, the Spring Session Data MongoDB and Spring Session Data GemFire modules were moved to separate repositories.
-Now the situation with project's repositories/modules is as follows:
+With Spring Session 2.0, several modules were split off to be separate modules as well as managed repositories.
+Spring Session for MongoDB was retired, but was later reactivated as a separate module.
+As of Spring Session 2.6, Spring Session for MongoDB was merged back into Spring Session.
+
+Now the situation with the various repositories and modules is as follows:
 
 * https://github.com/spring-projects/spring-session[`spring-session` repository]
-** Hosts the Spring Session Core, Spring Session Data Redis, Spring Session JDBC, and Spring Session Hazelcast modules
-* https://github.com/spring-projects/spring-session-data-mongodb[`spring-session-data-mongodb` repository]
-** Hosts the Spring Session Data MongoDB module. Spring Session Data MongoDB has its own user guide, which you can find at the [https://spring.io/projects/spring-session-data-mongodb#learnSpring site].
+** Hosts the Spring Session Core, Spring Session for MongoDB, Spring Session for Redis, Spring Session JDBC, and Spring Session Hazelcast modules.
 
 * https://github.com/spring-projects/spring-session-data-geode[`spring-session-data-geode` repository]
 ** Hosts the Spring Session Data Geode modules. Spring Session Data Geode has its own user guide, which you can find at the [https://spring.io/projects/spring-session-data-geode#learn site].
 
-Finally, Spring Session now also provides a Maven BOM ("`bill of materials`") module in order to help users with version management concerns:
+Finally, Spring Session also provides a Maven BOM ("`bill of materials`") module in order to help users with version management concerns:
 
 * https://github.com/spring-projects/spring-session-bom[`spring-session-bom` repository]
 ** Hosts the Spring Session BOM module

spring-session-docs/modules/ROOT/pages/samples.adoc

@@ -43,6 +43,14 @@ To get started with Spring Session, the best place to start is our Sample Applic
 | Demonstrates how to use Spring Session to replace the `HttpSession` with Redis using `RedisSessionRepository`.
 |
 
+| {gh-samples-url}spring-session-sample-boot-mongodb-traditional[Spring Session with MongoDB Repositories (servlet-based)]
+| Demonstrates how to back Spring Session with traditional MongoDB repositories.
+| link:guides/boot-mongo.html[Spring Session with MongoDB Repositories]
+
+| {gh-samples-url}spring-session-sample-boot-mongodb-reactive[Spring Session with MongoDB Repositories (reactive)]
+| Demonstrates how to back Spring Session with reactive MongoDB repositories.
+| link:guides/boot-mongo.html[Spring Session with MongoDB Repositories]
+
 |===
 
 .Sample Applications that use Spring Java-based configuration

spring-session-docs/modules/ROOT/pages/upgrading.adoc

@@ -16,19 +16,15 @@ The `spring-session-core` module holds only the common set of APIs and component
 This applies to several existing modules that were previously a simple dependency aggregator helper module.
 With new module arrangement, the following modules actually carry the implementation:
 
-* Spring Session Data Redis
+* Spring Session for MongoDB
+* Spring Session for Redis
 * Spring Session JDBC
 * Spring Session Hazelcast
 
-Also, the following modules were removed from the main project repository:
+Also, the following were removed from the main project repository:
 
-* Spring Session Data MongoDB
 * Spring Session Data GemFire
-
-Note that these two have moved to separate repositories and continue to be available under new artifact names:
-
-* https://github.com/spring-projects/spring-session-data-mongodb[`spring-session-data-mongodb`]
-* https://github.com/spring-projects/spring-session-data-geode[`spring-session-data-geode`]
+** https://github.com/spring-projects/spring-session-data-geode[`spring-session-data-geode`]
 
 == Replaced and Removed Packages, Classes, and Methods
 

spring-session-samples/spring-session-sample-boot-mongodb-reactive/spring-session-sample-boot-mongodb-reactive.gradle

@@ -0,0 +1,13 @@
+apply plugin: 'io.spring.convention.spring-sample-boot'
+
+dependencies {
+	compile project(':spring-session-data-mongodb')
+	compile "org.springframework.boot:spring-boot-starter-webflux"
+	compile "org.springframework.boot:spring-boot-starter-thymeleaf"
+	compile "org.springframework.boot:spring-boot-starter-data-mongodb-reactive"
+    compile "de.flapdoodle.embed:de.flapdoodle.embed.mongo"
+
+	testCompile "org.springframework.boot:spring-boot-starter-test"
+	testCompile "org.seleniumhq.selenium:htmlunit-driver"
+	testCompile "org.seleniumhq.selenium:selenium-support"
+}

spring-session-samples/spring-session-sample-boot-mongodb-reactive/src/main/java/org/springframework/session/mongodb/examples/SessionAttributeForm.java

@@ -0,0 +1,74 @@
+/*
+ * Copyright 2014-2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.mongodb.examples;
+
+import java.util.Objects;
+
+/**
+ * @author Rob Winch
+ * @author Greg Turnquist
+ * @since 5.0
+ */
+public class SessionAttributeForm {
+
+	private String attributeName;
+
+	private String attributeValue;
+
+	public String getAttributeName() {
+		return this.attributeName;
+	}
+
+	public void setAttributeName(String attributeName) {
+		this.attributeName = attributeName;
+	}
+
+	public String getAttributeValue() {
+		return this.attributeValue;
+	}
+
+	public void setAttributeValue(String attributeValue) {
+		this.attributeValue = attributeValue;
+	}
+
+	@Override
+	public boolean equals(Object o) {
+
+		if (this == o) {
+			return true;
+		}
+		if (!(o instanceof SessionAttributeForm)) {
+			return false;
+		}
+		SessionAttributeForm that = (SessionAttributeForm) o;
+		return Objects.equals(this.attributeName, that.attributeName)
+				&& Objects.equals(this.attributeValue, that.attributeValue);
+	}
+
+	@Override
+	public int hashCode() {
+		return Objects.hash(this.attributeName, this.attributeValue);
+	}
+
+	@Override
+	public String toString() {
+
+		return "SessionAttributeForm{" + "attributeName='" + this.attributeName + '\'' + ", attributeValue='"
+				+ this.attributeValue + '\'' + '}';
+	}
+
+}

spring-session-samples/spring-session-sample-boot-mongodb-reactive/src/main/java/org/springframework/session/mongodb/examples/SessionController.java

@@ -0,0 +1,49 @@
+/*
+ * Copyright 2014-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.mongodb.examples;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.ModelAttribute;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.server.WebSession;
+
+/**
+ * @author Rob Winch
+ * @author Greg Turnquist
+ */
+// tag::class[]
+@Controller
+public class SessionController {
+
+	@PostMapping("/session")
+	public String setAttribute(@ModelAttribute SessionAttributeForm sessionAttributeForm, WebSession session) {
+
+		session.getAttributes().put(sessionAttributeForm.getAttributeName(), sessionAttributeForm.getAttributeValue());
+		return "redirect:/";
+	}
+
+	@GetMapping("/")
+	public String index(Model model, WebSession webSession) {
+
+		model.addAttribute("webSession", webSession);
+		return "index";
+	}
+
+}
+// tag::end[]

spring-session-samples/spring-session-sample-boot-mongodb-reactive/src/main/java/org/springframework/session/mongodb/examples/SpringSessionMongoReactiveApplication.java

@@ -0,0 +1,37 @@
+/*
+ * Copyright 2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.session.mongodb.examples;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.session.data.mongo.config.annotation.web.reactive.EnableMongoWebSession;
+
+/**
+ * Pure Spring-based application (using Spring Boot for dependency management), hence no
+ * autoconfiguration.
+ *
+ * @author Rob Winch
+ * @author Greg Turnquist
+ */
+@SpringBootApplication
+@EnableMongoWebSession
+public class SpringSessionMongoReactiveApplication {
+
+	public static void main(String[] args) {
+		SpringApplication.run(SpringSessionMongoReactiveApplication.class);
+	}
+
+}

spring-session-samples/spring-session-sample-boot-mongodb-reactive/src/main/resources/application.yml

@@ -0,0 +1,4 @@
+logging:
+  level:
+    org.springframework.data.mongodb: DEBUG
+    org.springframework.session: DEBUG

spring-session-samples/spring-session-sample-boot-mongodb-reactive/src/main/resources/templates/index.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<html xmlns:th="https://www.thymeleaf.org">
+<head>
+    <title>Session Attributes</title>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
+</head>
+<body>
+<div class="container">
+    <h1>Description</h1>
+    <p>This application demonstrates how to use a MongoDB instance to back your session. Notice that there is no
+        JSESSIONID cookie. We are also able to customize the way of identifying what the requested session id is.</p>
+
+    <h1>Try it</h1>
+
+    <form class="form-inline" role="form" action="./session" method="post">
+        <label for="attributeName">Attribute Name</label>
+        <input id="attributeName" type="text" name="attributeName"/>
+        <label for="attributeValue">Attribute Value</label>
+        <input id="attributeValue" type="text" name="attributeValue"/>
+        <input type="submit" value="Set Attribute"/>
+    </form>
+
+    <hr/>
+
+    <table class="table table-striped">
+        <thead>
+        <tr>
+            <th>Attribute Name</th>
+            <th>Attribute Value</th>
+        </tr>
+        </thead>
+        <tbody>
+        <tr th:each="attr : ${webSession.attributes}">
+            <td th:text="${attr.key}"/>
+            <td th:text="${attr.value}"/>
+        </tr>
+        </tbody>
+    </table>
+</div>
+</body>
+</html>

spring-session-samples/spring-session-sample-boot-mongodb-reactive/src/test/java/org/springframework/session/mongodb/examples/AttributeTests.java

@@ -0,0 +1,87 @@
+/*
+ * Copyright 2014-2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.mongodb.examples;
+
+import java.util.List;
+
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.openqa.selenium.WebDriver;
+import org.openqa.selenium.htmlunit.HtmlUnitDriver;
+
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.web.server.LocalServerPort;
+import org.springframework.session.mongodb.examples.pages.HomePage;
+import org.springframework.session.mongodb.examples.pages.HomePage.Attribute;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * @author Eddú Meléndez
+ * @author Rob Winch
+ */
+@ExtendWith(SpringExtension.class)
+@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
+public class AttributeTests {
+
+	@LocalServerPort
+	int port;
+
+	private WebDriver driver;
+
+	@BeforeEach
+	void setup() {
+		this.driver = new HtmlUnitDriver();
+	}
+
+	@AfterEach
+	void tearDown() {
+		this.driver.quit();
+	}
+
+	@Test
+	void home() {
+
+		HomePage home = HomePage.go(this.driver, this.port);
+		home.assertAt();
+	}
+
+	@Test
+	void noAttributes() {
+
+		HomePage home = HomePage.go(this.driver, this.port);
+		assertThat(home.attributes()).isEmpty();
+	}
+
+	@Test
+	void createAttribute() {
+
+		HomePage home = HomePage.go(this.driver, this.port);
+		home = home.form().attributeName("a").attributeValue("b").submit(HomePage.class);
+
+		List<Attribute> attributes = home.attributes();
+		assertThat(attributes).hasSize(1);
+
+		Attribute row = attributes.get(0);
+		assertThat(row.getAttributeName()).isEqualTo("a");
+		assertThat(row.getAttributeValue()).isEqualTo("b");
+	}
+
+}

spring-session-samples/spring-session-sample-boot-mongodb-reactive/src/test/java/org/springframework/session/mongodb/examples/pages/HomePage.java

@@ -0,0 +1,148 @@
+/*
+ * Copyright 2014-2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.mongodb.examples.pages;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.stream.Collectors;
+
+import org.openqa.selenium.SearchContext;
+import org.openqa.selenium.WebDriver;
+import org.openqa.selenium.WebElement;
+import org.openqa.selenium.support.FindBy;
+import org.openqa.selenium.support.PageFactory;
+import org.openqa.selenium.support.pagefactory.DefaultElementLocatorFactory;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * @author Eddú Meléndez
+ * @author Rob Winch
+ */
+public class HomePage {
+
+	private WebDriver driver;
+
+	@FindBy(css = "form")
+	WebElement form;
+
+	@FindBy(css = "table tbody tr")
+	List<WebElement> trs;
+
+	List<Attribute> attributes;
+
+	public HomePage(WebDriver driver) {
+
+		this.driver = driver;
+		this.attributes = new ArrayList<>();
+	}
+
+	private static void get(WebDriver driver, int port, String get) {
+
+		String baseUrl = "http://localhost:" + port;
+		driver.get(baseUrl + get);
+	}
+
+	public static HomePage go(WebDriver driver, int port) {
+
+		get(driver, port, "/");
+		return PageFactory.initElements(driver, HomePage.class);
+	}
+
+	public void assertAt() {
+		assertThat(this.driver.getTitle()).isEqualTo("Session Attributes");
+	}
+
+	public List<Attribute> attributes() {
+
+		List<Attribute> rows = this.trs.stream() //
+				.map(Attribute::new) //
+				.collect(Collectors.toList());
+
+		this.attributes.addAll(rows);
+
+		return this.attributes;
+	}
+
+	public Form form() {
+		return new Form(this.form);
+	}
+
+	public class Form {
+
+		@FindBy(name = "attributeName")
+		WebElement attributeName;
+
+		@FindBy(name = "attributeValue")
+		WebElement attributeValue;
+
+		@FindBy(css = "input[type=\"submit\"]")
+		WebElement submit;
+
+		public Form(SearchContext context) {
+			PageFactory.initElements(new DefaultElementLocatorFactory(context), this);
+		}
+
+		public Form attributeName(String text) {
+
+			this.attributeName.sendKeys(text);
+			return this;
+		}
+
+		public Form attributeValue(String text) {
+
+			this.attributeValue.sendKeys(text);
+			return this;
+		}
+
+		public <T> T submit(Class<T> page) {
+
+			this.submit.click();
+			return PageFactory.initElements(HomePage.this.driver, page);
+		}
+
+	}
+
+	public static class Attribute {
+
+		@FindBy(xpath = ".//td[1]")
+		WebElement attributeName;
+
+		@FindBy(xpath = ".//td[2]")
+		WebElement attributeValue;
+
+		public Attribute(SearchContext context) {
+			PageFactory.initElements(new DefaultElementLocatorFactory(context), this);
+		}
+
+		/**
+		 * @return the attributeName
+		 */
+		public String getAttributeName() {
+			return this.attributeName.getText();
+		}
+
+		/**
+		 * @return the attributeValue
+		 */
+		public String getAttributeValue() {
+			return this.attributeValue.getText();
+		}
+
+	}
+
+}

spring-session-samples/spring-session-sample-boot-mongodb-traditional/spring-session-sample-boot-mongodb-traditional.gradle

@@ -0,0 +1,17 @@
+apply plugin: 'io.spring.convention.spring-sample-boot'
+
+dependencies {
+    compile project(':spring-session-data-mongodb')
+    compile "org.springframework.boot:spring-boot-starter-web"
+    compile "org.springframework.boot:spring-boot-starter-thymeleaf"
+    compile "nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect"
+    compile "org.thymeleaf.extras:thymeleaf-extras-springsecurity5"
+    compile "org.springframework.boot:spring-boot-starter-data-mongodb"
+    compile "org.springframework.boot:spring-boot-starter-security"
+    compile "de.flapdoodle.embed:de.flapdoodle.embed.mongo"
+
+    testCompile "org.springframework.boot:spring-boot-starter-test"
+    testCompile "org.seleniumhq.selenium:htmlunit-driver"
+    testCompile "org.seleniumhq.selenium:selenium-support"
+    testCompile "org.springframework.security:spring-security-test"
+}

spring-session-samples/spring-session-sample-boot-mongodb-traditional/src/main/java/org/springframework/session/mongodb/examples/EmbeddedMongoPortLogger.java

@@ -0,0 +1,45 @@
+/*
+ * Copyright 2014-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.session.mongodb.examples;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import org.springframework.boot.ApplicationArguments;
+import org.springframework.boot.ApplicationRunner;
+import org.springframework.context.EnvironmentAware;
+import org.springframework.core.env.Environment;
+import org.springframework.stereotype.Component;
+
+@Component
+class EmbeddedMongoPortLogger implements ApplicationRunner, EnvironmentAware {
+
+	private static final Log logger = LogFactory.getLog(EmbeddedMongoPortLogger.class);
+
+	private Environment environment;
+
+	@Override
+	public void run(ApplicationArguments args) throws Exception {
+		String port = this.environment.getProperty("local.mongo.port");
+		logger.info("Embedded Mongo started on port " + port + ", use 'mongo --port " + port + "' command to connect");
+	}
+
+	@Override
+	public void setEnvironment(Environment environment) {
+		this.environment = environment;
+	}
+
+}

spring-session-samples/spring-session-sample-boot-mongodb-traditional/src/main/java/org/springframework/session/mongodb/examples/SpringSessionMongoTraditionalBoot.java

@@ -0,0 +1,31 @@
+/*
+ * Copyright 2014-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.session.mongodb.examples;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+/**
+ * @author Rob Winch
+ */
+@SpringBootApplication
+public class SpringSessionMongoTraditionalBoot {
+
+	public static void main(String[] args) {
+		SpringApplication.run(SpringSessionMongoTraditionalBoot.class, args);
+	}
+
+}

spring-session-samples/spring-session-sample-boot-mongodb-traditional/src/main/java/org/springframework/session/mongodb/examples/config/HttpSessionConfig.java

@@ -0,0 +1,34 @@
+/*
+ * Copyright 2014-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.session.mongodb.examples.config;
+
+import java.time.Duration;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.session.data.mongo.JdkMongoSessionConverter;
+import org.springframework.session.data.mongo.config.annotation.web.http.EnableMongoHttpSession;
+
+// tag::class[]
+@EnableMongoHttpSession // <1>
+public class HttpSessionConfig {
+
+	@Bean
+	public JdkMongoSessionConverter jdkMongoSessionConverter() {
+		return new JdkMongoSessionConverter(Duration.ofMinutes(30)); // <2>
+	}
+
+}
+// end::class[]

spring-session-samples/spring-session-sample-boot-mongodb-traditional/src/main/java/org/springframework/session/mongodb/examples/config/SecurityConfig.java

@@ -0,0 +1,37 @@
+/*
+ * Copyright 2014-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.session.mongodb.examples.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+
+/**
+ * @author Rob Winch
+ */
+@EnableWebSecurity
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+	@Autowired
+	public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+
+		auth.inMemoryAuthentication().withUser(
+				User.withDefaultPasswordEncoder().username("user").password("password").roles("USER").build());
+	}
+
+}

spring-session-samples/spring-session-sample-boot-mongodb-traditional/src/main/java/org/springframework/session/mongodb/examples/mvc/IndexController.java

@@ -0,0 +1,35 @@
+/*
+ * Copyright 2014-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.session.mongodb.examples.mvc;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+
+/**
+ * Controller for sending the user to the login view.
+ *
+ * @author Rob Winch
+ *
+ */
+@Controller
+public class IndexController {
+
+	@GetMapping("/")
+	public String index() {
+		return "index";
+	}
+
+}

spring-session-samples/spring-session-sample-boot-mongodb-traditional/src/main/resources/application.properties

@@ -0,0 +1,3 @@
+spring.thymeleaf.cache=false
+spring.template.cache=false
+spring.data.mongodb.port=0

spring-session-samples/spring-session-sample-boot-mongodb-traditional/src/main/resources/templates/index.html

@@ -0,0 +1,11 @@
+<html xmlns:layout="https://github.com/ultraq/thymeleaf-layout-dialect" layout:decorator="layout">
+<head>
+	<title>Secured Content</title>
+</head>
+<body>
+	<div layout:fragment="content">
+		<h1>Secured Page</h1>
+		<p>This page is secured using Spring Boot, Spring Session, and Spring Security.</p>
+	</div>
+</body>
+</html>

spring-session-samples/spring-session-sample-boot-mongodb-traditional/src/main/resources/templates/layout.html

@@ -0,0 +1,122 @@
+<!DOCTYPE html SYSTEM "https://www.thymeleaf.org/dtd/xhtml1-strict-thymeleaf-spring4-3.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"
+			xmlns:th="https://www.thymeleaf.org"
+			xmlns:layout="https://github.com/ultraq/thymeleaf-layout-dialect">
+	<head>
+		<title layout:title-pattern="$DECORATOR_TITLE - $CONTENT_TITLE">Spring Session Sample</title>
+		<link rel="icon" type="image/x-icon" th:href="@{/resources/img/favicon.ico}" href="../static/img/favicon.ico"/>
+		<link th:href="@{/webjars/bootstrap/css/bootstrap.min.css}" href="/webjars/bootstrap/css/bootstrap.min.css" rel="stylesheet"></link>
+		<style type="text/css">
+			/* Sticky footer styles
+			-------------------------------------------------- */
+
+			html,
+			body {
+				height: 100%;
+				/* The html and body elements cannot have any padding or margin. */
+			}
+
+			/* Wrapper for page content to push down footer */
+			#wrap {
+				min-height: 100%;
+				height: auto !important;
+				height: 100%;
+				/* Negative indent footer by it's height */
+				margin: 0 auto -60px;
+			}
+
+			/* Set the fixed height of the footer here */
+			#push,
+			#footer {
+				height: 60px;
+			}
+			#footer {
+				background-color: #f5f5f5;
+			}
+
+			/* Lastly, apply responsive CSS fixes as necessary */
+			@media (max-width: 767px) {
+				#footer {
+					margin-left: -20px;
+					margin-right: -20px;
+					padding-left: 20px;
+					padding-right: 20px;
+				}
+			}
+
+
+
+			/* Custom page CSS
+			-------------------------------------------------- */
+			/* Not required for template or sticky footer method. */
+
+			.container {
+				width: auto;
+				max-width: 680px;
+			}
+			.container .credit {
+				margin: 20px 0;
+				text-align: center;
+			}
+			a {
+					color: green;
+			}
+			.navbar-form {
+				margin-left: 1em;
+			}
+		</style>
+		<link th:href="@{/webjars/bootstrap/css/bootstrap-responsive.min.css}" href="/webjars/bootstrap/css/bootstrap-responsive.min.css" rel="stylesheet"></link>
+
+		<!-- HTML5 shim, for IE6-8 support of HTML5 elements -->
+		<!--[if lt IE 9]>
+			<script th:src="@{/webjars/html5shiv/html5shiv.min.js}" src="/webjars/html5shiv/html5shiv.min.js"></script>
+		<![endif]-->
+	</head>
+
+
+	<body>
+		<div id="wrap">
+			<div class="navbar navbar-inverse navbar-static-top">
+				<div class="navbar-inner">
+					<div class="container">
+						<a class="brand" th:href="@{/}"><img th:src="@{/resources/img/logo.png}" alt="Spring Security Sample"/></a>
+
+<div class="nav-collapse collapse"
+		th:with="currentUser=${#httpServletRequest.userPrincipal?.principal}">
+	<div th:if="${currentUser != null}">
+			<form class="navbar-form pull-right" th:action="@{/logout}" method="post">
+					<input type="submit" value="Log out" />
+			</form>
+			<p id="un" class="navbar-text pull-right" th:text="${currentUser.username}">
+				sample_user
+			</p>
+	</div>
+	<ul class="nav">
+	</ul>
+</div>
+
+				</div>
+			</div>
+		</div>
+			<!-- Begin page content -->
+			<div class="container">
+				<div class="alert alert-success"
+							th:if="${globalMessage}"
+							th:text="${globalMessage}">
+						Some Success message
+				</div>
+				<div layout:fragment="content">
+						Fake content
+				</div>
+			</div>
+
+			<div id="push"><!--  --></div>
+		</div>
+
+		<div id="footer">
+			<div class="container">
+				<p class="muted credit">Visit the <a href="https://spring.io/spring-security">Spring Security</a> site for more <a href="https://github.com/spring-projects/spring-security/blob/master/samples/">samples</a>.</p>
+			</div>
+		</div>
+	</body>
+</html>

spring-session-samples/spring-session-sample-boot-mongodb-traditional/src/test/java/org/springframework/session/mongodb/examples/BootTests.java

@@ -0,0 +1,112 @@
+/*
+ * Copyright 2014-2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.mongodb.examples;
+
+import java.util.Set;
+
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.openqa.selenium.By;
+import org.openqa.selenium.Cookie;
+import org.openqa.selenium.WebDriver;
+import org.openqa.selenium.WebElement;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.session.mongodb.examples.pages.HomePage;
+import org.springframework.session.mongodb.examples.pages.LoginPage;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDriverBuilder;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * @author Pool Dolorier
+ */
+@ExtendWith(SpringExtension.class)
+@AutoConfigureMockMvc
+@SpringBootTest(webEnvironment = WebEnvironment.MOCK)
+public class BootTests {
+
+	@Autowired
+	private MockMvc mockMvc;
+
+	private WebDriver driver;
+
+	@BeforeEach
+	void setUp() {
+		this.driver = MockMvcHtmlUnitDriverBuilder.mockMvcSetup(this.mockMvc).build();
+	}
+
+	@AfterEach
+	void tearDown() {
+		this.driver.quit();
+	}
+
+	@Test
+	void unauthenticatedUserSentToLogInPage() {
+
+		HomePage homePage = HomePage.go(this.driver);
+		LoginPage loginPage = homePage.unauthenticated();
+		loginPage.assertAt();
+	}
+
+	@Test
+	void logInViewsHomePage() {
+
+		LoginPage loginPage = LoginPage.go(this.driver);
+		loginPage.assertAt();
+
+		HomePage homePage = loginPage.login("user", "password");
+		homePage.assertAt();
+
+		WebElement username = homePage.getDriver().findElement(By.id("un"));
+		assertThat(username.getText()).isEqualTo("user");
+		Set<Cookie> cookies = homePage.getDriver().manage().getCookies();
+		assertThat(cookies).extracting("name").contains("SESSION");
+		assertThat(cookies).extracting("name").doesNotContain("JSESSIONID");
+	}
+
+	@Test
+	void logoutSuccess() {
+
+		LoginPage loginPage = LoginPage.go(this.driver);
+		HomePage homePage = loginPage.login("user", "password");
+		LoginPage successLogoutPage = homePage.logout();
+
+		successLogoutPage.assertAt();
+	}
+
+	@Test
+	void loggedOutUserSentToLoginPage() {
+
+		LoginPage loginPage = LoginPage.go(this.driver);
+		HomePage homePage = loginPage.login("user", "password");
+		homePage.logout();
+
+		HomePage backHomePage = HomePage.go(this.driver);
+		LoginPage backLoginPage = backHomePage.unauthenticated();
+
+		backLoginPage.assertAt();
+	}
+
+}

spring-session-samples/spring-session-sample-boot-mongodb-traditional/src/test/java/org/springframework/session/mongodb/examples/pages/BasePage.java

@@ -0,0 +1,42 @@
+/*
+ * Copyright 2014-2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.mongodb.examples.pages;
+
+import org.openqa.selenium.WebDriver;
+
+/**
+ * @author Pool Dolorier
+ */
+public abstract class BasePage {
+
+	private WebDriver driver;
+
+	public BasePage(WebDriver driver) {
+		this.driver = driver;
+	}
+
+	public WebDriver getDriver() {
+		return this.driver;
+	}
+
+	public static void get(WebDriver driver, String get) {
+
+		String baseUrl = "http://localhost";
+		driver.get(baseUrl + get);
+	}
+
+}

spring-session-samples/spring-session-sample-boot-mongodb-traditional/src/test/java/org/springframework/session/mongodb/examples/pages/HomePage.java

@@ -0,0 +1,58 @@
+/*
+ * Copyright 2014-2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.mongodb.examples.pages;
+
+import org.openqa.selenium.WebDriver;
+import org.openqa.selenium.WebElement;
+import org.openqa.selenium.support.FindBy;
+import org.openqa.selenium.support.PageFactory;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * @author Pool Dolorier
+ */
+public class HomePage extends BasePage {
+
+	@FindBy(css = "input[type='submit']")
+	private WebElement submit;
+
+	public HomePage(WebDriver driver) {
+		super(driver);
+	}
+
+	public static HomePage go(WebDriver driver) {
+
+		get(driver, "/");
+		return PageFactory.initElements(driver, HomePage.class);
+	}
+
+	public LoginPage unauthenticated() {
+		return LoginPage.go(getDriver());
+	}
+
+	public LoginPage logout() {
+
+		this.submit.click();
+		return LoginPage.go(getDriver());
+	}
+
+	public void assertAt() {
+		assertThat(getDriver().getTitle()).isEqualTo("Spring Session Sample - Secured Content");
+	}
+
+}

spring-session-samples/spring-session-sample-boot-mongodb-traditional/src/test/java/org/springframework/session/mongodb/examples/pages/LoginPage.java

@@ -0,0 +1,62 @@
+/*
+ * Copyright 2014-2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.mongodb.examples.pages;
+
+import org.openqa.selenium.WebDriver;
+import org.openqa.selenium.WebElement;
+import org.openqa.selenium.support.FindBy;
+import org.openqa.selenium.support.PageFactory;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * @author Pool Dolorier
+ */
+public class LoginPage extends BasePage {
+
+	@FindBy(name = "username")
+	private WebElement username;
+
+	@FindBy(name = "password")
+	private WebElement password;
+
+	@FindBy(css = "button[type='submit']")
+	private WebElement submit;
+
+	public LoginPage(WebDriver driver) {
+		super(driver);
+	}
+
+	public static LoginPage go(WebDriver driver) {
+
+		get(driver, "/login");
+		return PageFactory.initElements(driver, LoginPage.class);
+	}
+
+	public void assertAt() {
+		assertThat(getDriver().getTitle()).isEqualTo("Please sign in");
+	}
+
+	public HomePage login(String user, String password) {
+
+		this.username.sendKeys(user);
+		this.password.sendKeys(password);
+		this.submit.click();
+		return HomePage.go(getDriver());
+	}
+
+}