Add End-of-Life Notice

The build conventions plugin does not support a property, so we must
override the configuration for docs.host to docs-ip.spring.io

Closes gh-1845

.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,7 @@
+<!--
+For Security Vulnerabilities, please use https://pivotal.io/security#reporting
+-->
+
+<!--
+Thanks for raising a Spring Session issue. Please provide a brief description of your problem along with the version of Spring Session that you are using. If possible, please also consider putting together a sample application that reproduces the issue.
+-->

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,24 +0,0 @@
----
-name: Bug report
-about: Create a report to help us improve
-title: ''
-labels: 'type: bug, status: waiting-for-triage'
-assignees: ''
-
----
-
-**Describe the bug**
-A clear and concise description of what the bug is.
-
-**To Reproduce**
-Steps to reproduce the behavior.
-
-**Expected behavior**
-A clear and concise description of what you expected to happen.
-
-**Sample**
-
-A link to a GitHub repository with a [minimal, reproducible sample](https://stackoverflow.com/help/minimal-reproducible-example).
-
-Reports that include a sample will take priority over reports that do not.
-At times, we may require a sample, so it is good to try and include a sample up front.

.github/ISSUE_TEMPLATE/config.yml

@@ -1,5 +0,0 @@
-blank_issues_enabled: false
-contact_links:
-  - name: Community Support
-    url: https://stackoverflow.com/questions/tagged/spring-security
-    about: Please ask and answer questions on StackOverflow with the tag spring-session

.github/ISSUE_TEMPLATE/feature_request.md

@@ -1,25 +0,0 @@
----
-name: Feature request
-about: Suggest an idea for this project
-title: ''
-labels: 'status: waiting-for-triage, type: enhancement'
-assignees: ''
-
----
-
-**Expected Behavior**
-
-<!--- Tell us how it should work -->
-
-**Current Behavior**
-
-<!--- Explain the difference from current behavior -->
-
-**Context**
-
-<!--- 
-How has this issue affected you?
-What are you trying to accomplish?
-What other alternatives have you considered?
-Are you aware of any workarounds?
--->

.github/workflows/continuous-integration-workflow.yml

@@ -1,95 +0,0 @@
-name: CI
-
-on:
-  push:
-    branches:
-      - test-slack-integration
-  schedule:
-    - cron: '0 10 * * *' # Once per day at 10am UTC
-
-jobs:
-  build:
-    name: Build
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        jdk: [8, 11]
-      fail-fast: false
-    steps:
-      - uses: actions/checkout@v2
-      - name: Set up JDK ${{ matrix.jdk }}
-        uses: actions/setup-java@v1
-        with:
-          java-version: ${{ matrix.jdk }}
-      - name: Cache Gradle packages
-        uses: actions/cache@v2
-        with:
-          path: ~/.gradle/caches
-          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
-      - name: Build with Gradle
-        run: ./gradlew clean build --no-daemon --stacktrace
-  artifacts:
-    name: Deploy Artifacts
-    needs: [build]
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Set up JDK
-        uses: actions/setup-java@v1
-        with:
-          java-version: '8'
-      - name: Deploy artifacts
-        run: |
-          export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
-          export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
-          export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
-          export VERSION_HEADER=$'Version: GnuPG v2\n\n'
-          export ORG_GRADLE_PROJECT_signingKey=${GPG_PRIVATE_KEY#"$VERSION_HEADER"}
-          export ORG_GRADLE_PROJECT_signingPassword="$GPG_PASSPHRASE"
-          ./gradlew deployArtifacts finalizeDeployArtifacts -PossrhUsername="$OSSRH_USERNAME" -PossrhPassword="$OSSRH_PASSWORD" -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" --stacktrace
-        env:
-          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
-          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
-          OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }}
-          OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
-          ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
-          ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
-          GRADLE_ENTERPRISE_CACHE_USER: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USER }}
-          GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
-          GRADLE_ENTERPRISE_SECRET_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }}
-  docs:
-    name: Deploy Docs
-    needs: [build]
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Set up JDK
-        uses: actions/setup-java@v1
-        with:
-          java-version: '8'
-      - name: Deploy Docs
-        run: |
-          export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
-          export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
-          export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
-          ./gradlew deployDocs --no-daemon -PdeployDocsSshKey="$DOCS_SSH_KEY" -PdeployDocsSshUsername="$DOCS_USERNAME" -PdeployDocsHost="$DOCS_HOST" --stacktrace
-        env:
-          DOCS_USERNAME: ${{ secrets.DOCS_USERNAME }}
-          DOCS_SSH_KEY: ${{ secrets.DOCS_SSH_KEY }}
-          DOCS_HOST: ${{ secrets.DOCS_HOST }}
-          GRADLE_ENTERPRISE_CACHE_USER: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USER }}
-          GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
-          GRADLE_ENTERPRISE_SECRET_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }}
-  notify_slack:
-    name: Notify Slack
-    runs-on: ubuntu-latest
-    env:
-      SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
-    needs: [build, artifacts, docs]
-    steps:
-      - uses: act10ns/slack@v1
-        with:
-          status: ${{ job.status }}
-          steps: ${{ toJson(steps) }}
-          channel: '#spring-security-ci'
-        if: always()

.github/workflows/pr-build-workflow.yml

@@ -1,25 +0,0 @@
-name: PR Build
-
-on: pull_request
-
-jobs:
-  build:
-    name: Build
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        jdk: [8, 11]
-      fail-fast: false
-    steps:
-      - uses: actions/checkout@v2
-      - name: Set up JDK ${{ matrix.jdk }}
-        uses: actions/setup-java@v1
-        with:
-          java-version: ${{ matrix.jdk }}
-      - name: Cache Gradle packages
-        uses: actions/cache@v2
-        with:
-          path: ~/.gradle/caches
-          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
-      - name: Build with Gradle
-        run: ./gradlew clean build --no-daemon --stacktrace

.gitignore

@@ -13,4 +13,3 @@ out
 .checkstyle
 !etc/eclipse/.checkstyle
 !**/src/**/build
-.DS_Store

.travis.yml

@@ -0,0 +1,16 @@
+sudo: required
+language: java
+jdk:
+  - openjdk8
+  - openjdk11
+services:
+  - docker
+before_cache:
+  - rm -f $HOME/.gradle/caches/modules-2/modules-2.lock
+  - rm -fr $HOME/.gradle/caches/*/plugin-resolution/
+cache:
+  directories:
+    - $HOME/.gradle/caches/
+    - $HOME/.gradle/wrapper/
+install: true
+script: ./gradlew clean check --no-daemon --stacktrace

CODE_OF_CONDUCT.adoc

@@ -0,0 +1,44 @@
+= Contributor Code of Conduct
+
+As contributors and maintainers of this project, and in the interest of fostering an open
+and welcoming community, we pledge to respect all people who contribute through reporting
+issues, posting feature requests, updating documentation, submitting pull requests or
+patches, and other activities.
+
+We are committed to making participation in this project a harassment-free experience for
+everyone, regardless of level of experience, gender, gender identity and expression,
+sexual orientation, disability, personal appearance, body size, race, ethnicity, age,
+religion, or nationality.
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery
+* Personal attacks
+* Trolling or insulting/derogatory comments
+* Public or private harassment
+* Publishing other's private information, such as physical or electronic addresses,
+  without explicit permission
+* Other unethical or unprofessional conduct
+
+Project maintainers have the right and responsibility to remove, edit, or reject comments,
+commits, code, wiki edits, issues, and other contributions that are not aligned to this
+Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors
+that they deem inappropriate, threatening, offensive, or harmful.
+
+By adopting this Code of Conduct, project maintainers commit themselves to fairly and
+consistently applying these principles to every aspect of managing this project. Project
+maintainers who do not follow or enforce the Code of Conduct may be permanently removed
+from the project team.
+
+This Code of Conduct applies both within project spaces and in public spaces when an
+individual is representing the project or its community.
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by
+contacting a project maintainer at spring-code-of-conduct@pivotal.io . All complaints will
+be reviewed and investigated and will result in a response that is deemed necessary and
+appropriate to the circumstances. Maintainers are obligated to maintain confidentiality
+with regard to the reporter of an incident.
+
+This Code of Conduct is adapted from the
+https://contributor-covenant.org[Contributor Covenant], version 1.3.0, available at
+https://contributor-covenant.org/version/1/3/0/[contributor-covenant.org/version/1/3/0/]

CONTRIBUTING.adoc

@@ -3,16 +3,9 @@
 Spring Session is released under the Apache 2.0 license. If you would like to contribute
 something, or simply want to hack on the code this document should help you get started.
 
-
 == Code of Conduct
-
-Please see our https://github.com/spring-projects/.github/blob/master/CODE_OF_CONDUCT.md[code of conduct]
-
-
-== Reporting Security Vulnerabilities
-
-Please see our https://github.com/spring-projects/spring-session/security/policy[Security policy].
-
+This project adheres to the Contributor Covenant link:CODE_OF_CONDUCT.adoc[code of conduct].
+By participating, you  are expected to uphold this code. Please report unacceptable behavior to spring-code-of-conduct@pivotal.io.
 
 == Using GitHub issues
 

README.adoc

@@ -1,8 +1,12 @@
+[NOTE]
+======
+This branch of Spring Session has reached its https://github.com/spring-projects/spring-boot/wiki/Supported-Versions[End of Life], meaning that there are no further maintenance releases or security patches planned.
+Please migrate to a supported branch as soon as possible.
+======
+
 = Spring Session
 
-image:https://badges.gitter.im/spring-projects/spring-session.svg[link="https://gitter.im/spring-projects/spring-session?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge"]
-
-image:https://github.com/spring-projects/spring-session/workflows/CI/badge.svg?branch=master["Build Status", link="https://github.com/spring-projects/spring-session/actions?query=workflow%3ACI"]
+image:https://travis-ci.org/spring-projects/spring-session.svg?branch=master["Build Status", link="https://travis-ci.org/spring-projects/spring-session"] image:https://badges.gitter.im/spring-projects/spring-session.svg[link="https://gitter.im/spring-projects/spring-session?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge"]
 
 Spring Session provides an API and implementations for managing a user's session information, while also making it trivial to support clustered sessions without being tied to an application container specific solution.
 It also provides transparent integration with:
@@ -20,16 +24,10 @@ Spring Session consists of the following modules:
 * Spring Session JDBC - provides `SessionRepository` implementation backed by a relational database and configuration support
 * Spring Session Hazelcast - provides `SessionRepository` implementation backed by Hazelcast and configuration support
 
-
 == Code of Conduct
 
-Please see our https://github.com/spring-projects/.github/blob/master/CODE_OF_CONDUCT.md[code of conduct]
-
-
-== Reporting Security Vulnerabilities
-
-Please see our https://github.com/spring-projects/spring-session/security/policy[Security policy].
-
+This project adheres to the Contributor Covenant link:CODE_OF_CONDUCT.adoc[code of conduct].
+By participating, you  are expected to uphold this code. Please report unacceptable behavior to spring-code-of-conduct@pivotal.io.
 
 == Spring Session Project Site
 

build.gradle

@@ -4,17 +4,16 @@ buildscript {
 		snapshotBuild = version.endsWith('SNAPSHOT')
 		milestoneBuild = !(releaseBuild || snapshotBuild)
 
-		springBootVersion = '2.3.1.RELEASE'
+		springBootVersion = '2.2.13.RELEASE'
 	}
 
 	repositories {
 		gradlePluginPortal()
 		maven { url 'https://repo.spring.io/plugins-release/' }
-        maven { url 'https://repo.spring.io/plugins-snapshot' }
 	}
 
 	dependencies {
-		classpath 'io.spring.gradle:spring-build-conventions:0.0.34.RELEASE'
+		classpath 'io.spring.gradle:spring-build-conventions:0.0.27.1.RELEASE'
 		classpath "org.springframework.boot:spring-boot-gradle-plugin:$springBootVersion"
 	}
 }
@@ -35,3 +34,19 @@ subprojects {
 		useJUnitPlatform()
 	}
 }
+
+if (project.hasProperty('artifactoryUsername')) {
+    allprojects { project ->
+        project.repositories { repos ->
+            all { repo ->
+                if (!repo.url.toString().startsWith("https://repo.spring.io/")) {
+                    return;
+                }
+                repo.credentials {
+                    username = artifactoryUsername
+                    password = artifactoryPassword
+                }
+            }
+        }
+    }
+}

gradle.properties

@@ -1,3 +1,3 @@
 org.gradle.jvmargs=-Xmx2g -XX:MaxMetaspaceSize=512m -XX:+HeapDumpOnOutOfMemoryError -Dfile.encoding=UTF-8
 org.gradle.parallel=true
-version=2.4.0-SNAPSHOT
+version=2.2.7.BUILD-SNAPSHOT

gradle/dependency-management.gradle

@@ -1,36 +1,35 @@
 dependencyManagement {
 	imports {
-		mavenBom 'io.projectreactor:reactor-bom:Dysprosium-SR9'
-		mavenBom 'org.junit:junit-bom:5.6.2'
-		mavenBom 'org.springframework:spring-framework-bom:5.3.0-M1'
-		mavenBom 'org.springframework.data:spring-data-bom:2020.0.0-M1'
-		mavenBom 'org.springframework.security:spring-security-bom:5.3.3.RELEASE'
-		mavenBom 'org.testcontainers:testcontainers-bom:1.14.3'
+		mavenBom 'io.projectreactor:reactor-bom:Dysprosium-SR19'
+		mavenBom 'org.junit:junit-bom:5.5.2'
+		mavenBom 'org.springframework:spring-framework-bom:5.2.14.RELEASE'
+		mavenBom 'org.springframework.data:spring-data-releasetrain:Moore-SR13'
+		mavenBom 'org.springframework.security:spring-security-bom:5.2.10.RELEASE'
+		mavenBom 'org.testcontainers:testcontainers-bom:1.15.3'
 	}
 
 	dependencies {
-		dependencySet(group: 'com.hazelcast', version: '3.12.7') {
+		dependencySet(group: 'com.hazelcast', version: '3.12.12') {
 			entry 'hazelcast'
 			entry 'hazelcast-client'
 		}
 
-		dependency 'org.aspectj:aspectjweaver:1.9.6'
 		dependency 'com.h2database:h2:1.4.200'
 		dependency 'com.ibm.db2:jcc:11.5.0.0'
 		dependency 'com.microsoft.sqlserver:mssql-jdbc:7.4.1.jre8'
-		dependency 'com.oracle.database.jdbc:ojdbc8:19.6.0.0'
+		dependency 'com.oracle.ojdbc:ojdbc8:19.3.0.0'
 		dependency 'com.zaxxer:HikariCP:3.4.5'
 		dependency 'edu.umd.cs.mtc:multithreadedtc:1.01'
-		dependency 'io.lettuce:lettuce-core:5.3.1.RELEASE'
+		dependency 'io.lettuce:lettuce-core:5.2.2.RELEASE'
 		dependency 'javax.annotation:javax.annotation-api:1.3.2'
 		dependency 'javax.servlet:javax.servlet-api:4.0.1'
-		dependency 'junit:junit:4.13'
-		dependency 'mysql:mysql-connector-java:8.0.20'
+		dependency 'junit:junit:4.12'
+		dependency 'mysql:mysql-connector-java:8.0.23'
 		dependency 'org.apache.derby:derby:10.14.2.0'
-		dependency 'org.assertj:assertj-core:3.16.1'
-		dependency 'org.hsqldb:hsqldb:2.5.0'
-		dependency 'org.mariadb.jdbc:mariadb-java-client:2.6.1'
-		dependency 'org.mockito:mockito-core:3.3.3'
-		dependency 'org.postgresql:postgresql:42.2.14'
+		dependency 'org.assertj:assertj-core:3.13.2'
+		dependency 'org.hsqldb:hsqldb:2.5.1'
+		dependency 'org.mariadb.jdbc:mariadb-java-client:2.4.4'
+		dependency 'org.mockito:mockito-core:3.0.0'
+		dependency 'org.postgresql:postgresql:42.2.16'
 	}
 }

spring-session-core/spring-session-core.gradle

@@ -25,6 +25,5 @@ dependencies {
 	testCompile "org.springframework.security:spring-security-core"
 	testCompile "org.junit.jupiter:junit-jupiter-api"
 	testCompile "org.junit.jupiter:junit-jupiter-params"
-	testCompile "org.aspectj:aspectjweaver"
 	testRuntime "org.junit.jupiter:junit-jupiter-engine"
 }

spring-session-core/src/main/java/org/springframework/session/config/annotation/web/http/EnableSpringHttpSession.java

@@ -40,7 +40,7 @@ import org.springframework.session.events.SessionDestroyedEvent;
  *
  *     {@literal @Bean}
  *     public MapSessionRepository sessionRepository() {
- *         return new MapSessionRepository(new ConcurrentHashMap<>());
+ *         return new MapSessionRepository();
  *     }
  *
  * }

spring-session-core/src/main/java/org/springframework/session/config/annotation/web/http/SpringHttpSessionConfiguration.java

@@ -58,7 +58,7 @@ import org.springframework.util.ObjectUtils;
  *
  *     {@literal @Bean}
  *     public MapSessionRepository sessionRepository() {
- *         return new MapSessionRepository(new ConcurrentHashMap<>());
+ *         return new MapSessionRepository();
  *     }
  *
  * }

spring-session-core/src/main/java/org/springframework/session/config/annotation/web/server/EnableSpringWebSession.java

@@ -36,7 +36,7 @@ import org.springframework.context.annotation.Import;
  *
  *     {@literal @Bean}
  *     public ReactiveSessionRepository sessionRepository() {
- *         return new ReactiveMapSessionRepository(new ConcurrentHashMap<>());
+ *         return new ReactiveMapSessionRepository();
  *     }
  *
  * }

spring-session-core/src/main/java/org/springframework/session/web/http/DefaultCookieSerializer.java

@@ -308,7 +308,7 @@ public class DefaultCookieSerializer implements CookieSerializer {
 	/**
 	 * Sets the maxAge property of the Cookie. The default is to delete the cookie when
 	 * the browser is closed.
-	 * @param cookieMaxAge the maxAge property of the Cookie (defined in seconds)
+	 * @param cookieMaxAge the maxAge property of the Cookie
 	 */
 	public void setCookieMaxAge(int cookieMaxAge) {
 		this.cookieMaxAge = cookieMaxAge;

spring-session-core/src/main/java/org/springframework/session/web/http/OncePerRequestFilter.java

@@ -64,7 +64,7 @@ abstract class OncePerRequestFilter implements Filter {
 		}
 		HttpServletRequest httpRequest = (HttpServletRequest) request;
 		HttpServletResponse httpResponse = (HttpServletResponse) response;
-		String alreadyFilteredAttributeName = getAlreadyFilteredAttributeName();
+		String alreadyFilteredAttributeName = this.alreadyFilteredAttributeName;
 		boolean hasAlreadyFilteredAttribute = request.getAttribute(alreadyFilteredAttributeName) != null;
 
 		if (hasAlreadyFilteredAttribute) {

spring-session-core/src/main/java/org/springframework/session/web/http/SessionRepositoryFilter.java

@@ -309,6 +309,10 @@ public class SessionRepositoryFilter<S extends Session> extends OncePerRequestFi
 			if (!create) {
 				return null;
 			}
+			if (SessionRepositoryFilter.this.httpSessionIdResolver instanceof CookieHttpSessionIdResolver
+					&& this.response.isCommitted()) {
+				throw new IllegalStateException("Cannot create a session after the response has been committed");
+			}
 			if (SESSION_LOGGER.isDebugEnabled()) {
 				SESSION_LOGGER.debug(
 						"A new session was created. To help you troubleshoot where the session was created we provided a StackTrace (this is not an error). You can prevent this from appearing by disabling DEBUG logging for "

spring-session-core/src/test/java/org/springframework/session/web/http/OncePerRequestFilterAopTests.java

@@ -1,70 +0,0 @@
-/*
- * Copyright 2014-2020 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.session.web.http;
-
-import org.aspectj.lang.annotation.AfterReturning;
-import org.aspectj.lang.annotation.Aspect;
-import org.junit.jupiter.api.Test;
-import org.mockito.Mockito;
-
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.EnableAspectJAutoProxy;
-import org.springframework.mock.web.MockFilterChain;
-import org.springframework.mock.web.MockHttpServletRequest;
-import org.springframework.mock.web.MockHttpServletResponse;
-import org.springframework.session.SessionRepository;
-import org.springframework.session.web.http.OncePerRequestFilterAopTests.Config;
-import org.springframework.test.context.junit.jupiter.SpringJUnitConfig;
-
-import static org.assertj.core.api.Assertions.assertThatCode;
-
-@SpringJUnitConfig(classes = Config.class)
-class OncePerRequestFilterAopTests {
-
-	@Test
-	void doFilterOnce(@Autowired final OncePerRequestFilter filter) {
-		assertThatCode(() -> filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(),
-				new MockFilterChain())).as("`doFilter` does not throw NPE with the bean is being proxied by Spring AOP")
-						.doesNotThrowAnyException();
-	}
-
-	@SuppressWarnings({ "rawtypes", "unchecked" })
-	@Configuration
-	@EnableAspectJAutoProxy(proxyTargetClass = true)
-	@Aspect
-	public static class Config {
-
-		@Bean
-		public SessionRepository sessionRepository() {
-			return Mockito.mock(SessionRepository.class);
-		}
-
-		@Bean
-		public SessionRepositoryFilter filter() {
-			return new SessionRepositoryFilter(sessionRepository());
-		}
-
-		@AfterReturning("execution(* SessionRepositoryFilter.doFilterInternal(..))")
-		public void doInternalFilterPointcut() {
-			// no op
-		}
-
-	}
-
-}

spring-session-core/src/test/java/org/springframework/session/web/http/SessionRepositoryFilterTests.java

@@ -62,6 +62,7 @@ import org.springframework.test.util.ReflectionTestUtils;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
 import static org.assertj.core.api.Assertions.fail;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
@@ -423,6 +424,18 @@ class SessionRepositoryFilterTests {
 		assertThat(this.response.getCookie("SESSION")).isNotNull();
 	}
 
+	@Test
+	void doFilterGetSessionNewWhenResponseCommittedThenException() {
+		assertThatIllegalStateException().isThrownBy(() -> doFilter(new DoInFilter() {
+			@Override
+			public void doFilter(HttpServletRequest wrappedRequest, HttpServletResponse wrappedResponse)
+					throws IOException {
+				wrappedResponse.getWriter().flush();
+				wrappedRequest.getSession();
+			}
+		}));
+	}
+
 	@Test
 	void doFilterGetSessionNew() throws Exception {
 		doFilter(new DoInFilter() {

spring-session-data-redis/src/integration-test/java/org/springframework/session/data/redis/RedisIndexedSessionRepositoryITests.java

@@ -18,7 +18,6 @@ package org.springframework.session.data.redis;
 
 import java.nio.charset.StandardCharsets;
 import java.util.Map;
-import java.util.Set;
 import java.util.UUID;
 
 import org.junit.jupiter.api.BeforeEach;
@@ -135,22 +134,6 @@ class RedisIndexedSessionRepositoryITests extends AbstractRedisITests {
 				.isEqualTo(expectedAttributeValue);
 	}
 
-	@Test
-	void removeAttributeRemovedAttributeKey() {
-		RedisSession toSave = this.repository.createSession();
-		toSave.setAttribute("a", "b");
-		this.repository.save(toSave);
-
-		toSave.removeAttribute("a");
-		this.repository.save(toSave);
-
-		String id = toSave.getId();
-		String key = "RedisIndexedSessionRepositoryITests:sessions:" + id;
-
-		Set<Map.Entry<Object, Object>> entries = this.redis.boundHashOps(key).entries().entrySet();
-		assertThat(entries).extracting(Map.Entry::getKey).doesNotContain("sessionAttr:a");
-	}
-
 	@Test
 	void putAllOnSingleAttrDoesNotRemoveOld() {
 		RedisSession toSave = this.repository.createSession();

spring-session-data-redis/src/main/java/org/springframework/session/data/redis/RedisIndexedSessionRepository.java

@@ -142,7 +142,7 @@ import org.springframework.util.Assert;
  * <p>
  * When a session is created an event is sent to Redis with the channel of
  * "spring:session:channel:created:33fdd1b6-b496-4b33-9f7d-df96679d32fe" such that
- * "33fdd1b6-b496-4b33-9f7d-df96679d32fe" is the session id. The body of the event will be
+ * "33fdd1b6-b496-4b33-9f7d-df96679d32fe" is the sesion id. The body of the event will be
  * the session that was created.
  * </p>
  *
@@ -792,8 +792,7 @@ public class RedisIndexedSessionRepository
 				return;
 			}
 			String sessionId = getId();
-			BoundHashOperations<Object, Object, Object> boundHashOperations = getSessionBoundHashOperations(sessionId);
-			boundHashOperations.putAll(this.delta);
+			getSessionBoundHashOperations(sessionId).putAll(this.delta);
 			String principalSessionKey = getSessionAttrNameKey(
 					FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME);
 			String securityPrincipalSessionKey = getSessionAttrNameKey(SPRING_SECURITY_CONTEXT);
@@ -812,11 +811,6 @@ public class RedisIndexedSessionRepository
 							.add(sessionId);
 				}
 			}
-			for (final Map.Entry<String, Object> attribute : this.delta.entrySet()) {
-				if (attribute.getValue() == null) {
-					boundHashOperations.delete(attribute.getKey());
-				}
-			}
 
 			this.delta = new HashMap<>(this.delta.size());
 

spring-session-docs/spring-session-docs.gradle

@@ -25,22 +25,7 @@ dependencies {
 
 def versions = dependencyManagement.managedVersions
 
-asciidoctorPdf {
-    clearSources()
-    sources {
-        include "index.adoc"
-    }
-}
-
 asciidoctor {
-    clearSources()
-    sources {
-        include "index.adoc"
-        include "guides/*.adoc"
-    }
-}
-
-asciidoctorj {
 	def ghTag = snapshotBuild ? 'master' : project.version
 	def ghUrl = "https://github.com/spring-projects/spring-session/tree/$ghTag"
 
@@ -61,7 +46,11 @@ asciidoctorj {
 			'spring-session-version': project.version,
 			'version-milestone': milestoneBuild,
 			'version-release': releaseBuild,
-			'version-snapshot': snapshotBuild,
-			'highlightjsdir@': "js/highlight",
-			'docinfodir@': "."
+			'version-snapshot': snapshotBuild
+}
+
+remotes {
+    docs {
+        host = "docs-ip.spring.io"
+    }
 }

spring-session-docs/src/docs/asciidoc/guides/boot-findbyusername.adoc

@@ -1,16 +1,11 @@
 = Spring Session - find by username
 Rob Winch
-:toc: left
-:stylesdir: ../
-:highlightjsdir: ../js/highlight
-:docinfodir: guides
+:toc:
 
 This guide describes how to use Spring Session to find sessions by username.
 
 NOTE: You can find the completed guide in the <<findbyusername-sample, findbyusername application>>.
 
-[#index-link]
-link:../index.html[Index]
 
 [[findbyusername-assumptions]]
 == Assumptions
@@ -28,7 +23,7 @@ Consider the following scenario:
 
 * User goes to library and authenticates to the application.
 * User goes home and realizes they forgot to log out.
-* User can log in and end the session from the library using clues like the location, created time, last accessed time, and so on.
+* User can log in and terminate the session from the library using clues like the location, created time, last accessed time, and so on.
 
 Would it not be nice if we could let the user invalidate the session at the library from any device with which they authenticate?
 This sample demonstrates how this is possible.
@@ -145,5 +140,5 @@ You can emulate the flow we discussed in the <<About the Sample>> section by doi
 * Enter the following to log in:
 ** *Username* _user_
 ** *Password* _password_
-* End your original session.
+* Terminate your original session.
 * Refresh the original window and see that you are logged out.

spring-session-docs/src/docs/asciidoc/guides/boot-jdbc.adoc

@@ -1,17 +1,11 @@
 = Spring Session - Spring Boot
 Rob Winch, Vedran Pavić
-:toc: left
-:stylesdir: ../
-:highlightjsdir: ../js/highlight
-:docinfodir: guides
+:toc:
 
 This guide describes how to use Spring Session to transparently leverage a relational database to back a web application's `HttpSession` when you use Spring Boot.
 
 NOTE: You can find the completed guide in the <<httpsession-jdbc-boot-sample, httpsession-jdbc-boot sample application>>.
 
-[#index-link]
-link:../index.html[Index]
-
 == Updating Dependencies
 
 Before you use Spring Session, you must update your dependencies.
@@ -52,9 +46,6 @@ spring.session.store-type=jdbc # Session store type.
 ----
 ====
 
-If a single Spring Session module is present on the classpath, Spring Boot uses that store implementation automatically.
-If you have more than one implementation, you must choose the StoreType that you wish to use to store the sessions, as shows above.
-
 Under the hood, Spring Boot applies configuration that is equivalent to manually adding the `@EnableJdbcHttpSession` annotation.
 This creates a Spring bean with the name of `springSessionRepositoryFilter`. That bean implements `Filter`.
 The filter is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.

spring-session-docs/src/docs/asciidoc/guides/boot-redis.adoc

@@ -1,17 +1,11 @@
 = Spring Session - Spring Boot
 Rob Winch, Vedran Pavić
-:toc: left
-:stylesdir: ../
-:highlightjsdir: ../js/highlight
-:docinfodir: guides
+:toc:
 
 This guide describes how to use Spring Session to transparently leverage Redis to back a web application's `HttpSession` when you use Spring Boot.
 
 NOTE: You can find the completed guide in the <<boot-sample, boot sample application>>.
 
-[#index-link]
-link:../index.html[Index]
-
 == Updating Dependencies
 
 Before you use Spring Session, you must ensure your dependencies.
@@ -59,7 +53,7 @@ Further customization is possible by using `application.properties`, as the foll
 .src/main/resources/application.properties
 ----
 server.servlet.session.timeout= # Session timeout. If a duration suffix is not specified, seconds is used.
-spring.session.redis.flush-mode=on_save # Sessions flush mode.
+spring.session.redis.flush-mode=on-save # Sessions flush mode.
 spring.session.redis.namespace=spring:session # Namespace for keys used to store sessions.
 ----
 ====
@@ -157,6 +151,6 @@ To do so, enter the following into your terminal, being sure to replace `7e8383a
 ----
 	$ redis-cli del spring:session:sessions:7e8383a4-082c-4ffe-a4bc-c40fd3363c5e
 ----
-====
+=====
 
 Now you can visit the application at http://localhost:8080/ and observe that we are no longer authenticated.

spring-session-docs/src/docs/asciidoc/guides/boot-webflux-custom-cookie.adoc

@@ -1,66 +0,0 @@
-= Spring Session - WebFlux with Custom Cookie
-Eleftheria Stein-Kousathana
-:toc: left
-:stylesdir: ../
-:highlightjsdir: ../js/highlight
-:docinfodir: guides
-
-This guide describes how to configure Spring Session to use custom cookies in a WebFlux based application.
-The guide assumes you have already set up Spring Session in your project using your chosen data store. For example, link:./boot-redis.html[HttpSession with Redis].
-
-NOTE: You can find the completed guide in the <<webflux-custom-cookie-sample, WebFlux Custom Cookie sample application>>.
-
-[#index-link]
-link:../index.html[Index]
-
-[[webflux-custom-cookie-spring-configuration]]
-== Spring Boot Configuration
-
-Once you have set up Spring Session, you can customize how the session cookie is written by exposing a `WebSessionIdResolver` as a Spring bean.
-Spring Session uses a `CookieWebSessionIdResolver` by default.
-Exposing the `WebSessionIdResolver` as a Spring bean augments the existing configuration when you use configurations like `@EnableRedisHttpSession`.
-The following example shows how to customize Spring Session's cookie:
-
-====
-[source,java]
-----
-include::{samples-dir}spring-session-sample-boot-webflux-custom-cookie/src/main/java/sample/CookieConfig.java[tags=webflux-cookie-serializer]
-----
-
-<1> We customize the name of the cookie to be `JSESSIONID`.
-<2> We customize the path of the cookie to be `/` (rather than the default of the context root).
-<3> We customize the `SameSite` cookie directive to be `Strict`.
-====
-
-[[webflux-custom-cookie-sample]]
-== `webflux-custom-cookie` Sample Application
-
-This section describes how to work with the `webflux-custom-cookie` sample application.
-
-=== Running the `webflux-custom-cookie` Sample Application
-
-You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
-
-====
-----
-$ ./gradlew :spring-session-sample-boot-webflux-custom-cookie:bootRun
-----
-====
-
-NOTE: For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
-Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
-Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
-
-You should now be able to access the application at http://localhost:8080/
-
-=== Exploring the `webflux-custom-cookie` Sample Application
-
-Now you can use the application. Fill out the form with the following information:
-
-* *Attribute Name:* _username_
-* *Attribute Value:* _rob_
-
-Now click the *Set Attribute* button.
-You should now see the values displayed in the table.
-
-If you look at the cookies for the application, you can see the cookie is saved to the custom name of `JSESSIONID`.

spring-session-docs/src/docs/asciidoc/guides/boot-websocket.adoc

@@ -1,10 +1,7 @@
 = Spring Session - WebSocket
 Rob Winch
-:toc: left
+:toc:
 :websocketdoc-test-dir: {docs-test-dir}docs/websocket/
-:stylesdir: ../
-:highlightjsdir: ../js/highlight
-:docinfodir: guides
 
 This guide describes how to use Spring Session to ensure that WebSocket messages keep your HttpSession alive.
 
@@ -15,12 +12,9 @@ Specifically,it does not work with using https://www.jcp.org/en/jsr/detail?id=35
 
 // end::disclaimer[]
 
-[#index-link]
-link:../index.html[Index]
-
 == HttpSession Setup
 
-The first step is to integrate Spring Session with the HttpSession. These steps are already outlined in the link:./boot-redis.html[HttpSession with Redis Guide].
+The first step is to integrate Spring Session with the HttpSession. These steps are already outlined in the link:httpsession.html[HttpSession Guide].
 
 Please make sure you have already integrated Spring Session with HttpSession before proceeding.
 
@@ -59,14 +53,14 @@ What does `AbstractSessionWebSocketMessageBrokerConfigurer` do behind the scenes
 
 * `WebSocketConnectHandlerDecoratorFactory` is added as a `WebSocketHandlerDecoratorFactory` to `WebSocketTransportRegistration`.
 This ensures a custom `SessionConnectEvent` is fired that contains the `WebSocketSession`.
-The `WebSocketSession` is necessary to end any WebSocket connections that are still open when a Spring Session is ended.
+The `WebSocketSession` is necessary to terminate any WebSocket connections that are still open when a Spring Session is terminated.
 * `SessionRepositoryMessageInterceptor` is added as a `HandshakeInterceptor` to every `StompWebSocketEndpointRegistration`.
 This ensures that the `Session` is added to the WebSocket properties to enable updating the last accessed time.
 * `SessionRepositoryMessageInterceptor` is added as a `ChannelInterceptor` to our inbound `ChannelRegistration`.
 This ensures that every time an inbound message is received, that the last accessed time of our Spring Session is updated.
 * `WebSocketRegistryListener` is created as a Spring bean.
 This ensures that we have a mapping of all of the `Session` IDs to the corresponding WebSocket connections.
-By maintaining this mapping, we can close all the WebSocket connections when a Spring Session (HttpSession) is ended.
+By maintaining this mapping, we can close all the WebSocket connections when a Spring Session (HttpSession) is terminated.
 
 
 // end::config[]
@@ -131,7 +125,7 @@ You can see that the message is no longer sent.
 ====
 Spring Session expires in 60 seconds, but the notification from Redis is not guaranteed to happen within 60 seconds.
 To ensure the socket is closed in a reasonable amount of time, Spring Session runs a background task every minute at 00 seconds that forcibly cleans up any expired sessions.
-This means you need to wait at most two minutes before the WebSocket connection is closed.
+This means you need to wait at most two minutes before the WebSocket connection is terminated.
 ====
 
 You can now try accessing http://localhost:8080/

spring-session-docs/src/docs/asciidoc/guides/docinfo-footer.html

@@ -1,2 +0,0 @@
-<script type="text/javascript" src="../js/tocbot/tocbot.min.js"></script>
-<script type="text/javascript" src="../js/toc.js"></script>

spring-session-docs/src/docs/asciidoc/guides/java-custom-cookie.adoc

@@ -1,18 +1,12 @@
 = Spring Session - Custom Cookie
 Rob Winch; Eleftheria Stein-Kousathana
-:toc: left
-:stylesdir: ../
-:highlightjsdir: ../js/highlight
-:docinfodir: guides
+:toc:
 
 This guide describes how to configure Spring Session to use custom cookies with Java Configuration.
-The guide assumes you have already set up Spring Session in your project using your chosen data store. For example, link:./boot-redis.html[HttpSession with Redis].
+The guide assumes you have already link:./httpsession.html[set up Spring Session in your project].
 
 NOTE: You can find the completed guide in the <<custom-cookie-sample, Custom Cookie sample application>>.
 
-[#index-link]
-link:../index.html[Index]
-
 [[custom-cookie-spring-configuration]]
 == Spring Java Configuration
 

spring-session-docs/src/docs/asciidoc/guides/java-hazelcast.adoc

@@ -1,18 +1,12 @@
 = Spring Session and Spring Security with Hazelcast
 Tommy Ludwig; Rob Winch
-:toc: left
-:stylesdir: ../
-:highlightjsdir: ../js/highlight
-:docinfodir: guides
+:toc:
 
 This guide describes how to use Spring Session along with Spring Security when you use Hazelcast as your data store.
 It assumes that you have already applied Spring Security to your application.
 
 NOTE: You cand find the completed guide in the <<hazelcast-spring-security-sample, Hazelcast Spring Security sample application>>.
 
-[#index-link]
-link:../index.html[Index]
-
 == Updating Dependencies
 
 Before you use Spring Session, you must update your dependencies.

spring-session-docs/src/docs/asciidoc/guides/java-jdbc.adoc

@@ -1,17 +1,11 @@
 = Spring Session - HttpSession (Quick Start)
 Rob Winch, Vedran Pavić
-:toc: left
-:stylesdir: ../
-:highlightjsdir: ../js/highlight
-:docinfodir: guides
+:toc:
 
 This guide describes how to use Spring Session to transparently leverage a relational database to back a web application's `HttpSession` with Java Configuration.
 
 NOTE: You can find the completed guide in the <<httpsession-jdbc-sample, httpsession-jdbc sample application>>.
 
-[#index-link]
-link:../index.html[Index]
-
 == Updating Dependencies
 
 Before you use Spring Session, you must update your dependencies.
@@ -105,7 +99,7 @@ For additional information on how to configure data access related concerns, see
 
 == Java Servlet Container Initialization
 
-Our <<httpsession-jdbc-spring-configuration,Spring Configuration>> created a Spring bean named `springSessionRepositoryFilter` that implements `Filter`.
+Our <<httpsession-spring-configuration,Spring Configuration>> created a Spring bean named `springSessionRepositoryFilter` that implements `Filter`.
 The `springSessionRepositoryFilter` bean is responsible for replacing the `HttpSession` with a custom implementation that is backed by Spring Session.
 
 In order for our `Filter` to do its magic, Spring needs to load our `Config` class.
@@ -128,36 +122,6 @@ Doing so ensures that the Spring bean named `springSessionRepositoryFilter` is r
 <2> `AbstractHttpSessionApplicationInitializer` also provides a mechanism to ensure Spring loads our `Config`.
 ====
 
-== Multiple DataSources
-Spring Session provides the `@SpringSessionDataSource` qualifier, allowing you to explicitly declare which `DataSource` bean should be injected in `JdbcIndexedSessionRepository`.
-This is particularly useful in scenarios with multiple `DataSource` beans present in the application context.
-
-The following example shows how to do so:
-
-====
-.Config.java
-[source,java]
-----
-@EnableJdbcHttpSession
-public class Config {
-
-	@Bean
-	@SpringSessionDataSource // <1>
-	public EmbeddedDatabase firstDataSource() {
-		return new EmbeddedDatabaseBuilder()
-				.setType(EmbeddedDatabaseType.H2).addScript("org/springframework/session/jdbc/schema-h2.sql").build();
-	}
-
-	@Bean
-	public HikariDataSource secondDataSource() {
-		// ...
-	}
-}
-----
-
-<1> This qualifier declares that firstDataSource is to be used by Spring Session.
-====
-
 // end::config[]
 
 [[httpsession-jdbc-sample]]

spring-session-docs/src/docs/asciidoc/guides/java-redis.adoc

@@ -1,18 +1,12 @@
 = Spring Session - HttpSession (Quick Start)
 Rob Winch
-:toc: left
+:toc:
 :version-snapshot: true
-:stylesdir: ../
-:highlightjsdir: ../js/highlight
-:docinfodir: guides
 
 This guide describes how to use Spring Session to transparently leverage Redis to back a web application's `HttpSession` with Java Configuration.
 
 NOTE: You can find the completed guide in the <<httpsession-sample, httpsession sample application>>.
 
-[#index-link]
-link:../index.html[Index]
-
 == Updating Dependencies
 Before you use Spring Session, you must update your dependencies.
 If you are using Maven, you must add the following dependencies:

spring-session-docs/src/docs/asciidoc/guides/java-rest.adoc

@@ -1,17 +1,11 @@
 = Spring Session - REST
 Rob Winch
-:toc: left
-:stylesdir: ../
-:highlightjsdir: ../js/highlight
-:docinfodir: guides
+:toc:
 
 This guide describes how to use Spring Session to transparently leverage Redis to back a web application's `HttpSession` when you use REST endpoints.
 
 NOTE: You can find the completed guide in the <<rest-sample, rest sample application>>.
 
-[#index-link]
-link:../index.html[Index]
-
 == Updating Dependencies
 
 Before you use Spring Session, you must update your dependencies.
@@ -247,7 +241,7 @@ $ curl -v http://localhost:8080/ -u user:password
 
 In the output, you should notice the following:
 
-====
+===
 ----
 HTTP/1.1 200 OK
 ...

spring-session-docs/src/docs/asciidoc/guides/java-security.adoc

@@ -1,18 +1,12 @@
 = Spring Session and Spring Security
 Rob Winch
-:toc: left
-:stylesdir: ../
-:highlightjsdir: ../js/highlight
-:docinfodir: guides
+:toc:
 
 This guide describes how to use Spring Session along with Spring Security.
 It assumes you have already applied Spring Security to your application.
 
 NOTE: You can find the completed guide in the <<security-sample, security sample application>>.
 
-[#index-link]
-link:../index.html[Index]
-
 == Updating Dependencies
 Before you use Spring Session, you must update your dependencies.
 If you use Maven, you must add the following dependencies:

spring-session-docs/src/docs/asciidoc/guides/xml-jdbc.adoc

@@ -1,17 +1,11 @@
 = Spring Session - HttpSession (Quick Start)
 Rob Winch, Vedran Pavić
-:toc: left
-:stylesdir: ../
-:highlightjsdir: ../js/highlight
-:docinfodir: guides
+:toc:
 
 This guide describes how to use Spring Session to transparently leverage a relational to back a web application's `HttpSession` with XML based configuration.
 
 NOTE: You can find the completed guide in the <<httpsession-jdbc-xml-sample, httpsession-jdbc-xml sample application>>.
 
-[#index-link]
-link:../index.html[Index]
-
 == Updating Dependencies
 
 Before you use Spring Session, you must update your dependencies.
@@ -74,8 +68,8 @@ You must have the following in your pom.xml:
 	<url>https://repo.spring.io/libs-milestone</url>
 </repository>
 ----
-====
 endif::[]
+====
 
 // tag::config[]
 
@@ -107,7 +101,7 @@ For additional information on how to configure data access-related concerns, see
 
 == XML Servlet Container Initialization
 
-Our <<httpsession-jdbc-xml-spring-configuration,Spring Configuration>> created a Spring bean named `springSessionRepositoryFilter` that implements `Filter`.
+Our <<httpsession-xml-spring-configuration,Spring Configuration>> created a Spring bean named `springSessionRepositoryFilter` that implements `Filter`.
 The `springSessionRepositoryFilter` bean is responsible for replacing the `HttpSession` with a custom implementation that is backed by Spring Session.
 
 In order for our `Filter` to do its magic, we need to instruct Spring to load our `session.xml` configuration.

spring-session-docs/src/docs/asciidoc/guides/xml-redis.adoc

@@ -1,17 +1,11 @@
 = Spring Session - HttpSession (Quick Start)
 Rob Winch
-:toc: left
-:stylesdir: ../
-:highlightjsdir: ../js/highlight
-:docinfodir: guides
+:toc:
 
 This guide describes how to use Spring Session to transparently leverage Redis to back a web application's `HttpSession` with XML-based configuration.
 
 NOTE: You can find the completed guide in the <<httpsession-xml-sample, httpsession-xml sample application>>.
 
-[#index-link]
-link:../index.html[Index]
-
 == Updating Dependencies
 Before you use Spring Session, you must update your dependencies.
 If you use Maven, you must add the following dependencies:

spring-session-docs/src/docs/asciidoc/index.adoc

@@ -70,10 +70,6 @@ To get started with Spring Session, the best place to start is our Sample Applic
 | Demonstrates how to use Spring Session to replace the Spring WebFlux's `WebSession` with Redis.
 |
 
-| {gh-samples-url}spring-session-sample-boot-webflux-custom-cookie[WebFlux with Custom Cookie]
-| Demonstrates how to use Spring Session to customize the Session cookie in a WebFlux based application.
-| link:guides/boot-webflux-custom-cookie.html[WebFlux with Custom Cookie Guide]
-
 | {gh-samples-url}spring-session-sample-boot-redis-json[HttpSession with Redis JSON serialization]
 | Demonstrates how to use Spring Session to replace the `HttpSession` with Redis using JSON serialization.
 |
@@ -293,7 +289,7 @@ Any method that returns an `HttpSession` is overridden.
 All other methods are implemented by `HttpServletRequestWrapper` and delegate to the original `HttpServletRequest` implementation.
 
 We replace the `HttpServletRequest` implementation by using a servlet `Filter` called `SessionRepositoryFilter`.
-The following pseudocode shows how it works:
+The pseudocode belows:
 
 ====
 [source, java]
@@ -1177,8 +1173,8 @@ include::{session-jdbc-main-resources-dir}org/springframework/session/jdbc/schem
 
 ==== Transaction Management
 
-All JDBC operations in `JdbcIndexedSessionRepository` are performed in a transactional manner.
-Transactions are performed with propagation set to `REQUIRES_NEW` in order to avoid unexpected behavior due to interference with existing transactions (for example, running a `save` operation in a thread that already participates in a read-only transaction).
+All JDBC operations in `JdbcIndexedSessionRepository` are executed in a transactional manner.
+Transactions are executed with propagation set to `REQUIRES_NEW` in order to avoid unexpected behavior due to interference with existing transactions (for example, running a `save` operation in a thread that already participates in a read-only transaction).
 
 [[api-hazelcastindexedsessionrepository]]
 === Using `HazelcastIndexedSessionRepository`

spring-session-docs/src/test/java/docs/security/RememberMeSecurityConfiguration.java

@@ -19,7 +19,6 @@ package docs.security;
 import java.util.concurrent.ConcurrentHashMap;
 
 import org.springframework.context.annotation.Bean;
-import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@@ -42,16 +41,14 @@ public class RememberMeSecurityConfiguration extends WebSecurityConfigurerAdapte
 	protected void configure(HttpSecurity http) throws Exception {
 		http
 			// ... additional configuration ...
-			.rememberMe((rememberMe) -> rememberMe
-				.rememberMeServices(rememberMeServices())
-			);
+			.rememberMe()
+				.rememberMeServices(rememberMeServices());
 		// end::http-rememberme[]
 
 		http
-			.formLogin(Customizer.withDefaults())
-			.authorizeRequests((authorize) -> authorize
-				.anyRequest().authenticated()
-			);
+			.formLogin().and()
+			.authorizeRequests()
+				.anyRequest().authenticated();
 	}
 
 	// tag::rememberme-bean[]

spring-session-docs/src/test/java/docs/security/SecurityConfiguration.java

@@ -40,10 +40,9 @@ public class SecurityConfiguration<S extends Session> extends WebSecurityConfigu
 		// @formatter:off
 		http
 			// other config goes here...
-			.sessionManagement((sessionManagement) -> sessionManagement
+			.sessionManagement()
 				.maximumSessions(2)
-				.sessionRegistry(sessionRegistry())
-			);
+				.sessionRegistry(sessionRegistry());
 		// @formatter:on
 	}
 

spring-session-hazelcast/src/integration-test/java/org/springframework/session/hazelcast/ClientServerHazelcastIndexedSessionRepositoryITests.java

@@ -46,7 +46,7 @@ import org.springframework.test.context.web.WebAppConfiguration;
 @WebAppConfiguration
 class ClientServerHazelcastIndexedSessionRepositoryITests extends AbstractHazelcastIndexedSessionRepositoryITests {
 
-	private static GenericContainer container = new GenericContainer<>("hazelcast/hazelcast:3.12.3")
+	private static GenericContainer container = new GenericContainer<>("hazelcast/hazelcast:3.12.12")
 			.withExposedPorts(5701).withCopyFileToContainer(MountableFile.forClasspathResource("/hazelcast-server.xml"),
 					"/opt/hazelcast/hazelcast.xml");
 

spring-session-jdbc/spring-session-jdbc.gradle

@@ -16,7 +16,7 @@ dependencies {
 	integrationTestCompile "com.h2database:h2"
 	integrationTestCompile "com.ibm.db2:jcc"
 	integrationTestCompile "com.microsoft.sqlserver:mssql-jdbc"
-	integrationTestCompile "com.oracle.database.jdbc:ojdbc8"
+	integrationTestCompile "com.oracle.ojdbc:ojdbc8"
 	integrationTestCompile "com.zaxxer:HikariCP"
 	integrationTestCompile "mysql:mysql-connector-java"
 	integrationTestCompile "org.apache.derby:derby"

spring-session-jdbc/src/integration-test/java/org/springframework/session/jdbc/DatabaseContainers.java

@@ -104,7 +104,7 @@ final class DatabaseContainers {
 	private static class MariaDb10Container extends MariaDBContainer<MariaDb10Container> {
 
 		MariaDb10Container() {
-			super("mariadb:10.4.8");
+			super("mariadb:10.4.18");
 		}
 
 		@Override

spring-session-jdbc/src/main/java/org/springframework/session/jdbc/JdbcIndexedSessionRepository.java

@@ -103,7 +103,7 @@ import org.springframework.util.StringUtils;
  * );
  *
  * CREATE UNIQUE INDEX SPRING_SESSION_IX1 ON SPRING_SESSION (SESSION_ID);
- * CREATE INDEX SPRING_SESSION_IX2 ON SPRING_SESSION (EXPIRY_TIME);
+ * CREATE INDEX SPRING_SESSION_IX1 ON SPRING_SESSION (EXPIRY_TIME);
  * CREATE INDEX SPRING_SESSION_IX3 ON SPRING_SESSION (PRINCIPAL_NAME);
  *
  * CREATE TABLE SPRING_SESSION_ATTRIBUTES (

spring-session-samples/gradle/dependency-management.gradle

@@ -1,15 +1,15 @@
 dependencyManagement {
 	imports {
-		mavenBom 'com.fasterxml.jackson:jackson-bom:2.11.0'
+		mavenBom 'com.fasterxml.jackson:jackson-bom:2.10.5.20201202'
 	}
 
 	dependencies {
 		dependency 'ch.qos.logback:logback-classic:1.2.3'
-		dependency 'com.maxmind.geoip2:geoip2:2.14.0'
+		dependency 'com.maxmind.geoip2:geoip2:2.3.1'
 		dependency 'javax.servlet.jsp.jstl:javax.servlet.jsp.jstl-api:1.2.2'
 		dependency 'javax.servlet.jsp:javax.servlet.jsp-api:2.3.3'
 		dependency 'org.apache.taglibs:taglibs-standard-jstlel:1.2.5'
-		dependency 'org.seleniumhq.selenium:htmlunit-driver:2.36.0'
+		dependency 'org.seleniumhq.selenium:htmlunit-driver:2.33.3'
 		dependency 'org.slf4j:jcl-over-slf4j:1.7.30'
 		dependency 'org.slf4j:log4j-over-slf4j:1.7.30'
 		dependency 'org.webjars:bootstrap:2.3.2'
@@ -17,7 +17,7 @@ dependencyManagement {
 		dependency 'org.webjars:jquery:1.12.4'
 		dependency 'org.webjars:knockout:2.3.0'
 		dependency 'org.webjars:sockjs-client:0.3.4'
-		dependency 'org.webjars:stomp-websocket:2.3.3'
+		dependency 'org.webjars:stomp-websocket:2.3.4'
 		dependency 'org.webjars:webjars-taglib:0.3'
 	}
 }

spring-session-samples/spring-session-sample-boot-findbyusername/src/main/java/sample/config/SecurityConfig.java

@@ -35,14 +35,13 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.authorizeRequests((authorize) -> authorize
+			.authorizeRequests()
 				.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
 				.anyRequest().authenticated()
-			)
-			.formLogin((formLogin) -> formLogin
+				.and()
+			.formLogin()
 				.loginPage("/login")
-				.permitAll()
-			);
+				.permitAll();
 	}
 	// end::config[]
 	// @formatter:on

spring-session-samples/spring-session-sample-boot-jdbc/src/main/java/sample/config/SecurityConfig.java

@@ -44,13 +44,12 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.authorizeRequests((authorize) -> authorize
+			.authorizeRequests()
 				.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
 				.anyRequest().authenticated()
-			)
-			.formLogin((formLogin) -> formLogin
-				.permitAll()
-			);
+				.and()
+			.formLogin()
+				.permitAll();
 	}
 	// end::config[]
 	// @formatter:on

spring-session-samples/spring-session-sample-boot-redis-json/src/main/java/sample/config/SecurityConfig.java

@@ -34,14 +34,13 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.authorizeRequests((authorize) -> authorize
+			.authorizeRequests()
 				.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
 				.anyRequest().authenticated()
-			)
-			.formLogin((formLogin) -> formLogin
+				.and()
+			.formLogin()
 				.loginPage("/login")
-				.permitAll()
-			);
+				.permitAll();
 	}
 	// @formatter:on
 

spring-session-samples/spring-session-sample-boot-redis-simple/src/main/java/sample/config/SecurityConfig.java

@@ -28,13 +28,12 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.authorizeRequests((authorize) -> authorize
+			.authorizeRequests()
 				.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
 				.anyRequest().authenticated()
-			)
-			.formLogin((formLogin) -> formLogin
-				.permitAll()
-			);
+				.and()
+			.formLogin()
+				.permitAll();
 	}
 	// @formatter:on
 

spring-session-samples/spring-session-sample-boot-redis/src/main/java/sample/config/SecurityConfig.java

@@ -35,13 +35,12 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.authorizeRequests((authorize) -> authorize
+			.authorizeRequests()
 				.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
 				.anyRequest().authenticated()
-			)
-			.formLogin((formLogin) -> formLogin
-				.permitAll()
-			);
+				.and()
+			.formLogin()
+				.permitAll();
 	}
 	// end::config[]
 	// @formatter:on

spring-session-samples/spring-session-sample-boot-webflux-custom-cookie/spring-session-sample-boot-webflux-custom-cookie.gradle

@@ -1,17 +0,0 @@
-apply plugin: 'io.spring.convention.spring-sample-boot'
-
-dependencies {
-	compile project(':spring-session-data-redis')
-	compile "org.springframework.boot:spring-boot-starter-webflux"
-	compile "org.springframework.boot:spring-boot-starter-thymeleaf"
-	compile "org.springframework.boot:spring-boot-starter-data-redis"
-	compile "org.springframework.boot:spring-boot-devtools"
-	compile 'org.webjars:bootstrap'
-
-	testCompile "org.springframework.boot:spring-boot-starter-test"
-	testCompile "org.junit.jupiter:junit-jupiter-api"
-	testRuntime "org.junit.jupiter:junit-jupiter-engine"
-
-	integrationTestCompile seleniumDependencies
-	integrationTestCompile "org.testcontainers:testcontainers"
-}

spring-session-samples/spring-session-sample-boot-webflux-custom-cookie/src/integration-test/java/sample/AttributeTests.java

@@ -1,112 +0,0 @@
-/*
- * Copyright 2014-2020 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package sample;
-
-import java.util.List;
-
-import org.junit.jupiter.api.AfterEach;
-import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.ExtendWith;
-import org.openqa.selenium.WebDriver;
-import org.openqa.selenium.htmlunit.HtmlUnitDriver;
-import org.testcontainers.containers.GenericContainer;
-import sample.pages.HomePage;
-import sample.pages.HomePage.Attribute;
-
-import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
-import org.springframework.boot.test.context.TestConfiguration;
-import org.springframework.boot.web.server.LocalServerPort;
-import org.springframework.context.annotation.Bean;
-import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
-import org.springframework.test.context.junit.jupiter.SpringExtension;
-
-import static org.assertj.core.api.Assertions.assertThat;
-
-/**
- * @author Eleftheria Stein
- */
-@ExtendWith(SpringExtension.class)
-@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
-class AttributeTests {
-
-	private static final String DOCKER_IMAGE = "redis:5.0.9";
-
-	@LocalServerPort
-	private int port;
-
-	private WebDriver driver;
-
-	@BeforeEach
-	void setup() {
-		this.driver = new HtmlUnitDriver();
-	}
-
-	@AfterEach
-	void tearDown() {
-		this.driver.quit();
-	}
-
-	@Test
-	void home() {
-		HomePage home = HomePage.go(this.driver, this.port);
-		home.assertAt();
-	}
-
-	@Test
-	void noAttributes() {
-		HomePage home = HomePage.go(this.driver, this.port);
-		assertThat(home.attributes()).isEmpty();
-	}
-
-	@Test
-	void createAttribute() {
-		HomePage home = HomePage.go(this.driver, this.port);
-		// @formatter:off
-		home = home.form()
-				.attributeName("a")
-				.attributeValue("b")
-				.submit(HomePage.class);
-		// @formatter:on
-
-		List<Attribute> attributes = home.attributes();
-		assertThat(attributes).hasSize(1);
-		Attribute row = attributes.get(0);
-		assertThat(row.getAttributeName()).isEqualTo("a");
-		assertThat(row.getAttributeValue()).isEqualTo("b");
-	}
-
-	@TestConfiguration
-	static class Config {
-
-		@Bean
-		GenericContainer redisContainer() {
-			GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE).withExposedPorts(6379);
-			redisContainer.start();
-			return redisContainer;
-		}
-
-		@Bean
-		LettuceConnectionFactory redisConnectionFactory() {
-			return new LettuceConnectionFactory(redisContainer().getContainerIpAddress(),
-					redisContainer().getFirstMappedPort());
-		}
-
-	}
-
-}

spring-session-samples/spring-session-sample-boot-webflux-custom-cookie/src/integration-test/java/sample/pages/HomePage.java

@@ -1,138 +0,0 @@
-/*
- * Copyright 2014-2020 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package sample.pages;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.openqa.selenium.SearchContext;
-import org.openqa.selenium.WebDriver;
-import org.openqa.selenium.WebElement;
-import org.openqa.selenium.support.FindBy;
-import org.openqa.selenium.support.PageFactory;
-import org.openqa.selenium.support.pagefactory.DefaultElementLocatorFactory;
-
-import static org.assertj.core.api.Assertions.assertThat;
-
-/**
- * @author Eleftheria Stein
- */
-public class HomePage {
-
-	private WebDriver driver;
-
-	@FindBy(css = "form")
-	WebElement form;
-
-	@FindBy(css = "table tbody tr")
-	List<WebElement> trs;
-
-	List<Attribute> attributes;
-
-	public HomePage(WebDriver driver) {
-		this.driver = driver;
-		this.attributes = new ArrayList<>();
-	}
-
-	private static void get(WebDriver driver, int port, String get) {
-		String baseUrl = "http://localhost:" + port;
-		driver.get(baseUrl + get);
-	}
-
-	public static HomePage go(WebDriver driver, int port) {
-		get(driver, port, "/");
-		return PageFactory.initElements(driver, HomePage.class);
-	}
-
-	public void assertAt() {
-		assertThat(this.driver.getTitle()).isEqualTo("Session Attributes");
-	}
-
-	public List<Attribute> attributes() {
-		List<Attribute> rows = new ArrayList<>();
-		for (WebElement tr : this.trs) {
-			rows.add(new Attribute(tr));
-		}
-		this.attributes.addAll(rows);
-		return this.attributes;
-	}
-
-	public Form form() {
-		return new Form(this.form);
-	}
-
-	public class Form {
-
-		@FindBy(name = "attributeName")
-		WebElement attributeName;
-
-		@FindBy(name = "attributeValue")
-		WebElement attributeValue;
-
-		@FindBy(css = "input[type=\"submit\"]")
-		WebElement submit;
-
-		public Form(SearchContext context) {
-			PageFactory.initElements(new DefaultElementLocatorFactory(context), this);
-		}
-
-		public Form attributeName(String text) {
-			this.attributeName.sendKeys(text);
-			return this;
-		}
-
-		public Form attributeValue(String text) {
-			this.attributeValue.sendKeys(text);
-			return this;
-		}
-
-		public <T> T submit(Class<T> page) {
-			this.submit.click();
-			return PageFactory.initElements(HomePage.this.driver, page);
-		}
-
-	}
-
-	public static class Attribute {
-
-		@FindBy(xpath = ".//td[1]")
-		WebElement attributeName;
-
-		@FindBy(xpath = ".//td[2]")
-		WebElement attributeValue;
-
-		public Attribute(SearchContext context) {
-			PageFactory.initElements(new DefaultElementLocatorFactory(context), this);
-		}
-
-		/**
-		 * @return the attributeName
-		 */
-		public String getAttributeName() {
-			return this.attributeName.getText();
-		}
-
-		/**
-		 * @return the attributeValue
-		 */
-		public String getAttributeValue() {
-			return this.attributeValue.getText();
-		}
-
-	}
-
-}

spring-session-samples/spring-session-sample-boot-webflux-custom-cookie/src/integration-test/resources/testcontainers.properties

@@ -1 +0,0 @@
-ryuk.container.timeout=120

spring-session-samples/spring-session-sample-boot-webflux-custom-cookie/src/main/java/sample/CookieConfig.java

@@ -1,41 +0,0 @@
-/*
- * Copyright 2014-2020 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package sample;
-
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.web.server.session.CookieWebSessionIdResolver;
-import org.springframework.web.server.session.WebSessionIdResolver;
-
-/**
- * @author Eleftheria Stein
- */
-@Configuration
-public class CookieConfig {
-
-	// tag::webflux-cookie-serializer[]
-	@Bean
-	public WebSessionIdResolver webSessionIdResolver() {
-		CookieWebSessionIdResolver resolver = new CookieWebSessionIdResolver();
-		resolver.setCookieName("JSESSIONID"); // <1>
-		resolver.addCookieInitializer((builder) -> builder.path("/")); // <2>
-		resolver.addCookieInitializer((builder) -> builder.sameSite("Strict")); // <3>
-		return resolver;
-	}
-	// end::webflux-cookie-serializer[]
-
-}

spring-session-samples/spring-session-sample-boot-webflux-custom-cookie/src/main/java/sample/HelloWebFluxApplication.java

@@ -1,32 +0,0 @@
-/*
- * Copyright 2014-2020 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package sample;
-
-import org.springframework.boot.SpringApplication;
-import org.springframework.boot.autoconfigure.SpringBootApplication;
-
-/**
- * @author Eleftheria Stein
- */
-@SpringBootApplication
-public class HelloWebFluxApplication {
-
-	public static void main(String[] args) {
-		SpringApplication.run(HelloWebFluxApplication.class, args);
-	}
-
-}

spring-session-samples/spring-session-sample-boot-webflux-custom-cookie/src/main/java/sample/SessionAttributeForm.java

@@ -1,44 +0,0 @@
-/*
- * Copyright 2014-2020 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package sample;
-
-/**
- * @author Eleftheria Stein
- */
-public class SessionAttributeForm {
-
-	private String attributeName;
-
-	private String attributeValue;
-
-	public String getAttributeName() {
-		return this.attributeName;
-	}
-
-	public void setAttributeName(String attributeName) {
-		this.attributeName = attributeName;
-	}
-
-	public String getAttributeValue() {
-		return this.attributeValue;
-	}
-
-	public void setAttributeValue(String attributeValue) {
-		this.attributeValue = attributeValue;
-	}
-
-}

spring-session-samples/spring-session-sample-boot-webflux-custom-cookie/src/main/java/sample/SessionController.java

@@ -1,43 +0,0 @@
-/*
- * Copyright 2014-2020 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package sample;
-
-import org.springframework.stereotype.Controller;
-import org.springframework.ui.Model;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.ModelAttribute;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.server.WebSession;
-
-// tag::class[]
-@Controller
-public class SessionController {
-
-	@PostMapping("/session")
-	public String setAttribute(@ModelAttribute SessionAttributeForm sessionAttributeForm, WebSession session) {
-		session.getAttributes().put(sessionAttributeForm.getAttributeName(), sessionAttributeForm.getAttributeValue());
-		return "redirect:/";
-	}
-
-	@GetMapping("/")
-	public String index(Model model, WebSession webSession) {
-		model.addAttribute("webSession", webSession);
-		return "home";
-	}
-
-}
-// tag::end[]

spring-session-samples/spring-session-sample-boot-webflux-custom-cookie/src/main/resources/templates/home.html

@@ -1,42 +0,0 @@
-<!DOCTYPE html>
-
-<html>
-
-<head>
-    <title>Session Attributes</title>
-    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-</head>
-<body>
-<div class="container">
-    <h1>Description</h1>
-    <p>This application demonstrates how to customize the session cookie. Notice that the name of the cookie is JSESSIONID.</p>
-
-    <h1>Try it</h1>
-
-    <form class="form-inline" role="form" action="./session" method="post">
-        <label for="attributeName">Attribute Name</label>
-        <input id="attributeName" type="text" name="attributeName"/>
-        <label for="attributeValue">Attribute Value</label>
-        <input id="attributeValue" type="text" name="attributeValue"/>
-        <input type="submit" value="Set Attribute"/>
-    </form>
-
-    <hr/>
-
-    <table class="table table-striped">
-        <thead>
-        <tr>
-            <th>Attribute Name</th>
-            <th>Attribute Value</th>
-        </tr>
-        </thead>
-        <tbody>
-        <tr th:each="attr : ${webSession.attributes}">
-            <td th:text="${attr.key}"/></td>
-            <td th:text="${attr.value}"/></td>
-        </tr>
-        </tbody>
-    </table>
-</div>
-</body>
-</html>

spring-session-samples/spring-session-sample-boot-webflux/src/main/java/sample/SessionController.java

@@ -36,7 +36,7 @@ public class SessionController {
 	@GetMapping("/")
 	public String index(Model model, WebSession webSession) {
 		model.addAttribute("webSession", webSession);
-		return "home";
+		return "index";
 	}
 
 	private static final long serialVersionUID = 2878267318695777395L;

spring-session-samples/spring-session-sample-boot-websocket/spring-session-sample-boot-websocket.gradle

@@ -8,7 +8,6 @@ dependencies {
 	compile "org.springframework.boot:spring-boot-starter-data-jpa"
 	compile "org.springframework.boot:spring-boot-starter-data-redis"
 	compile "org.springframework.boot:spring-boot-starter-websocket"
-	compile "org.springframework.boot:spring-boot-starter-validation"
 	compile "org.springframework.boot:spring-boot-devtools"
 	compile "org.springframework:spring-websocket"
 	compile "org.springframework.security:spring-security-messaging"

spring-session-samples/spring-session-sample-boot-websocket/src/main/java/sample/config/WebSecurityConfig.java

@@ -53,13 +53,12 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.authorizeRequests((authorize) -> authorize
+			.authorizeRequests()
 				.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
 				.anyRequest().authenticated()
-			)
-			.formLogin((formLogin) -> formLogin
-				.permitAll()
-			);
+				.and()
+			.formLogin()
+				.permitAll();
 	}
 	// @formatter:on
 

spring-session-samples/spring-session-sample-javaconfig-jdbc/src/main/java/sample/SessionServlet.java

@@ -37,4 +37,4 @@ public class SessionServlet extends HttpServlet {
 	private static final long serialVersionUID = 2878267318695777395L;
 
 }
-// end::class[]
+// tag::end[]

spring-session-samples/spring-session-sample-javaconfig-redis/src/main/java/sample/SessionServlet.java

@@ -38,4 +38,4 @@ public class SessionServlet extends HttpServlet {
 	private static final long serialVersionUID = 2878267318695777395L;
 
 }
-// end::class[]
+// tag::end[]

spring-session-samples/spring-session-sample-javaconfig-rest/spring-session-sample-javaconfig-rest.gradle

@@ -22,5 +22,4 @@ dependencies {
 
 gretty {
 	jvmArgs = ['-Dspring.profiles.active=embedded-redis']
-	servletContainer = 'tomcat9'
 }

spring-session-samples/spring-session-sample-javaconfig-rest/src/main/java/sample/SecurityConfig.java

@@ -17,7 +17,6 @@
 package sample;
 
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -32,13 +31,13 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.authorizeRequests((authorize) -> authorize
+			.authorizeRequests()
 				.anyRequest().authenticated()
-			)
-			.requestCache((requestCache) -> requestCache
+				.and()
+			.requestCache()
 				.requestCache(new NullRequestCache())
-			)
-			.httpBasic(Customizer.withDefaults());
+				.and()
+			.httpBasic();
 	}
 	// @formatter:on