Release 2.5.2

Closes gh-1890

.github/workflows/continuous-integration-workflow.yml

@@ -1,11 +1,19 @@
-name: CI
+name: 2.5.x CI
 
 on:
   push:
     branches:
-      - test-slack-integration
+      - 2.5.x
   schedule:
     - cron: '0 10 * * *' # Once per day at 10am UTC
+  workflow_dispatch: # Manual trigger
+
+env:
+  GRADLE_ENTERPRISE_CACHE_USER: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USER }}
+  GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
+  GRADLE_ENTERPRISE_SECRET_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }}
+  ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
+  ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
 
 jobs:
   build:
@@ -21,13 +29,21 @@ jobs:
         uses: actions/setup-java@v1
         with:
           java-version: ${{ matrix.jdk }}
+      - name: Setup gradle user name
+        run: |
+          mkdir -p ~/.gradle
+          echo 'systemProp.user.name=spring-builds' >> ~/.gradle/gradle.properties
       - name: Cache Gradle packages
         uses: actions/cache@v2
         with:
           path: ~/.gradle/caches
           key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
       - name: Build with Gradle
-        run: ./gradlew clean build --no-daemon --stacktrace
+        run: |
+          export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
+          export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
+          export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
+          ./gradlew clean build -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" --no-daemon --stacktrace
   artifacts:
     name: Deploy Artifacts
     needs: [build]
@@ -38,6 +54,10 @@ jobs:
         uses: actions/setup-java@v1
         with:
           java-version: '8'
+      - name: Setup gradle user name
+        run: |
+          mkdir -p ~/.gradle
+          echo 'systemProp.user.name=spring-builds' >> ~/.gradle/gradle.properties
       - name: Deploy artifacts
         run: |
           export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
@@ -46,17 +66,15 @@ jobs:
           export VERSION_HEADER=$'Version: GnuPG v2\n\n'
           export ORG_GRADLE_PROJECT_signingKey=${GPG_PRIVATE_KEY#"$VERSION_HEADER"}
           export ORG_GRADLE_PROJECT_signingPassword="$GPG_PASSPHRASE"
-          ./gradlew deployArtifacts finalizeDeployArtifacts -PossrhUsername="$OSSRH_USERNAME" -PossrhPassword="$OSSRH_PASSWORD" -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" --stacktrace
+          ./gradlew deployArtifacts -PossrhUsername="$OSSRH_TOKEN_USERNAME" -PossrhPassword="$OSSRH_TOKEN_PASSWORD" -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" --stacktrace --no-parallel
+          ./gradlew finalizeDeployArtifacts -PossrhUsername="$OSSRH_TOKEN_USERNAME" -PossrhPassword="$OSSRH_TOKEN_PASSWORD" -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" --stacktrace --no-parallel
         env:
-          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY_NO_HEADER }}
           GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
-          OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }}
-          OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+          OSSRH_TOKEN_USERNAME: ${{ secrets.OSSRH_TOKEN_USERNAME }}
+          OSSRH_TOKEN_PASSWORD: ${{ secrets.OSSRH_TOKEN_PASSWORD }}
           ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
           ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
-          GRADLE_ENTERPRISE_CACHE_USER: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USER }}
-          GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
-          GRADLE_ENTERPRISE_SECRET_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }}
   docs:
     name: Deploy Docs
     needs: [build]
@@ -67,6 +85,10 @@ jobs:
         uses: actions/setup-java@v1
         with:
           java-version: '8'
+      - name: Setup gradle user name
+        run: |
+          mkdir -p ~/.gradle
+          echo 'systemProp.user.name=spring-builds' >> ~/.gradle/gradle.properties
       - name: Deploy Docs
         run: |
           export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
@@ -77,19 +99,3 @@ jobs:
           DOCS_USERNAME: ${{ secrets.DOCS_USERNAME }}
           DOCS_SSH_KEY: ${{ secrets.DOCS_SSH_KEY }}
           DOCS_HOST: ${{ secrets.DOCS_HOST }}
-          GRADLE_ENTERPRISE_CACHE_USER: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USER }}
-          GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
-          GRADLE_ENTERPRISE_SECRET_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }}
-  notify_slack:
-    name: Notify Slack
-    runs-on: ubuntu-latest
-    env:
-      SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
-    needs: [build, artifacts, docs]
-    steps:
-      - uses: act10ns/slack@v1
-        with:
-          status: ${{ job.status }}
-          steps: ${{ toJson(steps) }}
-          channel: '#spring-security-ci'
-        if: always()

.github/workflows/pr-build-workflow.yml

@@ -1,6 +1,9 @@
-name: PR Build
+name: 2.5.x PR Build
 
-on: pull_request
+on:
+  pull_request:
+    branches:
+      - 2.5.x
 
 jobs:
   build:

CONTRIBUTING.adoc

@@ -6,7 +6,7 @@ something, or simply want to hack on the code this document should help you get
 
 == Code of Conduct
 
-Please see our https://github.com/spring-projects/.github/blob/master/CODE_OF_CONDUCT.md[code of conduct]
+Please see our https://github.com/spring-projects/.github/blob/main/CODE_OF_CONDUCT.md[code of conduct].
 
 
 == Reporting Security Vulnerabilities
@@ -26,7 +26,6 @@ information as possible. Ideally, that would include a small sample project that
 reproduces the problem.
 
 
-
 == Sign the Contributor License Agreement
 If you have not previously done so, please fill out and
 submit the https://cla.pivotal.io/sign/spring[Contributor License Agreement].

README.adoc

@@ -2,7 +2,7 @@
 
 image:https://badges.gitter.im/spring-projects/spring-session.svg[link="https://gitter.im/spring-projects/spring-session?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge"]
 
-image:https://github.com/spring-projects/spring-session/workflows/CI/badge.svg?branch=master["Build Status", link="https://github.com/spring-projects/spring-session/actions?query=workflow%3ACI"]
+image:https://github.com/spring-projects/spring-session/workflows/CI/badge.svg?branch=main["Build Status", link="https://github.com/spring-projects/spring-session/actions?query=workflow%3ACI"]
 
 Spring Session provides an API and implementations for managing a user's session information, while also making it trivial to support clustered sessions without being tied to an application container specific solution.
 It also provides transparent integration with:
@@ -13,27 +13,61 @@ It also provides transparent integration with:
 
 == Modules
 
-Spring Session consists of the following modules:
+This Spring Session repository consists of the following modules:
 
 * Spring Session Core - provides core Spring Session functionalities and APIs
 * Spring Session Data Redis - provides `SessionRepository` and `ReactiveSessionRepository` implementation backed by Redis and configuration support
 * Spring Session JDBC - provides `SessionRepository` implementation backed by a relational database and configuration support
 * Spring Session Hazelcast - provides `SessionRepository` implementation backed by Hazelcast and configuration support
 
+Additional Spring Session modules can be found in the https://github.com/spring-projects/spring-session-data-mongodb[spring-session-data-mongodb] repository
+and https://github.com/spring-projects/spring-session-data-geode[spring-session-data-geode] repository.
+
+== Getting Started
+
+We recommend you visit the https://docs.spring.io/spring-session/docs/current/reference/html5/#samples[Spring Session Reference] and look through the "Samples and Guides" section to see which one best suits your needs.
+
+== Samples
+
+Spring Session samples are available in the https://github.com/spring-projects/spring-session/tree/main/spring-session-samples[spring-session-samples] directory.
+
+
+== Contributing
+
+Please see our https://github.com/spring-projects/spring-session/blob/main/CONTRIBUTING.adoc[Contributing guidelines]
+for information on how to report issues, enhancements or security vulnerabilities.
+
+== Building from Source
+
+Spring Session uses a https://gradle.org[Gradle]-based build system.
+In the instructions below, `./gradlew` is invoked from the root of the source tree and serves as
+a cross-platform, self-contained bootstrap mechanism for the build.
+
+Check out sources
+----
+git clone git@github.com:spring-projects/spring-session.git
+----
+
+Install all spring-\* jars into your local Maven cache
+----
+./gradlew install
+----
+
+Compile and test; build all jars, distribution zips, and docs
+----
+./gradlew build
+----
+
+
+== Documentation
+
+You can find the documentation, samples, and guides for using Spring Session on the https://projects.spring.io/spring-session/[Spring Session project site].
+
+For more in depth information, visit the https://docs.spring.io/spring-session/docs/current/reference/html5/[Spring Session Reference].
 
 == Code of Conduct
 
-Please see our https://github.com/spring-projects/.github/blob/master/CODE_OF_CONDUCT.md[code of conduct]
-
-
-== Reporting Security Vulnerabilities
-
-Please see our https://github.com/spring-projects/spring-session/security/policy[Security policy].
-
-
-== Spring Session Project Site
-
-You can find the documentation, issue management, support, samples, and guides for using Spring Session at https://projects.spring.io/spring-session/
+Please see our https://github.com/spring-projects/.github/blob/main/CODE_OF_CONDUCT.md[code of conduct].
 
 == License
 

build.gradle

@@ -4,17 +4,25 @@ buildscript {
 		snapshotBuild = version.endsWith('SNAPSHOT')
 		milestoneBuild = !(releaseBuild || snapshotBuild)
 
-		springBootVersion = '2.3.1.RELEASE'
+		springBootVersion = '2.4.7'
 	}
 
 	repositories {
 		gradlePluginPortal()
 		maven { url 'https://repo.spring.io/plugins-release/' }
-        maven { url 'https://repo.spring.io/plugins-snapshot' }
+        maven {
+            url = 'https://repo.spring.io/plugins-snapshot'
+            if (project.hasProperty('artifactoryUsername')) {
+                credentials {
+                    username "$artifactoryUsername"
+                    password "$artifactoryPassword"
+                }
+            }
+        }
 	}
 
 	dependencies {
-		classpath 'io.spring.gradle:spring-build-conventions:0.0.34.RELEASE'
+		classpath 'io.spring.gradle:spring-build-conventions:0.0.37'
 		classpath "org.springframework.boot:spring-boot-gradle-plugin:$springBootVersion"
 	}
 }

gradle.properties

@@ -1,3 +1,3 @@
 org.gradle.jvmargs=-Xmx2g -XX:MaxMetaspaceSize=512m -XX:+HeapDumpOnOutOfMemoryError -Dfile.encoding=UTF-8
 org.gradle.parallel=true
-version=2.4.0-SNAPSHOT
+version=2.5.2

gradle/dependency-management.gradle

@@ -1,36 +1,36 @@
 dependencyManagement {
 	imports {
-		mavenBom 'io.projectreactor:reactor-bom:Dysprosium-SR9'
-		mavenBom 'org.junit:junit-bom:5.6.2'
-		mavenBom 'org.springframework:spring-framework-bom:5.3.0-M1'
-		mavenBom 'org.springframework.data:spring-data-bom:2020.0.0-M1'
-		mavenBom 'org.springframework.security:spring-security-bom:5.3.3.RELEASE'
-		mavenBom 'org.testcontainers:testcontainers-bom:1.14.3'
+		mavenBom 'io.projectreactor:reactor-bom:2020.0.10'
+		mavenBom 'org.junit:junit-bom:5.7.2'
+		mavenBom 'org.springframework:spring-framework-bom:5.3.9'
+		mavenBom 'org.springframework.data:spring-data-bom:2021.0.4'
+		mavenBom 'org.springframework.security:spring-security-bom:5.5.2'
+		mavenBom 'org.testcontainers:testcontainers-bom:1.15.3'
 	}
 
 	dependencies {
-		dependencySet(group: 'com.hazelcast', version: '3.12.7') {
+		dependencySet(group: 'com.hazelcast', version: '3.12.12') {
 			entry 'hazelcast'
 			entry 'hazelcast-client'
 		}
 
-		dependency 'org.aspectj:aspectjweaver:1.9.6'
+		dependency 'org.aspectj:aspectjweaver:1.9.7'
 		dependency 'com.h2database:h2:1.4.200'
-		dependency 'com.ibm.db2:jcc:11.5.0.0'
+		dependency 'com.ibm.db2:jcc:11.5.5.0'
 		dependency 'com.microsoft.sqlserver:mssql-jdbc:7.4.1.jre8'
-		dependency 'com.oracle.database.jdbc:ojdbc8:19.6.0.0'
+		dependency 'com.oracle.database.jdbc:ojdbc8:19.10.0.0'
 		dependency 'com.zaxxer:HikariCP:3.4.5'
 		dependency 'edu.umd.cs.mtc:multithreadedtc:1.01'
-		dependency 'io.lettuce:lettuce-core:5.3.1.RELEASE'
+		dependency 'io.lettuce:lettuce-core:6.1.4.RELEASE'
 		dependency 'javax.annotation:javax.annotation-api:1.3.2'
 		dependency 'javax.servlet:javax.servlet-api:4.0.1'
-		dependency 'junit:junit:4.13'
-		dependency 'mysql:mysql-connector-java:8.0.20'
+		dependency 'junit:junit:4.13.2'
+		dependency 'mysql:mysql-connector-java:8.0.26'
 		dependency 'org.apache.derby:derby:10.14.2.0'
-		dependency 'org.assertj:assertj-core:3.16.1'
-		dependency 'org.hsqldb:hsqldb:2.5.0'
-		dependency 'org.mariadb.jdbc:mariadb-java-client:2.6.1'
-		dependency 'org.mockito:mockito-core:3.3.3'
-		dependency 'org.postgresql:postgresql:42.2.14'
+		dependency 'org.assertj:assertj-core:3.19.0'
+		dependency 'org.hsqldb:hsqldb:2.5.2'
+		dependency 'org.mariadb.jdbc:mariadb-java-client:2.7.4'
+		dependency 'org.mockito:mockito-core:3.10.0'
+		dependency 'org.postgresql:postgresql:42.2.23'
 	}
 }

gradle/wrapper/gradle-wrapper.properties

@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-5.6.4-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-6.8.1-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

gradlew

@@ -82,6 +82,7 @@ esac
 
 CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
 
+
 # Determine the Java command to use to start the JVM.
 if [ -n "$JAVA_HOME" ] ; then
     if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
@@ -129,6 +130,7 @@ fi
 if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then
     APP_HOME=`cygpath --path --mixed "$APP_HOME"`
     CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
+
     JAVACMD=`cygpath --unix "$JAVACMD"`
 
     # We build the pattern for arguments to be converted via cygpath
@@ -154,19 +156,19 @@ if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then
         else
             eval `echo args$i`="\"$arg\""
         fi
-        i=$((i+1))
+        i=`expr $i + 1`
     done
     case $i in
-        (0) set -- ;;
-        (1) set -- "$args0" ;;
-        (2) set -- "$args0" "$args1" ;;
-        (3) set -- "$args0" "$args1" "$args2" ;;
-        (4) set -- "$args0" "$args1" "$args2" "$args3" ;;
-        (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
-        (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
-        (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
-        (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
-        (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
+        0) set -- ;;
+        1) set -- "$args0" ;;
+        2) set -- "$args0" "$args1" ;;
+        3) set -- "$args0" "$args1" "$args2" ;;
+        4) set -- "$args0" "$args1" "$args2" "$args3" ;;
+        5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
+        6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
+        7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
+        8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
+        9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
     esac
 fi
 
@@ -175,14 +177,9 @@ save () {
     for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
     echo " "
 }
-APP_ARGS=$(save "$@")
+APP_ARGS=`save "$@"`
 
 # Collect all arguments for the java command, following the shell quoting and substitution rules
 eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
 
-# by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong
-if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then
-  cd "$(dirname "$0")"
-fi
-
 exec "$JAVACMD" "$@"

gradlew.bat

@@ -29,6 +29,9 @@ if "%DIRNAME%" == "" set DIRNAME=.
 set APP_BASE_NAME=%~n0
 set APP_HOME=%DIRNAME%
 
+@rem Resolve any "." and ".." in APP_HOME to make it shorter.
+for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
+
 @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
 set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
 
@@ -37,7 +40,7 @@ if defined JAVA_HOME goto findJavaFromJavaHome
 
 set JAVA_EXE=java.exe
 %JAVA_EXE% -version >NUL 2>&1
-if "%ERRORLEVEL%" == "0" goto init
+if "%ERRORLEVEL%" == "0" goto execute
 
 echo.
 echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
@@ -51,7 +54,7 @@ goto fail
 set JAVA_HOME=%JAVA_HOME:"=%
 set JAVA_EXE=%JAVA_HOME%/bin/java.exe
 
-if exist "%JAVA_EXE%" goto init
+if exist "%JAVA_EXE%" goto execute
 
 echo.
 echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
@@ -61,28 +64,14 @@ echo location of your Java installation.
 
 goto fail
 
-:init
-@rem Get command-line arguments, handling Windows variants
-
-if not "%OS%" == "Windows_NT" goto win9xME_args
-
-:win9xME_args
-@rem Slurp the command line arguments.
-set CMD_LINE_ARGS=
-set _SKIP=2
-
-:win9xME_args_slurp
-if "x%~1" == "x" goto execute
-
-set CMD_LINE_ARGS=%*
-
 :execute
 @rem Setup the command line
 
 set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
 
+
 @rem Execute Gradle
-"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
 
 :end
 @rem End local scope for the variables with windows NT shell

settings.gradle

@@ -1,3 +1,15 @@
+pluginManagement {
+    repositories {
+        gradlePluginPortal()
+        maven { url 'https://repo.spring.io/plugins-release' }
+    }
+}
+
+plugins {
+    id "com.gradle.enterprise" version "3.5.1"
+    id "io.spring.ge.conventions" version "0.0.7"
+}
+
 rootProject.name = 'spring-session-build'
 
 include 'spring-session-core'
@@ -5,6 +17,8 @@ include 'spring-session-data-redis'
 include 'spring-session-docs'
 include 'spring-session-hazelcast'
 include 'spring-session-jdbc'
+include 'hazelcast4'
+project(':hazelcast4').projectDir = file('spring-session-hazelcast/hazelcast4')
 
 file('spring-session-samples').eachDirMatch(~/spring-session-sample-.*/) { dir ->
     include dir.name

spring-session-core/src/main/java/org/springframework/session/web/http/SessionRepositoryFilter.java

@@ -59,6 +59,7 @@ import org.springframework.session.SessionRepository;
  * . The default is to look in a cookie named SESSION.</li>
  * <li>The session id of newly created {@link org.springframework.session.Session} is sent
  * to the client using
+ * {@link HttpSessionIdResolver#setSessionId(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, String)}
  * <li>The client is notified that the session id is no longer valid with
  * {@link HttpSessionIdResolver#expireSession(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)}
  * </li>
@@ -309,6 +310,10 @@ public class SessionRepositoryFilter<S extends Session> extends OncePerRequestFi
 			if (!create) {
 				return null;
 			}
+			if (SessionRepositoryFilter.this.httpSessionIdResolver instanceof CookieHttpSessionIdResolver
+					&& this.response.isCommitted()) {
+				throw new IllegalStateException("Cannot create a session after the response has been committed");
+			}
 			if (SESSION_LOGGER.isDebugEnabled()) {
 				SESSION_LOGGER.debug(
 						"A new session was created. To help you troubleshoot where the session was created we provided a StackTrace (this is not an error). You can prevent this from appearing by disabling DEBUG logging for "

spring-session-core/src/test/java/org/springframework/session/security/web/authentication/SpringSessionRememberMeServicesTests.java

@@ -33,7 +33,7 @@ import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.verifyZeroInteractions;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
 
 /**
  * Tests for {@link SpringSessionRememberMeServices}.
@@ -88,7 +88,7 @@ class SpringSessionRememberMeServicesTests {
 		HttpServletResponse response = mock(HttpServletResponse.class);
 		this.rememberMeServices = new SpringSessionRememberMeServices();
 		this.rememberMeServices.autoLogin(request, response);
-		verifyZeroInteractions(request, response);
+		verifyNoMoreInteractions(request, response);
 	}
 
 	// gh-752
@@ -102,7 +102,7 @@ class SpringSessionRememberMeServicesTests {
 		this.rememberMeServices.loginFail(request, response);
 		verify(request, times(1)).getSession(eq(false));
 		verify(session, times(1)).removeAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY);
-		verifyZeroInteractions(request, response, session);
+		verifyNoMoreInteractions(request, response, session);
 	}
 
 	@Test
@@ -119,7 +119,7 @@ class SpringSessionRememberMeServicesTests {
 		verify(request, times(1)).getSession();
 		verify(request, times(1)).setAttribute(eq(SpringSessionRememberMeServices.REMEMBER_ME_LOGIN_ATTR), eq(true));
 		verify(session, times(1)).setMaxInactiveInterval(eq(2592000));
-		verifyZeroInteractions(request, response, session, authentication);
+		verifyNoMoreInteractions(request, response, session, authentication);
 	}
 
 	@Test
@@ -137,7 +137,7 @@ class SpringSessionRememberMeServicesTests {
 		verify(request, times(1)).getSession();
 		verify(request, times(1)).setAttribute(eq(SpringSessionRememberMeServices.REMEMBER_ME_LOGIN_ATTR), eq(true));
 		verify(session, times(1)).setMaxInactiveInterval(eq(2592000));
-		verifyZeroInteractions(request, response, session, authentication);
+		verifyNoMoreInteractions(request, response, session, authentication);
 	}
 
 	@Test
@@ -153,7 +153,7 @@ class SpringSessionRememberMeServicesTests {
 		verify(request, times(1)).getSession();
 		verify(request, times(1)).setAttribute(eq(SpringSessionRememberMeServices.REMEMBER_ME_LOGIN_ATTR), eq(true));
 		verify(session, times(1)).setMaxInactiveInterval(eq(2592000));
-		verifyZeroInteractions(request, response, session, authentication);
+		verifyNoMoreInteractions(request, response, session, authentication);
 	}
 
 	@Test
@@ -171,7 +171,7 @@ class SpringSessionRememberMeServicesTests {
 		verify(request, times(1)).getSession();
 		verify(request, times(1)).setAttribute(eq(SpringSessionRememberMeServices.REMEMBER_ME_LOGIN_ATTR), eq(true));
 		verify(session, times(1)).setMaxInactiveInterval(eq(100000));
-		verifyZeroInteractions(request, response, session, authentication);
+		verifyNoMoreInteractions(request, response, session, authentication);
 	}
 
 }

spring-session-core/src/test/java/org/springframework/session/web/http/SessionEventHttpSessionListenerAdapterTests.java

@@ -39,7 +39,7 @@ import org.springframework.session.events.SessionDestroyedEvent;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.verifyZeroInteractions;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
 
 /**
  * Tests for {@link SessionEventHttpSessionListenerAdapter}.
@@ -97,7 +97,7 @@ class SessionEventHttpSessionListenerAdapterTests {
 
 		this.listener.onApplicationEvent(this.destroyed);
 
-		verifyZeroInteractions(this.destroyed, this.listener1, this.listener2);
+		verifyNoMoreInteractions(this.destroyed, this.listener1, this.listener2);
 	}
 
 	@Test

spring-session-core/src/test/java/org/springframework/session/web/http/SessionRepositoryFilterTests.java

@@ -62,6 +62,7 @@ import org.springframework.test.util.ReflectionTestUtils;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
 import static org.assertj.core.api.Assertions.fail;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
@@ -72,7 +73,7 @@ import static org.mockito.Mockito.reset;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.verifyZeroInteractions;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
 
 /**
  * Tests for {@link SessionRepositoryFilter}.
@@ -423,6 +424,18 @@ class SessionRepositoryFilterTests {
 		assertThat(this.response.getCookie("SESSION")).isNotNull();
 	}
 
+	@Test
+	void doFilterGetSessionNewWhenResponseCommittedThenException() {
+		assertThatIllegalStateException().isThrownBy(() -> doFilter(new DoInFilter() {
+			@Override
+			public void doFilter(HttpServletRequest wrappedRequest, HttpServletResponse wrappedResponse)
+					throws IOException {
+				wrappedResponse.getWriter().flush();
+				wrappedRequest.getSession();
+			}
+		}));
+	}
+
 	@Test
 	void doFilterGetSessionNew() throws Exception {
 		doFilter(new DoInFilter() {
@@ -1260,7 +1273,7 @@ class SessionRepositoryFilterTests {
 			}
 		});
 
-		verifyZeroInteractions(sessionRepository);
+		verifyNoMoreInteractions(sessionRepository);
 	}
 
 	@Test
@@ -1275,7 +1288,7 @@ class SessionRepositoryFilterTests {
 			}
 		});
 
-		verifyZeroInteractions(sessionRepository);
+		verifyNoMoreInteractions(sessionRepository);
 	}
 
 	@Test
@@ -1293,7 +1306,7 @@ class SessionRepositoryFilterTests {
 			}
 		});
 
-		verifyZeroInteractions(sessionRepository);
+		verifyNoMoreInteractions(sessionRepository);
 	}
 
 	@Test
@@ -1318,7 +1331,7 @@ class SessionRepositoryFilterTests {
 		verify(sessionRepository).deleteById(eq(session.getId()));
 		verify(sessionRepository).createSession();
 		verify(sessionRepository).save(any());
-		verifyZeroInteractions(sessionRepository);
+		verifyNoMoreInteractions(sessionRepository);
 	}
 
 	// --- order

spring-session-core/src/test/java/org/springframework/session/web/socket/server/SessionRepositoryMessageInterceptorTests.java

@@ -49,7 +49,7 @@ import static org.mockito.ArgumentMatchers.argThat;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.verifyZeroInteractions;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
 
 class SessionRepositoryMessageInterceptorTests {
 
@@ -98,7 +98,7 @@ class SessionRepositoryMessageInterceptorTests {
 
 		assertThat(this.interceptor.preSend(createMessage(), this.channel)).isSameAs(this.createMessage);
 
-		verifyZeroInteractions(this.sessionRepository);
+		verifyNoMoreInteractions(this.sessionRepository);
 	}
 
 	@Test
@@ -107,7 +107,7 @@ class SessionRepositoryMessageInterceptorTests {
 
 		assertThat(this.interceptor.preSend(createMessage(), this.channel)).isSameAs(this.createMessage);
 
-		verifyZeroInteractions(this.sessionRepository);
+		verifyNoMoreInteractions(this.sessionRepository);
 	}
 
 	@Test
@@ -116,7 +116,7 @@ class SessionRepositoryMessageInterceptorTests {
 
 		assertThat(this.interceptor.preSend(createMessage(), this.channel)).isSameAs(this.createMessage);
 
-		verifyZeroInteractions(this.sessionRepository);
+		verifyNoMoreInteractions(this.sessionRepository);
 	}
 
 	@Test
@@ -125,7 +125,7 @@ class SessionRepositoryMessageInterceptorTests {
 
 		assertThat(this.interceptor.preSend(createMessage(), this.channel)).isSameAs(this.createMessage);
 
-		verifyZeroInteractions(this.sessionRepository);
+		verifyNoMoreInteractions(this.sessionRepository);
 	}
 
 	@Test
@@ -209,7 +209,7 @@ class SessionRepositoryMessageInterceptorTests {
 
 		assertThat(this.interceptor.preSend(createMessage(), this.channel)).isSameAs(this.createMessage);
 
-		verifyZeroInteractions(this.sessionRepository);
+		verifyNoMoreInteractions(this.sessionRepository);
 	}
 
 	@Test
@@ -218,14 +218,14 @@ class SessionRepositoryMessageInterceptorTests {
 
 		assertThat(this.interceptor.preSend(createMessage(), this.channel)).isSameAs(this.createMessage);
 
-		verifyZeroInteractions(this.sessionRepository);
+		verifyNoMoreInteractions(this.sessionRepository);
 	}
 
 	@Test
 	void beforeHandshakeNotServletServerHttpRequest() {
 		assertThat(this.interceptor.beforeHandshake(null, null, null, null)).isTrue();
 
-		verifyZeroInteractions(this.sessionRepository);
+		verifyNoMoreInteractions(this.sessionRepository);
 	}
 
 	@Test
@@ -233,7 +233,7 @@ class SessionRepositoryMessageInterceptorTests {
 		ServletServerHttpRequest request = new ServletServerHttpRequest(new MockHttpServletRequest());
 		assertThat(this.interceptor.beforeHandshake(request, null, null, null)).isTrue();
 
-		verifyZeroInteractions(this.sessionRepository);
+		verifyNoMoreInteractions(this.sessionRepository);
 	}
 
 	@Test
@@ -256,7 +256,7 @@ class SessionRepositoryMessageInterceptorTests {
 	void afterHandshakeDoesNothing() {
 		this.interceptor.afterHandshake(null, null, null, null);
 
-		verifyZeroInteractions(this.sessionRepository);
+		verifyNoMoreInteractions(this.sessionRepository);
 	}
 
 	private void setSessionId(String id) {

spring-session-data-redis/src/integration-test/java/org/springframework/session/data/redis/AbstractRedisITests.java

@@ -29,7 +29,7 @@ import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactor
  */
 public abstract class AbstractRedisITests {
 
-	private static final String DOCKER_IMAGE = "redis:5.0.6";
+	private static final String DOCKER_IMAGE = "redis:5.0.10";
 
 	protected static class BaseConfig {
 

spring-session-data-redis/src/integration-test/java/org/springframework/session/data/redis/RedisIndexedSessionRepositoryITests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2020 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,7 +18,6 @@ package org.springframework.session.data.redis;
 
 import java.nio.charset.StandardCharsets;
 import java.util.Map;
-import java.util.Set;
 import java.util.UUID;
 
 import org.junit.jupiter.api.BeforeEach;
@@ -135,22 +134,6 @@ class RedisIndexedSessionRepositoryITests extends AbstractRedisITests {
 				.isEqualTo(expectedAttributeValue);
 	}
 
-	@Test
-	void removeAttributeRemovedAttributeKey() {
-		RedisSession toSave = this.repository.createSession();
-		toSave.setAttribute("a", "b");
-		this.repository.save(toSave);
-
-		toSave.removeAttribute("a");
-		this.repository.save(toSave);
-
-		String id = toSave.getId();
-		String key = "RedisIndexedSessionRepositoryITests:sessions:" + id;
-
-		Set<Map.Entry<Object, Object>> entries = this.redis.boundHashOps(key).entries().entrySet();
-		assertThat(entries).extracting(Map.Entry::getKey).doesNotContain("sessionAttr:a");
-	}
-
 	@Test
 	void putAllOnSingleAttrDoesNotRemoveOld() {
 		RedisSession toSave = this.repository.createSession();

spring-session-data-redis/src/main/java/org/springframework/session/data/redis/RedisIndexedSessionRepository.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2020 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,6 +18,7 @@ package org.springframework.session.data.redis;
 
 import java.time.Duration;
 import java.time.Instant;
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
@@ -36,6 +37,7 @@ import org.springframework.data.redis.core.BoundHashOperations;
 import org.springframework.data.redis.core.RedisOperations;
 import org.springframework.data.redis.serializer.JdkSerializationRedisSerializer;
 import org.springframework.data.redis.serializer.RedisSerializer;
+import org.springframework.data.redis.util.ByteUtils;
 import org.springframework.session.DelegatingIndexResolver;
 import org.springframework.session.FindByIndexNameSessionRepository;
 import org.springframework.session.FlushMode;
@@ -86,7 +88,7 @@ import org.springframework.util.Assert;
  * details.
  *
  * <pre>
- * HMSET spring:session:sessions:33fdd1b6-b496-4b33-9f7d-df96679d32fe creationTime 1404360000000 maxInactiveInterval 1800 lastAccessedTime 1404360000000 sessionAttr:attrName someAttrValue sessionAttr2:attrName someAttrValue2
+ * HMSET spring:session:sessions:33fdd1b6-b496-4b33-9f7d-df96679d32fe creationTime 1404360000000 maxInactiveInterval 1800 lastAccessedTime 1404360000000 sessionAttr:attrName someAttrValue sessionAttr:attrName2 someAttrValue2
  * EXPIRE spring:session:sessions:33fdd1b6-b496-4b33-9f7d-df96679d32fe 2100
  * APPEND spring:session:sessions:expires:33fdd1b6-b496-4b33-9f7d-df96679d32fe ""
  * EXPIRE spring:session:sessions:expires:33fdd1b6-b496-4b33-9f7d-df96679d32fe 1800
@@ -129,8 +131,8 @@ import org.springframework.util.Assert;
  * The {@link RedisIndexedSessionRepository.RedisSession} keeps track of the properties
  * that have changed and only updates those. This means if an attribute is written once
  * and read many times we only need to write that attribute once. For example, assume the
- * session attribute "sessionAttr2" from earlier was updated. The following would be
- * executed upon saving:
+ * session attribute "attrName2" from earlier was updated. The following would be executed
+ * upon saving:
  * </p>
  *
  * <pre>
@@ -272,10 +274,20 @@ public class RedisIndexedSessionRepository
 
 	private String sessionCreatedChannelPrefix;
 
+	private byte[] sessionCreatedChannelPrefixBytes;
+
 	private String sessionDeletedChannel;
 
+	private byte[] sessionDeletedChannelBytes;
+
 	private String sessionExpiredChannel;
 
+	private byte[] sessionExpiredChannelBytes;
+
+	private String expiredKeyPrefix;
+
+	private byte[] expiredKeyPrefixBytes;
+
 	private final RedisOperations<Object, Object> sessionRedisOperations;
 
 	private final RedisSessionExpirationPolicy expirationPolicy;
@@ -381,8 +393,13 @@ public class RedisIndexedSessionRepository
 
 	private void configureSessionChannels() {
 		this.sessionCreatedChannelPrefix = this.namespace + "event:" + this.database + ":created:";
+		this.sessionCreatedChannelPrefixBytes = this.sessionCreatedChannelPrefix.getBytes();
 		this.sessionDeletedChannel = "__keyevent@" + this.database + "__:del";
+		this.sessionDeletedChannelBytes = this.sessionDeletedChannel.getBytes();
 		this.sessionExpiredChannel = "__keyevent@" + this.database + "__:expired";
+		this.sessionExpiredChannelBytes = this.sessionExpiredChannel.getBytes();
+		this.expiredKeyPrefix = this.namespace + "sessions:expires:";
+		this.expiredKeyPrefixBytes = this.expiredKeyPrefix.getBytes();
 	}
 
 	/**
@@ -501,25 +518,24 @@ public class RedisIndexedSessionRepository
 	@Override
 	public void onMessage(Message message, byte[] pattern) {
 		byte[] messageChannel = message.getChannel();
-		byte[] messageBody = message.getBody();
 
-		String channel = new String(messageChannel);
-
-		if (channel.startsWith(this.sessionCreatedChannelPrefix)) {
+		if (ByteUtils.startsWith(messageChannel, this.sessionCreatedChannelPrefixBytes)) {
 			// TODO: is this thread safe?
 			@SuppressWarnings("unchecked")
 			Map<Object, Object> loaded = (Map<Object, Object>) this.defaultSerializer.deserialize(message.getBody());
-			handleCreated(loaded, channel);
+			handleCreated(loaded, new String(messageChannel));
 			return;
 		}
 
-		String body = new String(messageBody);
-		if (!body.startsWith(getExpiredKeyPrefix())) {
+		byte[] messageBody = message.getBody();
+
+		if (!ByteUtils.startsWith(messageBody, this.expiredKeyPrefixBytes)) {
 			return;
 		}
 
-		boolean isDeleted = channel.equals(this.sessionDeletedChannel);
-		if (isDeleted || channel.equals(this.sessionExpiredChannel)) {
+		boolean isDeleted = Arrays.equals(messageChannel, this.sessionDeletedChannelBytes);
+		if (isDeleted || Arrays.equals(messageChannel, this.sessionExpiredChannelBytes)) {
+			String body = new String(messageBody);
 			int beginIndex = body.lastIndexOf(":") + 1;
 			int endIndex = body.length();
 			String sessionId = body.substring(beginIndex, endIndex);
@@ -611,7 +627,7 @@ public class RedisIndexedSessionRepository
 	}
 
 	private String getExpiredKeyPrefix() {
-		return this.namespace + "sessions:expires:";
+		return this.expiredKeyPrefix;
 	}
 
 	/**
@@ -792,8 +808,7 @@ public class RedisIndexedSessionRepository
 				return;
 			}
 			String sessionId = getId();
-			BoundHashOperations<Object, Object, Object> boundHashOperations = getSessionBoundHashOperations(sessionId);
-			boundHashOperations.putAll(this.delta);
+			getSessionBoundHashOperations(sessionId).putAll(this.delta);
 			String principalSessionKey = getSessionAttrNameKey(
 					FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME);
 			String securityPrincipalSessionKey = getSessionAttrNameKey(SPRING_SECURITY_CONTEXT);
@@ -812,11 +827,6 @@ public class RedisIndexedSessionRepository
 							.add(sessionId);
 				}
 			}
-			for (final Map.Entry<String, Object> attribute : this.delta.entrySet()) {
-				if (attribute.getValue() == null) {
-					boundHashOperations.delete(attribute.getKey());
-				}
-			}
 
 			this.delta = new HashMap<>(this.delta.size());
 

spring-session-data-redis/src/main/java/org/springframework/session/data/redis/RedisSessionExpirationPolicy.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -50,6 +50,8 @@ final class RedisSessionExpirationPolicy {
 
 	private static final Log logger = LogFactory.getLog(RedisSessionExpirationPolicy.class);
 
+	private static final String SESSION_EXPIRES_PREFIX = "expires:";
+
 	private final RedisOperations<Object, Object> redis;
 
 	private final Function<Long, String> lookupExpirationKey;
@@ -67,11 +69,12 @@ final class RedisSessionExpirationPolicy {
 	void onDelete(Session session) {
 		long toExpire = roundUpToNextMinute(expiresInMillis(session));
 		String expireKey = getExpirationKey(toExpire);
-		this.redis.boundSetOps(expireKey).remove(session.getId());
+		String entryToRemove = SESSION_EXPIRES_PREFIX + session.getId();
+		this.redis.boundSetOps(expireKey).remove(entryToRemove);
 	}
 
 	void onExpirationUpdated(Long originalExpirationTimeInMilli, Session session) {
-		String keyToExpire = "expires:" + session.getId();
+		String keyToExpire = SESSION_EXPIRES_PREFIX + session.getId();
 		long toExpire = roundUpToNextMinute(expiresInMillis(session));
 
 		if (originalExpirationTimeInMilli != null) {

spring-session-data-redis/src/main/java/org/springframework/session/data/redis/RedisSessionRepository.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2020 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -42,13 +42,13 @@ import org.springframework.util.Assert;
  */
 public class RedisSessionRepository implements SessionRepository<RedisSessionRepository.RedisSession> {
 
-	private static final String DEFAULT_KEY_NAMESPACE = "spring:session:";
+	private static final String DEFAULT_KEY_NAMESPACE = "spring:session";
 
 	private final RedisOperations<String, Object> sessionRedisOperations;
 
 	private Duration defaultMaxInactiveInterval = Duration.ofSeconds(MapSession.DEFAULT_MAX_INACTIVE_INTERVAL_SECONDS);
 
-	private String keyNamespace = DEFAULT_KEY_NAMESPACE;
+	private String keyNamespace = DEFAULT_KEY_NAMESPACE + ":";
 
 	private FlushMode flushMode = FlushMode.ON_SAVE;
 
@@ -76,12 +76,23 @@ public class RedisSessionRepository implements SessionRepository<RedisSessionRep
 	/**
 	 * Set the key namespace.
 	 * @param keyNamespace the key namespace
+	 * @deprecated since 2.4.0 in favor of {@link #setRedisKeyNamespace(String)}
 	 */
+	@Deprecated
 	public void setKeyNamespace(String keyNamespace) {
 		Assert.hasText(keyNamespace, "keyNamespace must not be empty");
 		this.keyNamespace = keyNamespace;
 	}
 
+	/**
+	 * Set the Redis key namespace.
+	 * @param namespace the Redis key namespace
+	 */
+	public void setRedisKeyNamespace(String namespace) {
+		Assert.hasText(namespace, "namespace must not be empty");
+		this.keyNamespace = namespace.trim() + ":";
+	}
+
 	/**
 	 * Set the flush mode.
 	 * @param flushMode the flush mode

spring-session-data-redis/src/test/java/org/springframework/session/data/redis/ReactiveRedisSessionRepositoryTests.java

@@ -43,7 +43,7 @@ import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.verifyZeroInteractions;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
 
 /**
  * Tests for {@link ReactiveRedisSessionRepository}.
@@ -137,8 +137,8 @@ class ReactiveRedisSessionRepositoryTests {
 		verify(this.redisOperations).opsForHash();
 		verify(this.hashOperations).putAll(anyString(), this.delta.capture());
 		verify(this.redisOperations).expire(anyString(), any());
-		verifyZeroInteractions(this.redisOperations);
-		verifyZeroInteractions(this.hashOperations);
+		verifyNoMoreInteractions(this.redisOperations);
+		verifyNoMoreInteractions(this.hashOperations);
 
 		Map<String, Object> delta = this.delta.getAllValues().get(0);
 		assertThat(delta.size()).isEqualTo(3);
@@ -160,8 +160,8 @@ class ReactiveRedisSessionRepositoryTests {
 		StepVerifier.create(this.repository.save(session)).verifyComplete();
 
 		verify(this.redisOperations).hasKey(anyString());
-		verifyZeroInteractions(this.redisOperations);
-		verifyZeroInteractions(this.hashOperations);
+		verifyNoMoreInteractions(this.redisOperations);
+		verifyNoMoreInteractions(this.hashOperations);
 	}
 
 	@Test
@@ -179,8 +179,8 @@ class ReactiveRedisSessionRepositoryTests {
 		verify(this.redisOperations).opsForHash();
 		verify(this.hashOperations).putAll(anyString(), this.delta.capture());
 		verify(this.redisOperations).expire(anyString(), any());
-		verifyZeroInteractions(this.redisOperations);
-		verifyZeroInteractions(this.hashOperations);
+		verifyNoMoreInteractions(this.redisOperations);
+		verifyNoMoreInteractions(this.hashOperations);
 
 		assertThat(this.delta.getAllValues().get(0)).isEqualTo(
 				map(RedisSessionMapper.LAST_ACCESSED_TIME_KEY, session.getLastAccessedTime().toEpochMilli()));
@@ -202,8 +202,8 @@ class ReactiveRedisSessionRepositoryTests {
 		verify(this.redisOperations).opsForHash();
 		verify(this.hashOperations).putAll(anyString(), this.delta.capture());
 		verify(this.redisOperations).expire(anyString(), any());
-		verifyZeroInteractions(this.redisOperations);
-		verifyZeroInteractions(this.hashOperations);
+		verifyNoMoreInteractions(this.redisOperations);
+		verifyNoMoreInteractions(this.hashOperations);
 
 		assertThat(this.delta.getAllValues().get(0)).isEqualTo(
 				map(RedisIndexedSessionRepository.getSessionAttrNameKey(attrName), session.getAttribute(attrName)));
@@ -225,8 +225,8 @@ class ReactiveRedisSessionRepositoryTests {
 		verify(this.redisOperations).opsForHash();
 		verify(this.hashOperations).putAll(anyString(), this.delta.capture());
 		verify(this.redisOperations).expire(anyString(), any());
-		verifyZeroInteractions(this.redisOperations);
-		verifyZeroInteractions(this.hashOperations);
+		verifyNoMoreInteractions(this.redisOperations);
+		verifyNoMoreInteractions(this.hashOperations);
 
 		assertThat(this.delta.getAllValues().get(0))
 				.isEqualTo(map(RedisIndexedSessionRepository.getSessionAttrNameKey(attrName), null));
@@ -252,8 +252,8 @@ class ReactiveRedisSessionRepositoryTests {
 		StepVerifier.create(this.repository.deleteById("test")).verifyComplete();
 
 		verify(this.redisOperations).delete(anyString());
-		verifyZeroInteractions(this.redisOperations);
-		verifyZeroInteractions(this.hashOperations);
+		verifyNoMoreInteractions(this.redisOperations);
+		verifyNoMoreInteractions(this.hashOperations);
 	}
 
 	@Test
@@ -267,8 +267,8 @@ class ReactiveRedisSessionRepositoryTests {
 		verify(this.redisOperations).opsForHash();
 		verify(this.hashOperations).entries(anyString());
 		verify(this.redisOperations).delete(anyString());
-		verifyZeroInteractions(this.redisOperations);
-		verifyZeroInteractions(this.hashOperations);
+		verifyNoMoreInteractions(this.redisOperations);
+		verifyNoMoreInteractions(this.hashOperations);
 	}
 
 	@Test
@@ -291,8 +291,8 @@ class ReactiveRedisSessionRepositoryTests {
 		StepVerifier.create(this.repository.findById("test")).consumeNextWith((session) -> {
 			verify(this.redisOperations).opsForHash();
 			verify(this.hashOperations).entries(anyString());
-			verifyZeroInteractions(this.redisOperations);
-			verifyZeroInteractions(this.hashOperations);
+			verifyNoMoreInteractions(this.redisOperations);
+			verifyNoMoreInteractions(this.hashOperations);
 
 			assertThat(session.getId()).isEqualTo(expected.getId());
 			assertThat(session.getAttributeNames()).isEqualTo(expected.getAttributeNames());
@@ -320,8 +320,8 @@ class ReactiveRedisSessionRepositoryTests {
 		verify(this.redisOperations).opsForHash();
 		verify(this.hashOperations).entries(anyString());
 		verify(this.redisOperations).delete(anyString());
-		verifyZeroInteractions(this.redisOperations);
-		verifyZeroInteractions(this.hashOperations);
+		verifyNoMoreInteractions(this.redisOperations);
+		verifyNoMoreInteractions(this.hashOperations);
 	}
 
 	@Test // gh-1120
@@ -357,8 +357,8 @@ class ReactiveRedisSessionRepositoryTests {
 		verify(this.hashOperations).putAll(anyString(), this.delta.capture());
 		assertThat(this.delta.getValue()).hasSize(1);
 		verify(this.redisOperations).expire(anyString(), any());
-		verifyZeroInteractions(this.redisOperations);
-		verifyZeroInteractions(this.hashOperations);
+		verifyNoMoreInteractions(this.redisOperations);
+		verifyNoMoreInteractions(this.hashOperations);
 	}
 
 	@Test
@@ -381,8 +381,8 @@ class ReactiveRedisSessionRepositoryTests {
 		verify(this.hashOperations).putAll(anyString(), this.delta.capture());
 		assertThat(this.delta.getValue()).hasSize(2);
 		verify(this.redisOperations).expire(anyString(), any());
-		verifyZeroInteractions(this.redisOperations);
-		verifyZeroInteractions(this.hashOperations);
+		verifyNoMoreInteractions(this.redisOperations);
+		verifyNoMoreInteractions(this.hashOperations);
 	}
 
 	@Test
@@ -405,8 +405,8 @@ class ReactiveRedisSessionRepositoryTests {
 		verify(this.hashOperations).putAll(anyString(), this.delta.capture());
 		assertThat(this.delta.getValue()).hasSize(3);
 		verify(this.redisOperations).expire(anyString(), any());
-		verifyZeroInteractions(this.redisOperations);
-		verifyZeroInteractions(this.hashOperations);
+		verifyNoMoreInteractions(this.redisOperations);
+		verifyNoMoreInteractions(this.hashOperations);
 	}
 
 	private Map<String, Object> map(Object... objects) {

spring-session-data-redis/src/test/java/org/springframework/session/data/redis/RedisIndexedSessionRepositoryTests.java

@@ -63,7 +63,7 @@ import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.reset;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.verifyZeroInteractions;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
 
 class RedisIndexedSessionRepositoryTests {
 
@@ -188,7 +188,7 @@ class RedisIndexedSessionRepositoryTests {
 
 		this.redisRepository.save(session);
 
-		verifyZeroInteractions(this.redisOperations);
+		verifyNoMoreInteractions(this.redisOperations);
 	}
 
 	@Test
@@ -511,10 +511,10 @@ class RedisIndexedSessionRepositoryTests {
 		verify(this.boundHashOperations).entries();
 		verify(this.publisher).publishEvent(this.event.capture());
 		assertThat(this.event.getValue().getSessionId()).isEqualTo(deletedId);
-		verifyZeroInteractions(this.defaultSerializer);
-		verifyZeroInteractions(this.publisher);
-		verifyZeroInteractions(this.redisOperations);
-		verifyZeroInteractions(this.boundHashOperations);
+		verifyNoMoreInteractions(this.defaultSerializer);
+		verifyNoMoreInteractions(this.publisher);
+		verifyNoMoreInteractions(this.redisOperations);
+		verifyNoMoreInteractions(this.boundHashOperations);
 	}
 
 	@Test
@@ -534,10 +534,10 @@ class RedisIndexedSessionRepositoryTests {
 
 		verify(this.redisOperations).boundHashOps(eq(getKey(deletedId)));
 		verify(this.boundHashOperations).entries();
-		verifyZeroInteractions(this.defaultSerializer);
-		verifyZeroInteractions(this.publisher);
-		verifyZeroInteractions(this.redisOperations);
-		verifyZeroInteractions(this.boundHashOperations);
+		verifyNoMoreInteractions(this.defaultSerializer);
+		verifyNoMoreInteractions(this.publisher);
+		verifyNoMoreInteractions(this.redisOperations);
+		verifyNoMoreInteractions(this.boundHashOperations);
 	}
 
 	@Test
@@ -561,10 +561,10 @@ class RedisIndexedSessionRepositoryTests {
 		verify(this.boundHashOperations).entries();
 		verify(this.publisher).publishEvent(this.event.capture());
 		assertThat(this.event.getValue().getSessionId()).isEqualTo(expiredId);
-		verifyZeroInteractions(this.defaultSerializer);
-		verifyZeroInteractions(this.publisher);
-		verifyZeroInteractions(this.redisOperations);
-		verifyZeroInteractions(this.boundHashOperations);
+		verifyNoMoreInteractions(this.defaultSerializer);
+		verifyNoMoreInteractions(this.publisher);
+		verifyNoMoreInteractions(this.redisOperations);
+		verifyNoMoreInteractions(this.boundHashOperations);
 	}
 
 	@Test
@@ -584,17 +584,17 @@ class RedisIndexedSessionRepositoryTests {
 
 		verify(this.redisOperations).boundHashOps(eq(getKey(expiredId)));
 		verify(this.boundHashOperations).entries();
-		verifyZeroInteractions(this.defaultSerializer);
-		verifyZeroInteractions(this.publisher);
-		verifyZeroInteractions(this.redisOperations);
-		verifyZeroInteractions(this.boundHashOperations);
+		verifyNoMoreInteractions(this.defaultSerializer);
+		verifyNoMoreInteractions(this.publisher);
+		verifyNoMoreInteractions(this.redisOperations);
+		verifyNoMoreInteractions(this.boundHashOperations);
 	}
 
 	@Test
 	void flushModeOnSaveCreate() {
 		this.redisRepository.createSession();
 
-		verifyZeroInteractions(this.boundHashOperations);
+		verifyNoMoreInteractions(this.boundHashOperations);
 	}
 
 	@Test
@@ -602,7 +602,7 @@ class RedisIndexedSessionRepositoryTests {
 		RedisSession session = this.redisRepository.createSession();
 		session.setAttribute("something", "here");
 
-		verifyZeroInteractions(this.boundHashOperations);
+		verifyNoMoreInteractions(this.boundHashOperations);
 	}
 
 	@Test
@@ -610,7 +610,7 @@ class RedisIndexedSessionRepositoryTests {
 		RedisSession session = this.redisRepository.createSession();
 		session.removeAttribute("remove");
 
-		verifyZeroInteractions(this.boundHashOperations);
+		verifyNoMoreInteractions(this.boundHashOperations);
 	}
 
 	@Test
@@ -618,7 +618,7 @@ class RedisIndexedSessionRepositoryTests {
 		RedisSession session = this.redisRepository.createSession();
 		session.setLastAccessedTime(Instant.ofEpochMilli(1L));
 
-		verifyZeroInteractions(this.boundHashOperations);
+		verifyNoMoreInteractions(this.boundHashOperations);
 	}
 
 	@Test
@@ -626,7 +626,7 @@ class RedisIndexedSessionRepositoryTests {
 		RedisSession session = this.redisRepository.createSession();
 		session.setMaxInactiveInterval(Duration.ofSeconds(1));
 
-		verifyZeroInteractions(this.boundHashOperations);
+		verifyNoMoreInteractions(this.boundHashOperations);
 	}
 
 	@Test
@@ -790,7 +790,7 @@ class RedisIndexedSessionRepositoryTests {
 		this.redisRepository.onMessage(message, "".getBytes(StandardCharsets.UTF_8));
 
 		assertThat(this.event.getAllValues()).isEmpty();
-		verifyZeroInteractions(this.publisher);
+		verifyNoMoreInteractions(this.publisher);
 	}
 
 	@Test
@@ -808,7 +808,7 @@ class RedisIndexedSessionRepositoryTests {
 		this.redisRepository.onMessage(message, "".getBytes(StandardCharsets.UTF_8));
 
 		assertThat(this.event.getAllValues()).isEmpty();
-		verifyZeroInteractions(this.publisher);
+		verifyNoMoreInteractions(this.publisher);
 	}
 
 	@Test
@@ -826,7 +826,7 @@ class RedisIndexedSessionRepositoryTests {
 		this.redisRepository.onMessage(message, "".getBytes(StandardCharsets.UTF_8));
 
 		assertThat(this.event.getAllValues()).isEmpty();
-		verifyZeroInteractions(this.publisher);
+		verifyNoMoreInteractions(this.publisher);
 	}
 
 	@Test

spring-session-data-redis/src/test/java/org/springframework/session/data/redis/RedisSessionExpirationPolicyTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -164,4 +164,11 @@ class RedisSessionExpirationPolicyTests {
 		verify(this.hashOperations).persist();
 	}
 
+	@Test
+	void onDeleteRemoveExpirationEntry() {
+		this.policy.onDelete(this.session);
+
+		verify(this.setOperations).remove("expires:" + this.session.getId());
+	}
+
 }

spring-session-data-redis/src/test/java/org/springframework/session/data/redis/RedisSessionRepositoryTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2020 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -102,18 +102,36 @@ class RedisSessionRepositoryTests {
 		assertThat(ReflectionTestUtils.getField(this.sessionRepository, "keyNamespace")).isEqualTo("test:");
 	}
 
+	@Test
+	void setRedisKeyNamespace_ValidNamespace_ShouldSetNamespace() {
+		this.sessionRepository.setRedisKeyNamespace("test");
+		assertThat(ReflectionTestUtils.getField(this.sessionRepository, "keyNamespace")).isEqualTo("test:");
+	}
+
 	@Test
 	void setKeyNamespace_NullNamespace_ShouldThrowException() {
 		assertThatIllegalArgumentException().isThrownBy(() -> this.sessionRepository.setKeyNamespace(null))
 				.withMessage("keyNamespace must not be empty");
 	}
 
+	@Test
+	void setRedisKeyNamespace_NullNamespace_ShouldThrowException() {
+		assertThatIllegalArgumentException().isThrownBy(() -> this.sessionRepository.setRedisKeyNamespace(null))
+				.withMessage("namespace must not be empty");
+	}
+
 	@Test
 	void setKeyNamespace_EmptyNamespace_ShouldThrowException() {
 		assertThatIllegalArgumentException().isThrownBy(() -> this.sessionRepository.setKeyNamespace(" "))
 				.withMessage("keyNamespace must not be empty");
 	}
 
+	@Test
+	void setRedisKeyNamespace_EmptyNamespace_ShouldThrowException() {
+		assertThatIllegalArgumentException().isThrownBy(() -> this.sessionRepository.setRedisKeyNamespace(" "))
+				.withMessage("namespace must not be empty");
+	}
+
 	@Test
 	void setFlushMode_ValidFlushMode_ShouldSetFlushMode() {
 		this.sessionRepository.setFlushMode(FlushMode.IMMEDIATE);
@@ -185,7 +203,7 @@ class RedisSessionRepositoryTests {
 
 	@Test
 	void save_NewSessionAndCustomKeyNamespace_ShouldSaveSession() {
-		this.sessionRepository.setKeyNamespace("custom:");
+		this.sessionRepository.setRedisKeyNamespace("custom");
 		RedisSession session = this.sessionRepository.createSession();
 		this.sessionRepository.save(session);
 		String key = "custom:sessions:" + session.getId();

spring-session-data-redis/src/test/java/org/springframework/session/data/redis/config/annotation/web/http/RedisHttpSessionConfigurationMockTests.java

@@ -30,7 +30,7 @@ import static org.mockito.BDDMockito.given;
 import static org.mockito.BDDMockito.willThrow;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.verifyZeroInteractions;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
 
 class RedisHttpSessionConfigurationMockTests {
 
@@ -53,7 +53,7 @@ class RedisHttpSessionConfigurationMockTests {
 
 		init.afterPropertiesSet();
 
-		verifyZeroInteractions(this.factory);
+		verifyNoMoreInteractions(this.factory);
 	}
 
 	@Test

spring-session-docs/spring-session-docs.gradle

@@ -41,7 +41,7 @@ asciidoctor {
 }
 
 asciidoctorj {
-	def ghTag = snapshotBuild ? 'master' : project.version
+	def ghTag = snapshotBuild ? 'main' : project.version
 	def ghUrl = "https://github.com/spring-projects/spring-session/tree/$ghTag"
 
 	attributes 'docs-itest-dir': "$rootProject.projectDir.path/spring-session-docs/src/integration-test/java/",
@@ -65,3 +65,7 @@ asciidoctorj {
 			'highlightjsdir@': "js/highlight",
 			'docinfodir@': "."
 }
+
+repositories {
+    maven { url "https://repo.spring.io/release" }
+}

spring-session-docs/src/docs/asciidoc/guides/java-hazelcast.adoc

@@ -97,11 +97,18 @@ The filter is in charge of replacing the `HttpSession` implementation to be back
 In this instance, Spring Session is backed by Hazelcast.
 <2> In order to support retrieval of sessions by principal name index, an appropriate `ValueExtractor` needs to be registered.
 Spring Session provides `PrincipalNameExtractor` for this purpose.
-<3> We create a `HazelcastInstance` that connects Spring Session to Hazelcast.
+<3> In order to serialize `MapSession` objects efficiently, `HazelcastSessionSerializer` needs to be registered. If this
+is not set, Hazelcast will serialize sessions using native Java serialization.
+<4> We create a `HazelcastInstance` that connects Spring Session to Hazelcast.
 By default, the application starts and connects to an embedded instance of Hazelcast.
 For more information on configuring Hazelcast, see the https://docs.hazelcast.org/docs/{hazelcast-version}/manual/html-single/index.html#hazelcast-configuration[reference documentation].
 ====
 
+NOTE: If `HazelcastSessionSerializer` is preferred, it needs to be configured for all Hazelcast cluster members before they start.
+In a Hazelcast cluster, all members should use the same serialization method for sessions. Also, if Hazelcast Client/Server topology
+is used, then both members and clients must use the same serialization method. The serializer can be registered via `ClientConfig`
+with the same `SerializerConfiguration` of members.
+
 == Servlet Container Initialization
 
 Our <<security-spring-configuration,Spring Configuration>> created a Spring bean named `springSessionRepositoryFilter` that implements `Filter`.

spring-session-docs/src/docs/asciidoc/index.adoc

@@ -58,6 +58,10 @@ To get started with Spring Session, the best place to start is our Sample Applic
 | Demonstrates how to use Spring Session to replace the `HttpSession` with a relational database store.
 | link:guides/boot-jdbc.html[HttpSession with JDBC Guide]
 
+| {gh-samples-url}spring-session-sample-boot-hazelcast[HttpSession with Hazelcast]
+| Demonstrates how to use Spring Session to replace the `HttpSession` with Hazelcast.
+|
+
 | {gh-samples-url}spring-session-sample-boot-findbyusername[Find by Username]
 | Demonstrates how to use Spring Session to find sessions by username.
 | link:guides/boot-findbyusername.html[Find by Username Guide]
@@ -503,7 +507,7 @@ public class SpringSessionWebSessionStore<S extends Session> implements WebSessi
 ====
 
 To be detected by Spring WebFlux, this custom `WebSessionStore` needs to be registered with `ApplicationContext` as a bean named `webSessionManager`.
-For additional information on Spring WebFlux, see the https://docs.spring.io/spring/docs/{spring-framework-version}/spring-framework-reference/web-reactive.html[Spring Framework Reference Documentation].
+For additional information on Spring WebFlux, see the https://docs.spring.io/spring-framework/docs/{spring-framework-version}/reference/html/web-reactive.html[Spring Framework Reference Documentation].
 
 [[spring-security]]
 == Spring Security Integration
@@ -787,7 +791,7 @@ HMSET spring:session:sessions:33fdd1b6-b496-4b33-9f7d-df96679d32fe creationTime
 	maxInactiveInterval 1800 \
 	lastAccessedTime 1404360000000 \
 	sessionAttr:attrName someAttrValue \
-	sessionAttr2:attrName someAttrValue2
+	sessionAttr:attrName2 someAttrValue2
 EXPIRE spring:session:sessions:33fdd1b6-b496-4b33-9f7d-df96679d32fe 2100
 APPEND spring:session:sessions:expires:33fdd1b6-b496-4b33-9f7d-df96679d32fe ""
 EXPIRE spring:session:sessions:expires:33fdd1b6-b496-4b33-9f7d-df96679d32fe 1800
@@ -810,7 +814,7 @@ HMSET spring:session:sessions:33fdd1b6-b496-4b33-9f7d-df96679d32fe creationTime
 	maxInactiveInterval 1800 \
 	lastAccessedTime 1404360000000 \
 	sessionAttr:attrName someAttrValue \
-	sessionAttr2:attrName someAttrValue2
+	sessionAttr:attrName2 someAttrValue2
 ----
 ====
 
@@ -829,7 +833,7 @@ The second session attribute is named `attrName2`, with a value of `someAttrValu
 
 The `Session` instances managed by `RedisIndexedSessionRepository` keeps track of the properties that have changed and updates only those.
 This means that, if an attribute is written once and read many times, we need to write that attribute only once.
-For example, assume the `sessionAttr2` session attribute from the lsiting in the preceding section was updated.
+For example, assume the `attrName2` session attribute from the lsiting in the preceding section was updated.
 The following command would be run upon saving:
 
 ====
@@ -1298,7 +1302,7 @@ WARNING: You should only match on valid domain characters, since the domain name
 Doing so prevents a malicious user from performing such attacks as https://en.wikipedia.org/wiki/HTTP_response_splitting[HTTP Response Splitting].
 
 [[custom-sessionrepository]]
-== Customing `SessionRepository`
+== Customizing `SessionRepository`
 
 Implementing a custom <<api-sessionrepository,`SessionRepository`>> API should be a fairly straightforward task.
 Coupling the custom implementation with <<api-enablespringhttpsession,`@EnableSpringHttpSession`>> support lets you reuse existing Spring Session configuration facilities and infrastructure.
@@ -1402,11 +1406,8 @@ Spring Session is Open Source software released under the https://www.apache.org
 |===
 | Name | Location
 
-| Spring Session OrientDB
-| https://github.com/maseev/spring-session-orientdb
-
 | Spring Session Infinispan
-| https://infinispan.org/docs/dev/user_guide/user_guide.html#externalizing_session_using_spring_session
+| https://infinispan.org/infinispan-spring-boot/master/spring_boot_starter.html#_enabling_spring_session_support
 
 |===
 

spring-session-docs/src/test/java/docs/http/HazelcastHttpSessionConfig.java

@@ -19,12 +19,15 @@ package docs.http;
 import com.hazelcast.config.Config;
 import com.hazelcast.config.MapAttributeConfig;
 import com.hazelcast.config.MapIndexConfig;
+import com.hazelcast.config.SerializerConfig;
 import com.hazelcast.core.Hazelcast;
 import com.hazelcast.core.HazelcastInstance;
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.session.MapSession;
 import org.springframework.session.hazelcast.HazelcastIndexedSessionRepository;
+import org.springframework.session.hazelcast.HazelcastSessionSerializer;
 import org.springframework.session.hazelcast.PrincipalNameExtractor;
 import org.springframework.session.hazelcast.config.annotation.web.http.EnableHazelcastHttpSession;
 
@@ -42,7 +45,10 @@ public class HazelcastHttpSessionConfig {
 		config.getMapConfig(HazelcastIndexedSessionRepository.DEFAULT_SESSION_MAP_NAME) // <2>
 				.addMapAttributeConfig(attributeConfig).addMapIndexConfig(
 						new MapIndexConfig(HazelcastIndexedSessionRepository.PRINCIPAL_NAME_ATTRIBUTE, false));
-		return Hazelcast.newHazelcastInstance(config); // <3>
+		SerializerConfig serializerConfig = new SerializerConfig();
+		serializerConfig.setImplementation(new HazelcastSessionSerializer()).setTypeClass(MapSession.class);
+		config.getSerializationConfig().addSerializerConfig(serializerConfig); // <3>
+		return Hazelcast.newHazelcastInstance(config); // <4>
 	}
 
 }

spring-session-hazelcast/hazelcast4/hazelcast4.gradle

@@ -0,0 +1,48 @@
+buildscript {
+    repositories {
+        maven { url 'https://repo.spring.io/plugins-release' }
+    }
+    dependencies {
+        classpath 'io.spring.gradle:propdeps-plugin:0.0.10.RELEASE'
+    }
+}
+
+plugins {
+    id 'java-library'
+    id 'io.spring.convention.repository'
+    id 'io.spring.convention.springdependencymangement'
+    id 'io.spring.convention.dependency-set'
+    id 'io.spring.convention.checkstyle'
+    id 'io.spring.convention.tests-configuration'
+    id 'io.spring.convention.integration-test'
+    id 'propdeps'
+}
+
+configurations {
+    classesOnlyElements {
+        canBeConsumed = true
+        canBeResolved = false
+    }
+}
+
+artifacts {
+    classesOnlyElements(compileJava.destinationDir)
+}
+
+dependencies {
+    compile project(':spring-session-core')
+    optional "com.hazelcast:hazelcast:4.2.2"
+    compile "org.springframework:spring-context"
+    compile "javax.annotation:javax.annotation-api"
+
+    testCompile "javax.servlet:javax.servlet-api"
+    testCompile "org.springframework:spring-web"
+    testCompile "org.junit.jupiter:junit-jupiter-api"
+    testCompile "org.springframework.security:spring-security-core"
+    testRuntime "org.junit.jupiter:junit-jupiter-engine"
+
+    integrationTestCompile "org.testcontainers:testcontainers"
+    integrationTestCompile "com.hazelcast:hazelcast:4.2"
+    integrationTestCompile project(":spring-session-hazelcast")
+}
+

spring-session-hazelcast/hazelcast4/src/integration-test/java/org/springframework/session/hazelcast/AbstractHazelcast4IndexedSessionRepositoryITests.java

@@ -0,0 +1,201 @@
+/*
+ * Copyright 2014-2021 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.hazelcast;
+
+import com.hazelcast.core.HazelcastInstance;
+import com.hazelcast.map.IMap;
+import org.junit.jupiter.api.Test;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.session.MapSession;
+import org.springframework.session.hazelcast.Hazelcast4IndexedSessionRepository.HazelcastSession;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * Base class for {@link Hazelcast4IndexedSessionRepository} integration tests.
+ *
+ * @author Eleftheria Stein
+ */
+abstract class AbstractHazelcast4IndexedSessionRepositoryITests {
+
+	private static final String SPRING_SECURITY_CONTEXT = "SPRING_SECURITY_CONTEXT";
+
+	@Autowired
+	private HazelcastInstance hazelcastInstance;
+
+	@Autowired
+	private Hazelcast4IndexedSessionRepository repository;
+
+	@Test
+	void createAndDestroySession() {
+		HazelcastSession sessionToSave = this.repository.createSession();
+		String sessionId = sessionToSave.getId();
+
+		IMap<String, MapSession> hazelcastMap = this.hazelcastInstance
+				.getMap(Hazelcast4IndexedSessionRepository.DEFAULT_SESSION_MAP_NAME);
+
+		this.repository.save(sessionToSave);
+
+		assertThat(hazelcastMap.get(sessionId)).isEqualTo(sessionToSave);
+
+		this.repository.deleteById(sessionId);
+
+		assertThat(hazelcastMap.get(sessionId)).isNull();
+	}
+
+	@Test
+	void changeSessionIdWhenOnlyChangeId() {
+		String attrName = "changeSessionId";
+		String attrValue = "changeSessionId-value";
+		HazelcastSession toSave = this.repository.createSession();
+		toSave.setAttribute(attrName, attrValue);
+
+		this.repository.save(toSave);
+
+		HazelcastSession findById = this.repository.findById(toSave.getId());
+
+		assertThat(findById.<String>getAttribute(attrName)).isEqualTo(attrValue);
+
+		String originalFindById = findById.getId();
+		String changeSessionId = findById.changeSessionId();
+
+		this.repository.save(findById);
+
+		assertThat(this.repository.findById(originalFindById)).isNull();
+
+		HazelcastSession findByChangeSessionId = this.repository.findById(changeSessionId);
+
+		assertThat(findByChangeSessionId.<String>getAttribute(attrName)).isEqualTo(attrValue);
+
+		this.repository.deleteById(changeSessionId);
+	}
+
+	@Test
+	void changeSessionIdWhenChangeTwice() {
+		HazelcastSession toSave = this.repository.createSession();
+
+		this.repository.save(toSave);
+
+		String originalId = toSave.getId();
+		String changeId1 = toSave.changeSessionId();
+		String changeId2 = toSave.changeSessionId();
+
+		this.repository.save(toSave);
+
+		assertThat(this.repository.findById(originalId)).isNull();
+		assertThat(this.repository.findById(changeId1)).isNull();
+		assertThat(this.repository.findById(changeId2)).isNotNull();
+
+		this.repository.deleteById(changeId2);
+	}
+
+	@Test
+	void changeSessionIdWhenSetAttributeOnChangedSession() {
+		String attrName = "changeSessionId";
+		String attrValue = "changeSessionId-value";
+
+		HazelcastSession toSave = this.repository.createSession();
+
+		this.repository.save(toSave);
+
+		HazelcastSession findById = this.repository.findById(toSave.getId());
+
+		findById.setAttribute(attrName, attrValue);
+
+		String originalFindById = findById.getId();
+		String changeSessionId = findById.changeSessionId();
+
+		this.repository.save(findById);
+
+		assertThat(this.repository.findById(originalFindById)).isNull();
+
+		HazelcastSession findByChangeSessionId = this.repository.findById(changeSessionId);
+
+		assertThat(findByChangeSessionId.<String>getAttribute(attrName)).isEqualTo(attrValue);
+
+		this.repository.deleteById(changeSessionId);
+	}
+
+	@Test
+	void changeSessionIdWhenHasNotSaved() {
+		HazelcastSession toSave = this.repository.createSession();
+		String originalId = toSave.getId();
+		toSave.changeSessionId();
+
+		this.repository.save(toSave);
+
+		assertThat(this.repository.findById(toSave.getId())).isNotNull();
+		assertThat(this.repository.findById(originalId)).isNull();
+
+		this.repository.deleteById(toSave.getId());
+	}
+
+	@Test // gh-1076
+	void attemptToUpdateSessionAfterDelete() {
+		HazelcastSession session = this.repository.createSession();
+		String sessionId = session.getId();
+		this.repository.save(session);
+		session = this.repository.findById(sessionId);
+		session.setAttribute("attributeName", "attributeValue");
+		this.repository.deleteById(sessionId);
+		this.repository.save(session);
+
+		assertThat(this.repository.findById(sessionId)).isNull();
+	}
+
+	@Test
+	void createAndUpdateSession() {
+		HazelcastSession session = this.repository.createSession();
+		String sessionId = session.getId();
+
+		this.repository.save(session);
+
+		session = this.repository.findById(sessionId);
+		session.setAttribute("attributeName", "attributeValue");
+
+		this.repository.save(session);
+
+		assertThat(this.repository.findById(sessionId)).isNotNull();
+
+		this.repository.deleteById(sessionId);
+	}
+
+	@Test
+	void createSessionWithSecurityContextAndFindById() {
+		HazelcastSession session = this.repository.createSession();
+		String sessionId = session.getId();
+
+		Authentication authentication = new UsernamePasswordAuthenticationToken("saves-" + System.currentTimeMillis(),
+				"password", AuthorityUtils.createAuthorityList("ROLE_USER"));
+		SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
+		securityContext.setAuthentication(authentication);
+		session.setAttribute(SPRING_SECURITY_CONTEXT, securityContext);
+
+		this.repository.save(session);
+
+		assertThat(this.repository.findById(sessionId)).isNotNull();
+
+		this.repository.deleteById(sessionId);
+	}
+
+}

spring-session-hazelcast/hazelcast4/src/integration-test/java/org/springframework/session/hazelcast/ClientServerHazelcast4IndexedSessionRepositoryITests.java

@@ -0,0 +1,78 @@
+/*
+ * Copyright 2014-2021 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.hazelcast;
+
+import com.hazelcast.client.HazelcastClient;
+import com.hazelcast.client.config.ClientConfig;
+import com.hazelcast.core.HazelcastInstance;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.testcontainers.containers.GenericContainer;
+import org.testcontainers.utility.MountableFile;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.session.MapSession;
+import org.springframework.session.Session;
+import org.springframework.session.hazelcast.config.annotation.web.http.EnableHazelcastHttpSession;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.context.web.WebAppConfiguration;
+
+/**
+ * Integration tests for {@link Hazelcast4IndexedSessionRepository} using client-server
+ * topology.
+ *
+ * @author Eleftheria Stein
+ */
+@ExtendWith(SpringExtension.class)
+@ContextConfiguration
+@WebAppConfiguration
+class ClientServerHazelcast4IndexedSessionRepositoryITests extends AbstractHazelcast4IndexedSessionRepositoryITests {
+
+	private static GenericContainer container = new GenericContainer<>("hazelcast/hazelcast:4.2.2")
+			.withExposedPorts(5701).withCopyFileToContainer(MountableFile.forClasspathResource("/hazelcast-server.xml"),
+					"/opt/hazelcast/hazelcast.xml");
+
+	@BeforeAll
+	static void setUpClass() {
+		container.start();
+	}
+
+	@AfterAll
+	static void tearDownClass() {
+		container.stop();
+	}
+
+	@Configuration
+	@EnableHazelcastHttpSession
+	static class HazelcastSessionConfig {
+
+		@Bean
+		HazelcastInstance hazelcastInstance() {
+			ClientConfig clientConfig = new ClientConfig();
+			clientConfig.getNetworkConfig()
+					.addAddress(container.getContainerIpAddress() + ":" + container.getFirstMappedPort());
+			clientConfig.getUserCodeDeploymentConfig().setEnabled(true).addClass(Session.class)
+					.addClass(MapSession.class).addClass(Hazelcast4SessionUpdateEntryProcessor.class);
+			return HazelcastClient.newHazelcastClient(clientConfig);
+		}
+
+	}
+
+}

spring-session-hazelcast/hazelcast4/src/integration-test/java/org/springframework/session/hazelcast/EmbeddedHazelcast4IndexedSessionRepositoryITests.java

@@ -0,0 +1,51 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.hazelcast;
+
+import com.hazelcast.core.HazelcastInstance;
+import org.junit.jupiter.api.extension.ExtendWith;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.session.hazelcast.config.annotation.web.http.EnableHazelcastHttpSession;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.context.web.WebAppConfiguration;
+
+/**
+ * Integration tests for {@link Hazelcast4IndexedSessionRepository} using embedded
+ * topology.
+ *
+ * @author Eleftheria Stein
+ */
+@ExtendWith(SpringExtension.class)
+@ContextConfiguration
+@WebAppConfiguration
+class EmbeddedHazelcast4IndexedSessionRepositoryITests extends AbstractHazelcast4IndexedSessionRepositoryITests {
+
+	@EnableHazelcastHttpSession
+	@Configuration
+	static class HazelcastSessionConfig {
+
+		@Bean
+		HazelcastInstance hazelcastInstance() {
+			return Hazelcast4ITestUtils.embeddedHazelcastServer();
+		}
+
+	}
+
+}

spring-session-hazelcast/hazelcast4/src/integration-test/java/org/springframework/session/hazelcast/Hazelcast4ITestUtils.java

@@ -0,0 +1,61 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.hazelcast;
+
+import com.hazelcast.config.AttributeConfig;
+import com.hazelcast.config.Config;
+import com.hazelcast.config.IndexConfig;
+import com.hazelcast.config.IndexType;
+import com.hazelcast.config.NetworkConfig;
+import com.hazelcast.config.SerializerConfig;
+import com.hazelcast.core.Hazelcast;
+import com.hazelcast.core.HazelcastInstance;
+
+import org.springframework.session.MapSession;
+
+/**
+ * Utility class for Hazelcast integration tests.
+ *
+ * @author Eleftheria Stein
+ */
+final class Hazelcast4ITestUtils {
+
+	private Hazelcast4ITestUtils() {
+	}
+
+	/**
+	 * Creates {@link HazelcastInstance} for use in integration tests.
+	 * @return the Hazelcast instance
+	 */
+	static HazelcastInstance embeddedHazelcastServer() {
+		Config config = new Config();
+		NetworkConfig networkConfig = config.getNetworkConfig();
+		networkConfig.setPort(0);
+		networkConfig.getJoin().getMulticastConfig().setEnabled(false);
+		AttributeConfig attributeConfig = new AttributeConfig()
+				.setName(Hazelcast4IndexedSessionRepository.PRINCIPAL_NAME_ATTRIBUTE)
+				.setExtractorClassName(Hazelcast4PrincipalNameExtractor.class.getName());
+		config.getMapConfig(Hazelcast4IndexedSessionRepository.DEFAULT_SESSION_MAP_NAME)
+				.addAttributeConfig(attributeConfig).addIndexConfig(
+						new IndexConfig(IndexType.HASH, Hazelcast4IndexedSessionRepository.PRINCIPAL_NAME_ATTRIBUTE));
+		SerializerConfig serializerConfig = new SerializerConfig();
+		serializerConfig.setImplementation(new HazelcastSessionSerializer()).setTypeClass(MapSession.class);
+		config.getSerializationConfig().addSerializerConfig(serializerConfig);
+		return Hazelcast.newHazelcastInstance(config);
+	}
+
+}

spring-session-hazelcast/hazelcast4/src/integration-test/java/org/springframework/session/hazelcast/SessionEventHazelcast4IndexedSessionRepositoryTests.java

@@ -0,0 +1,218 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.hazelcast;
+
+import java.time.Duration;
+import java.time.Instant;
+
+import com.hazelcast.core.HazelcastInstance;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.session.FindByIndexNameSessionRepository;
+import org.springframework.session.Session;
+import org.springframework.session.SessionRepository;
+import org.springframework.session.events.SessionCreatedEvent;
+import org.springframework.session.events.SessionDeletedEvent;
+import org.springframework.session.events.SessionExpiredEvent;
+import org.springframework.session.hazelcast.config.annotation.web.http.EnableHazelcastHttpSession;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.context.web.WebAppConfiguration;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * Ensure that the appropriate SessionEvents are fired at the expected times. Additionally
+ * ensure that the interactions with the {@link SessionRepository} abstraction behave as
+ * expected after each SessionEvent.
+ *
+ * @author Eleftheria Stein
+ */
+@ExtendWith(SpringExtension.class)
+@ContextConfiguration
+@WebAppConfiguration
+class SessionEventHazelcast4IndexedSessionRepositoryTests<S extends Session> {
+
+	private static final int MAX_INACTIVE_INTERVAL_IN_SECONDS = 1;
+
+	@Autowired
+	private SessionRepository<S> repository;
+
+	@Autowired
+	private SessionEventRegistry registry;
+
+	@BeforeEach
+	void setup() {
+		this.registry.clear();
+	}
+
+	@Test
+	void saveSessionTest() throws InterruptedException {
+		String username = "saves-" + System.currentTimeMillis();
+
+		S sessionToSave = this.repository.createSession();
+
+		String expectedAttributeName = "a";
+		String expectedAttributeValue = "b";
+		sessionToSave.setAttribute(expectedAttributeName, expectedAttributeValue);
+		Authentication toSaveToken = new UsernamePasswordAuthenticationToken(username, "password",
+				AuthorityUtils.createAuthorityList("ROLE_USER"));
+		SecurityContext toSaveContext = SecurityContextHolder.createEmptyContext();
+		toSaveContext.setAuthentication(toSaveToken);
+		sessionToSave.setAttribute("SPRING_SECURITY_CONTEXT", toSaveContext);
+		sessionToSave.setAttribute(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME, username);
+
+		this.repository.save(sessionToSave);
+
+		assertThat(this.registry.receivedEvent(sessionToSave.getId())).isTrue();
+		assertThat(this.registry.<SessionCreatedEvent>getEvent(sessionToSave.getId()))
+				.isInstanceOf(SessionCreatedEvent.class);
+
+		Session session = this.repository.findById(sessionToSave.getId());
+
+		assertThat(session.getId()).isEqualTo(sessionToSave.getId());
+		assertThat(session.getAttributeNames()).isEqualTo(sessionToSave.getAttributeNames());
+		assertThat(session.<String>getAttribute(expectedAttributeName))
+				.isEqualTo(sessionToSave.getAttribute(expectedAttributeName));
+	}
+
+	@Test
+	void expiredSessionTest() throws InterruptedException {
+		S sessionToSave = this.repository.createSession();
+
+		this.repository.save(sessionToSave);
+
+		assertThat(this.registry.receivedEvent(sessionToSave.getId())).isTrue();
+		assertThat(this.registry.<SessionCreatedEvent>getEvent(sessionToSave.getId()))
+				.isInstanceOf(SessionCreatedEvent.class);
+		this.registry.clear();
+
+		assertThat(sessionToSave.getMaxInactiveInterval())
+				.isEqualTo(Duration.ofSeconds(MAX_INACTIVE_INTERVAL_IN_SECONDS));
+
+		assertThat(this.registry.receivedEvent(sessionToSave.getId())).isTrue();
+		assertThat(this.registry.<SessionExpiredEvent>getEvent(sessionToSave.getId()))
+				.isInstanceOf(SessionExpiredEvent.class);
+
+		assertThat(this.repository.findById(sessionToSave.getId())).isNull();
+	}
+
+	@Test
+	void deletedSessionTest() throws InterruptedException {
+		S sessionToSave = this.repository.createSession();
+
+		this.repository.save(sessionToSave);
+
+		assertThat(this.registry.receivedEvent(sessionToSave.getId())).isTrue();
+		assertThat(this.registry.<SessionCreatedEvent>getEvent(sessionToSave.getId()))
+				.isInstanceOf(SessionCreatedEvent.class);
+		this.registry.clear();
+
+		this.repository.deleteById(sessionToSave.getId());
+
+		assertThat(this.registry.receivedEvent(sessionToSave.getId())).isTrue();
+		assertThat(this.registry.<SessionDeletedEvent>getEvent(sessionToSave.getId()))
+				.isInstanceOf(SessionDeletedEvent.class);
+
+		assertThat(this.repository.findById(sessionToSave.getId())).isNull();
+	}
+
+	@Test
+	void saveUpdatesTimeToLiveTest() throws InterruptedException {
+		S sessionToSave = this.repository.createSession();
+		sessionToSave.setMaxInactiveInterval(Duration.ofSeconds(3));
+		this.repository.save(sessionToSave);
+
+		Thread.sleep(2000);
+
+		// Get and save the session like SessionRepositoryFilter would.
+		S sessionToUpdate = this.repository.findById(sessionToSave.getId());
+		sessionToUpdate.setLastAccessedTime(Instant.now());
+		this.repository.save(sessionToUpdate);
+
+		Thread.sleep(2000);
+
+		assertThat(this.repository.findById(sessionToUpdate.getId())).isNotNull();
+	}
+
+	@Test // gh-1077
+	void changeSessionIdNoEventTest() throws InterruptedException {
+		S sessionToSave = this.repository.createSession();
+		sessionToSave.setMaxInactiveInterval(Duration.ofMinutes(30));
+
+		this.repository.save(sessionToSave);
+
+		assertThat(this.registry.receivedEvent(sessionToSave.getId())).isTrue();
+		assertThat(this.registry.<SessionCreatedEvent>getEvent(sessionToSave.getId()))
+				.isInstanceOf(SessionCreatedEvent.class);
+		this.registry.clear();
+
+		sessionToSave.changeSessionId();
+		this.repository.save(sessionToSave);
+
+		assertThat(this.registry.receivedEvent(sessionToSave.getId())).isFalse();
+	}
+
+	@Test // gh-1300
+	void updateMaxInactiveIntervalTest() throws InterruptedException {
+		S sessionToSave = this.repository.createSession();
+		sessionToSave.setMaxInactiveInterval(Duration.ofMinutes(30));
+		this.repository.save(sessionToSave);
+
+		assertThat(this.registry.receivedEvent(sessionToSave.getId())).isTrue();
+		assertThat(this.registry.<SessionCreatedEvent>getEvent(sessionToSave.getId()))
+				.isInstanceOf(SessionCreatedEvent.class);
+		this.registry.clear();
+
+		S sessionToUpdate = this.repository.findById(sessionToSave.getId());
+		sessionToUpdate.setLastAccessedTime(Instant.now());
+		sessionToUpdate.setMaxInactiveInterval(Duration.ofSeconds(1));
+		this.repository.save(sessionToUpdate);
+
+		assertThat(this.registry.receivedEvent(sessionToUpdate.getId())).isTrue();
+		assertThat(this.registry.<SessionExpiredEvent>getEvent(sessionToUpdate.getId()))
+				.isInstanceOf(SessionExpiredEvent.class);
+		assertThat(this.repository.findById(sessionToUpdate.getId())).isNull();
+	}
+
+	@Configuration
+	@EnableHazelcastHttpSession(maxInactiveIntervalInSeconds = MAX_INACTIVE_INTERVAL_IN_SECONDS)
+	static class HazelcastSessionConfig {
+
+		@Bean
+		HazelcastInstance embeddedHazelcast() {
+			return Hazelcast4ITestUtils.embeddedHazelcastServer();
+		}
+
+		@Bean
+		SessionEventRegistry sessionEventRegistry() {
+			return new SessionEventRegistry();
+		}
+
+	}
+
+}

spring-session-hazelcast/hazelcast4/src/integration-test/java/org/springframework/session/hazelcast/SessionEventRegistry.java

@@ -0,0 +1,72 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.hazelcast;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ConcurrentMap;
+
+import org.springframework.context.ApplicationListener;
+import org.springframework.session.events.AbstractSessionEvent;
+
+class SessionEventRegistry implements ApplicationListener<AbstractSessionEvent> {
+
+	private Map<String, AbstractSessionEvent> events = new HashMap<>();
+
+	private ConcurrentMap<String, Object> locks = new ConcurrentHashMap<>();
+
+	@Override
+	public void onApplicationEvent(AbstractSessionEvent event) {
+		String sessionId = event.getSessionId();
+		this.events.put(sessionId, event);
+		Object lock = getLock(sessionId);
+		synchronized (lock) {
+			lock.notifyAll();
+		}
+	}
+
+	void clear() {
+		this.events.clear();
+		this.locks.clear();
+	}
+
+	boolean receivedEvent(String sessionId) throws InterruptedException {
+		return waitForEvent(sessionId) != null;
+	}
+
+	@SuppressWarnings("unchecked")
+	<E extends AbstractSessionEvent> E getEvent(String sessionId) throws InterruptedException {
+		return (E) waitForEvent(sessionId);
+	}
+
+	@SuppressWarnings("unchecked")
+	private <E extends AbstractSessionEvent> E waitForEvent(String sessionId) throws InterruptedException {
+		Object lock = getLock(sessionId);
+		synchronized (lock) {
+			if (!this.events.containsKey(sessionId)) {
+				lock.wait(10000);
+			}
+		}
+		return (E) this.events.get(sessionId);
+	}
+
+	private Object getLock(String sessionId) {
+		return this.locks.computeIfAbsent(sessionId, (k) -> new Object());
+	}
+
+}

spring-session-hazelcast/hazelcast4/src/integration-test/resources/hazelcast-server.xml

@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<hazelcast xmlns="http://www.hazelcast.com/schema/config"
+		xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+		xsi:schemaLocation="http://www.hazelcast.com/schema/config https://www.hazelcast.com/schema/config/hazelcast-config-4.2.xsd">
+
+	<network>
+		<join>
+			<multicast enabled="false"/>
+		</join>
+	</network>
+
+	<user-code-deployment enabled="true">
+		<class-cache-mode>ETERNAL</class-cache-mode>
+		<provider-mode>LOCAL_AND_CACHED_CLASSES</provider-mode>
+	</user-code-deployment>
+
+</hazelcast>

spring-session-hazelcast/hazelcast4/src/integration-test/resources/testcontainers.properties

@@ -0,0 +1 @@
+ryuk.container.timeout=120

spring-session-hazelcast/hazelcast4/src/main/java/org/springframework/session/hazelcast/Hazelcast4IndexedSessionRepository.java

@@ -0,0 +1,486 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.hazelcast;
+
+import java.time.Duration;
+import java.time.Instant;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+import java.util.UUID;
+import java.util.concurrent.TimeUnit;
+
+import javax.annotation.PostConstruct;
+import javax.annotation.PreDestroy;
+
+import com.hazelcast.core.EntryEvent;
+import com.hazelcast.core.HazelcastInstance;
+import com.hazelcast.map.IMap;
+import com.hazelcast.map.listener.EntryAddedListener;
+import com.hazelcast.map.listener.EntryEvictedListener;
+import com.hazelcast.map.listener.EntryExpiredListener;
+import com.hazelcast.map.listener.EntryRemovedListener;
+import com.hazelcast.query.Predicates;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import org.springframework.context.ApplicationEventPublisher;
+import org.springframework.session.DelegatingIndexResolver;
+import org.springframework.session.FindByIndexNameSessionRepository;
+import org.springframework.session.FlushMode;
+import org.springframework.session.IndexResolver;
+import org.springframework.session.MapSession;
+import org.springframework.session.PrincipalNameIndexResolver;
+import org.springframework.session.SaveMode;
+import org.springframework.session.Session;
+import org.springframework.session.events.AbstractSessionEvent;
+import org.springframework.session.events.SessionCreatedEvent;
+import org.springframework.session.events.SessionDeletedEvent;
+import org.springframework.session.events.SessionExpiredEvent;
+import org.springframework.util.Assert;
+import org.springframework.util.ClassUtils;
+
+/**
+ * A {@link org.springframework.session.SessionRepository} implementation using Hazelcast
+ * 4 that stores sessions in Hazelcast's distributed {@link IMap}.
+ *
+ * <p>
+ * An example of how to create a new instance can be seen below:
+ *
+ * <pre class="code">
+ * Config config = new Config();
+ *
+ * // ... configure Hazelcast ...
+ *
+ * HazelcastInstance hazelcastInstance = Hazelcast.newHazelcastInstance(config);
+ *
+ * Hazelcast4IndexedSessionRepository sessionRepository =
+ *         new Hazelcast4IndexedSessionRepository(hazelcastInstance);
+ * </pre>
+ *
+ * In order to support finding sessions by principal name using
+ * {@link #findByIndexNameAndIndexValue(String, String)} method, custom configuration of
+ * {@code IMap} supplied to this implementation is required.
+ *
+ * The following snippet demonstrates how to define required configuration using
+ * programmatic Hazelcast Configuration:
+ *
+ * <pre class="code">
+ * AttributeConfig attributeConfig = new AttributeConfig()
+ *         .setName(Hazelcast4IndexedSessionRepository.PRINCIPAL_NAME_ATTRIBUTE)
+ *         .setExtractorClassName(Hazelcast4PrincipalNameExtractor.class.getName());
+ *
+ * Config config = new Config();
+ *
+ * config.getMapConfig(Hazelcast4IndexedSessionRepository.DEFAULT_SESSION_MAP_NAME)
+ *         .addAttributeConfig(attributeConfig)
+ *         .addIndexConfig(new IndexConfig(
+ *                 IndexType.HASH,
+ *                 Hazelcast4IndexedSessionRepository.PRINCIPAL_NAME_ATTRIBUTE));
+ *
+ * Hazelcast.newHazelcastInstance(config);
+ * </pre>
+ *
+ * This implementation listens for events on the Hazelcast-backed SessionRepository and
+ * translates those events into the corresponding Spring Session events. Publish the
+ * Spring Session events with the given {@link ApplicationEventPublisher}.
+ *
+ * <ul>
+ * <li>entryAdded - {@link SessionCreatedEvent}</li>
+ * <li>entryEvicted - {@link SessionExpiredEvent}</li>
+ * <li>entryExpired - {@link SessionExpiredEvent}</li>
+ * <li>entryRemoved - {@link SessionDeletedEvent}</li>
+ * </ul>
+ *
+ * @author Eleftheria Stein
+ * @since 2.4.0
+ */
+public class Hazelcast4IndexedSessionRepository
+		implements FindByIndexNameSessionRepository<Hazelcast4IndexedSessionRepository.HazelcastSession>,
+		EntryAddedListener<String, MapSession>, EntryEvictedListener<String, MapSession>,
+		EntryRemovedListener<String, MapSession>, EntryExpiredListener<String, MapSession> {
+
+	/**
+	 * The default name of map used by Spring Session to store sessions.
+	 */
+	public static final String DEFAULT_SESSION_MAP_NAME = "spring:session:sessions";
+
+	/**
+	 * The principal name custom attribute name.
+	 */
+	public static final String PRINCIPAL_NAME_ATTRIBUTE = "principalName";
+
+	private static final String SPRING_SECURITY_CONTEXT = "SPRING_SECURITY_CONTEXT";
+
+	private static final boolean SUPPORTS_SET_TTL = ClassUtils.hasAtLeastOneMethodWithName(IMap.class, "setTtl");
+
+	private static final Log logger = LogFactory.getLog(Hazelcast4IndexedSessionRepository.class);
+
+	private final HazelcastInstance hazelcastInstance;
+
+	private ApplicationEventPublisher eventPublisher = (event) -> {
+	};
+
+	/**
+	 * If non-null, this value is used to override
+	 * {@link MapSession#setMaxInactiveInterval(Duration)}.
+	 */
+	private Integer defaultMaxInactiveInterval;
+
+	private IndexResolver<Session> indexResolver = new DelegatingIndexResolver<>(new PrincipalNameIndexResolver<>());
+
+	private String sessionMapName = DEFAULT_SESSION_MAP_NAME;
+
+	private FlushMode flushMode = FlushMode.ON_SAVE;
+
+	private SaveMode saveMode = SaveMode.ON_SET_ATTRIBUTE;
+
+	private IMap<String, MapSession> sessions;
+
+	private UUID sessionListenerId;
+
+	/**
+	 * Create a new {@link Hazelcast4IndexedSessionRepository} instance.
+	 * @param hazelcastInstance the {@link HazelcastInstance} to use for managing sessions
+	 */
+	public Hazelcast4IndexedSessionRepository(HazelcastInstance hazelcastInstance) {
+		Assert.notNull(hazelcastInstance, "HazelcastInstance must not be null");
+		this.hazelcastInstance = hazelcastInstance;
+	}
+
+	@PostConstruct
+	public void init() {
+		this.sessions = this.hazelcastInstance.getMap(this.sessionMapName);
+		this.sessionListenerId = this.sessions.addEntryListener(this, true);
+	}
+
+	@PreDestroy
+	public void close() {
+		this.sessions.removeEntryListener(this.sessionListenerId);
+	}
+
+	/**
+	 * Sets the {@link ApplicationEventPublisher} that is used to publish
+	 * {@link AbstractSessionEvent session events}. The default is to not publish session
+	 * events.
+	 * @param applicationEventPublisher the {@link ApplicationEventPublisher} that is used
+	 * to publish session events. Cannot be null.
+	 */
+	public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
+		Assert.notNull(applicationEventPublisher, "ApplicationEventPublisher cannot be null");
+		this.eventPublisher = applicationEventPublisher;
+	}
+
+	/**
+	 * Set the maximum inactive interval in seconds between requests before newly created
+	 * sessions will be invalidated. A negative time indicates that the session will never
+	 * timeout. The default is 1800 (30 minutes).
+	 * @param defaultMaxInactiveInterval the maximum inactive interval in seconds
+	 */
+	public void setDefaultMaxInactiveInterval(Integer defaultMaxInactiveInterval) {
+		this.defaultMaxInactiveInterval = defaultMaxInactiveInterval;
+	}
+
+	/**
+	 * Set the {@link IndexResolver} to use.
+	 * @param indexResolver the index resolver
+	 */
+	public void setIndexResolver(IndexResolver<Session> indexResolver) {
+		Assert.notNull(indexResolver, "indexResolver cannot be null");
+		this.indexResolver = indexResolver;
+	}
+
+	/**
+	 * Set the name of map used to store sessions.
+	 * @param sessionMapName the session map name
+	 */
+	public void setSessionMapName(String sessionMapName) {
+		Assert.hasText(sessionMapName, "Map name must not be empty");
+		this.sessionMapName = sessionMapName;
+	}
+
+	/**
+	 * Sets the Hazelcast flush mode. Default flush mode is {@link FlushMode#ON_SAVE}.
+	 * @param flushMode the new Hazelcast flush mode
+	 */
+	public void setFlushMode(FlushMode flushMode) {
+		Assert.notNull(flushMode, "flushMode cannot be null");
+		this.flushMode = flushMode;
+	}
+
+	/**
+	 * Set the save mode.
+	 * @param saveMode the save mode
+	 */
+	public void setSaveMode(SaveMode saveMode) {
+		Assert.notNull(saveMode, "saveMode must not be null");
+		this.saveMode = saveMode;
+	}
+
+	@Override
+	public HazelcastSession createSession() {
+		MapSession cached = new MapSession();
+		if (this.defaultMaxInactiveInterval != null) {
+			cached.setMaxInactiveInterval(Duration.ofSeconds(this.defaultMaxInactiveInterval));
+		}
+		HazelcastSession session = new HazelcastSession(cached, true);
+		session.flushImmediateIfNecessary();
+		return session;
+	}
+
+	@Override
+	public void save(HazelcastSession session) {
+		if (session.isNew) {
+			this.sessions.set(session.getId(), session.getDelegate(), session.getMaxInactiveInterval().getSeconds(),
+					TimeUnit.SECONDS);
+		}
+		else if (session.sessionIdChanged) {
+			this.sessions.delete(session.originalId);
+			session.originalId = session.getId();
+			this.sessions.set(session.getId(), session.getDelegate(), session.getMaxInactiveInterval().getSeconds(),
+					TimeUnit.SECONDS);
+		}
+		else if (session.hasChanges()) {
+			Hazelcast4SessionUpdateEntryProcessor entryProcessor = new Hazelcast4SessionUpdateEntryProcessor();
+			if (session.lastAccessedTimeChanged) {
+				entryProcessor.setLastAccessedTime(session.getLastAccessedTime());
+			}
+			if (session.maxInactiveIntervalChanged) {
+				if (SUPPORTS_SET_TTL) {
+					updateTtl(session);
+				}
+				entryProcessor.setMaxInactiveInterval(session.getMaxInactiveInterval());
+			}
+			if (!session.delta.isEmpty()) {
+				entryProcessor.setDelta(new HashMap<>(session.delta));
+			}
+			this.sessions.executeOnKey(session.getId(), entryProcessor);
+		}
+		session.clearChangeFlags();
+	}
+
+	private void updateTtl(HazelcastSession session) {
+		this.sessions.setTtl(session.getId(), session.getMaxInactiveInterval().getSeconds(), TimeUnit.SECONDS);
+	}
+
+	@Override
+	public HazelcastSession findById(String id) {
+		MapSession saved = this.sessions.get(id);
+		if (saved == null) {
+			return null;
+		}
+		if (saved.isExpired()) {
+			deleteById(saved.getId());
+			return null;
+		}
+		return new HazelcastSession(saved, false);
+	}
+
+	@Override
+	public void deleteById(String id) {
+		this.sessions.remove(id);
+	}
+
+	@Override
+	public Map<String, HazelcastSession> findByIndexNameAndIndexValue(String indexName, String indexValue) {
+		if (!PRINCIPAL_NAME_INDEX_NAME.equals(indexName)) {
+			return Collections.emptyMap();
+		}
+		Collection<MapSession> sessions = this.sessions.values(Predicates.equal(PRINCIPAL_NAME_ATTRIBUTE, indexValue));
+		Map<String, HazelcastSession> sessionMap = new HashMap<>(sessions.size());
+		for (MapSession session : sessions) {
+			sessionMap.put(session.getId(), new HazelcastSession(session, false));
+		}
+		return sessionMap;
+	}
+
+	@Override
+	public void entryAdded(EntryEvent<String, MapSession> event) {
+		MapSession session = event.getValue();
+		if (session.getId().equals(session.getOriginalId())) {
+			if (logger.isDebugEnabled()) {
+				logger.debug("Session created with id: " + session.getId());
+			}
+			this.eventPublisher.publishEvent(new SessionCreatedEvent(this, session));
+		}
+	}
+
+	@Override
+	public void entryEvicted(EntryEvent<String, MapSession> event) {
+		if (logger.isDebugEnabled()) {
+			logger.debug("Session expired with id: " + event.getOldValue().getId());
+		}
+		this.eventPublisher.publishEvent(new SessionExpiredEvent(this, event.getOldValue()));
+	}
+
+	@Override
+	public void entryRemoved(EntryEvent<String, MapSession> event) {
+		MapSession session = event.getOldValue();
+		if (session != null) {
+			if (logger.isDebugEnabled()) {
+				logger.debug("Session deleted with id: " + session.getId());
+			}
+			this.eventPublisher.publishEvent(new SessionDeletedEvent(this, session));
+		}
+	}
+
+	@Override
+	public void entryExpired(EntryEvent<String, MapSession> event) {
+		if (logger.isDebugEnabled()) {
+			logger.debug("Session expired with id: " + event.getOldValue().getId());
+		}
+		this.eventPublisher.publishEvent(new SessionExpiredEvent(this, event.getOldValue()));
+	}
+
+	/**
+	 * A custom implementation of {@link Session} that uses a {@link MapSession} as the
+	 * basis for its mapping. It keeps track if changes have been made since last save.
+	 *
+	 * @author Aleksandar Stojsavljevic
+	 */
+	final class HazelcastSession implements Session {
+
+		private final MapSession delegate;
+
+		private boolean isNew;
+
+		private boolean sessionIdChanged;
+
+		private boolean lastAccessedTimeChanged;
+
+		private boolean maxInactiveIntervalChanged;
+
+		private String originalId;
+
+		private Map<String, Object> delta = new HashMap<>();
+
+		HazelcastSession(MapSession cached, boolean isNew) {
+			this.delegate = cached;
+			this.isNew = isNew;
+			this.originalId = cached.getId();
+			if (this.isNew || (Hazelcast4IndexedSessionRepository.this.saveMode == SaveMode.ALWAYS)) {
+				getAttributeNames()
+						.forEach((attributeName) -> this.delta.put(attributeName, cached.getAttribute(attributeName)));
+			}
+		}
+
+		@Override
+		public void setLastAccessedTime(Instant lastAccessedTime) {
+			this.delegate.setLastAccessedTime(lastAccessedTime);
+			this.lastAccessedTimeChanged = true;
+			flushImmediateIfNecessary();
+		}
+
+		@Override
+		public boolean isExpired() {
+			return this.delegate.isExpired();
+		}
+
+		@Override
+		public Instant getCreationTime() {
+			return this.delegate.getCreationTime();
+		}
+
+		@Override
+		public String getId() {
+			return this.delegate.getId();
+		}
+
+		@Override
+		public String changeSessionId() {
+			String newSessionId = this.delegate.changeSessionId();
+			this.sessionIdChanged = true;
+			return newSessionId;
+		}
+
+		@Override
+		public Instant getLastAccessedTime() {
+			return this.delegate.getLastAccessedTime();
+		}
+
+		@Override
+		public void setMaxInactiveInterval(Duration interval) {
+			this.delegate.setMaxInactiveInterval(interval);
+			this.maxInactiveIntervalChanged = true;
+			flushImmediateIfNecessary();
+		}
+
+		@Override
+		public Duration getMaxInactiveInterval() {
+			return this.delegate.getMaxInactiveInterval();
+		}
+
+		@Override
+		public <T> T getAttribute(String attributeName) {
+			T attributeValue = this.delegate.getAttribute(attributeName);
+			if (attributeValue != null
+					&& Hazelcast4IndexedSessionRepository.this.saveMode.equals(SaveMode.ON_GET_ATTRIBUTE)) {
+				this.delta.put(attributeName, attributeValue);
+			}
+			return attributeValue;
+		}
+
+		@Override
+		public Set<String> getAttributeNames() {
+			return this.delegate.getAttributeNames();
+		}
+
+		@Override
+		public void setAttribute(String attributeName, Object attributeValue) {
+			this.delegate.setAttribute(attributeName, attributeValue);
+			this.delta.put(attributeName, attributeValue);
+			if (SPRING_SECURITY_CONTEXT.equals(attributeName)) {
+				Map<String, String> indexes = Hazelcast4IndexedSessionRepository.this.indexResolver
+						.resolveIndexesFor(this);
+				String principal = (attributeValue != null) ? indexes.get(PRINCIPAL_NAME_INDEX_NAME) : null;
+				this.delegate.setAttribute(PRINCIPAL_NAME_INDEX_NAME, principal);
+			}
+			flushImmediateIfNecessary();
+		}
+
+		@Override
+		public void removeAttribute(String attributeName) {
+			setAttribute(attributeName, null);
+		}
+
+		MapSession getDelegate() {
+			return this.delegate;
+		}
+
+		boolean hasChanges() {
+			return (this.lastAccessedTimeChanged || this.maxInactiveIntervalChanged || !this.delta.isEmpty());
+		}
+
+		void clearChangeFlags() {
+			this.isNew = false;
+			this.lastAccessedTimeChanged = false;
+			this.sessionIdChanged = false;
+			this.maxInactiveIntervalChanged = false;
+			this.delta.clear();
+		}
+
+		private void flushImmediateIfNecessary() {
+			if (Hazelcast4IndexedSessionRepository.this.flushMode == FlushMode.IMMEDIATE) {
+				Hazelcast4IndexedSessionRepository.this.save(this);
+			}
+		}
+
+	}
+
+}

spring-session-hazelcast/hazelcast4/src/main/java/org/springframework/session/hazelcast/Hazelcast4PrincipalNameExtractor.java

@@ -0,0 +1,43 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.hazelcast;
+
+import com.hazelcast.query.extractor.ValueCollector;
+import com.hazelcast.query.extractor.ValueExtractor;
+
+import org.springframework.session.FindByIndexNameSessionRepository;
+import org.springframework.session.MapSession;
+
+/**
+ * Hazelcast {@link ValueExtractor} responsible for extracting principal name from the
+ * {@link MapSession} to be used with Hazelcast 4.
+ *
+ * @author Eleftheria Stein
+ * @since 2.4.0
+ */
+public class Hazelcast4PrincipalNameExtractor implements ValueExtractor<MapSession, String> {
+
+	@Override
+	@SuppressWarnings("unchecked")
+	public void extract(MapSession target, String argument, ValueCollector collector) {
+		String principalName = target.getAttribute(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME);
+		if (principalName != null) {
+			collector.addObject(principalName);
+		}
+	}
+
+}

spring-session-hazelcast/hazelcast4/src/main/java/org/springframework/session/hazelcast/Hazelcast4SessionUpdateEntryProcessor.java

@@ -0,0 +1,88 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.hazelcast;
+
+import java.time.Duration;
+import java.time.Instant;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
+
+import com.hazelcast.map.EntryProcessor;
+import com.hazelcast.map.ExtendedMapEntry;
+
+import org.springframework.session.MapSession;
+
+/**
+ * Hazelcast {@link EntryProcessor} responsible for handling updates to session when using
+ * Hazelcast 4.
+ *
+ * @author Eleftheria Stein
+ * @since 2.4.0
+ */
+public class Hazelcast4SessionUpdateEntryProcessor implements EntryProcessor<String, MapSession, Object> {
+
+	private Instant lastAccessedTime;
+
+	private Duration maxInactiveInterval;
+
+	private Map<String, Object> delta;
+
+	@Override
+	public Object process(Map.Entry<String, MapSession> entry) {
+		MapSession value = entry.getValue();
+		if (value == null) {
+			return Boolean.FALSE;
+		}
+		if (this.lastAccessedTime != null) {
+			value.setLastAccessedTime(this.lastAccessedTime);
+		}
+		if (this.maxInactiveInterval != null) {
+			value.setMaxInactiveInterval(this.maxInactiveInterval);
+		}
+		if (this.delta != null) {
+			for (final Map.Entry<String, Object> attribute : this.delta.entrySet()) {
+				if (attribute.getValue() != null) {
+					value.setAttribute(attribute.getKey(), attribute.getValue());
+				}
+				else {
+					value.removeAttribute(attribute.getKey());
+				}
+			}
+		}
+		if (this.maxInactiveInterval != null) {
+			((ExtendedMapEntry<String, MapSession>) entry).setValue(value, this.maxInactiveInterval.getSeconds(),
+					TimeUnit.SECONDS);
+		}
+		else {
+			entry.setValue(value);
+		}
+		return Boolean.TRUE;
+	}
+
+	void setLastAccessedTime(Instant lastAccessedTime) {
+		this.lastAccessedTime = lastAccessedTime;
+	}
+
+	void setMaxInactiveInterval(Duration maxInactiveInterval) {
+		this.maxInactiveInterval = maxInactiveInterval;
+	}
+
+	void setDelta(Map<String, Object> delta) {
+		this.delta = delta;
+	}
+
+}

spring-session-hazelcast/hazelcast4/src/test/java/org/springframework/session/hazelcast/Hazelcast4IndexedSessionRepositoryTests.java

@@ -0,0 +1,472 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.hazelcast;
+
+import java.time.Duration;
+import java.time.Instant;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
+
+import com.hazelcast.core.HazelcastInstance;
+import com.hazelcast.map.EntryProcessor;
+import com.hazelcast.map.IMap;
+import com.hazelcast.map.listener.MapListener;
+import com.hazelcast.query.impl.predicates.EqualPredicate;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.mockito.ArgumentCaptor;
+
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.session.FindByIndexNameSessionRepository;
+import org.springframework.session.FlushMode;
+import org.springframework.session.MapSession;
+import org.springframework.session.SaveMode;
+import org.springframework.session.hazelcast.Hazelcast4IndexedSessionRepository.HazelcastSession;
+import org.springframework.test.util.ReflectionTestUtils;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyBoolean;
+import static org.mockito.ArgumentMatchers.anyLong;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.ArgumentMatchers.isA;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
+
+/**
+ * Tests for {@link Hazelcast4IndexedSessionRepository}.
+ *
+ * @author Eleftheria Stein
+ */
+class Hazelcast4IndexedSessionRepositoryTests {
+
+	private static final String SPRING_SECURITY_CONTEXT = "SPRING_SECURITY_CONTEXT";
+
+	private HazelcastInstance hazelcastInstance = mock(HazelcastInstance.class);
+
+	@SuppressWarnings("unchecked")
+	private IMap<String, MapSession> sessions = mock(IMap.class);
+
+	private Hazelcast4IndexedSessionRepository repository;
+
+	@BeforeEach
+	void setUp() {
+		given(this.hazelcastInstance.<String, MapSession>getMap(anyString())).willReturn(this.sessions);
+		this.repository = new Hazelcast4IndexedSessionRepository(this.hazelcastInstance);
+		this.repository.init();
+	}
+
+	@Test
+	void constructorNullHazelcastInstance() {
+		assertThatIllegalArgumentException().isThrownBy(() -> new Hazelcast4IndexedSessionRepository(null))
+				.withMessage("HazelcastInstance must not be null");
+	}
+
+	@Test
+	void setSaveModeNull() {
+		assertThatIllegalArgumentException().isThrownBy(() -> this.repository.setSaveMode(null))
+				.withMessage("saveMode must not be null");
+	}
+
+	@Test
+	void createSessionDefaultMaxInactiveInterval() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		HazelcastSession session = this.repository.createSession();
+
+		assertThat(session.getMaxInactiveInterval()).isEqualTo(new MapSession().getMaxInactiveInterval());
+		verifyNoMoreInteractions(this.sessions);
+	}
+
+	@Test
+	void createSessionCustomMaxInactiveInterval() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		int interval = 1;
+		this.repository.setDefaultMaxInactiveInterval(interval);
+
+		HazelcastSession session = this.repository.createSession();
+
+		assertThat(session.getMaxInactiveInterval()).isEqualTo(Duration.ofSeconds(interval));
+		verifyNoMoreInteractions(this.sessions);
+	}
+
+	@Test
+	void saveNewFlushModeOnSave() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		HazelcastSession session = this.repository.createSession();
+		verifyNoMoreInteractions(this.sessions);
+
+		this.repository.save(session);
+		verify(this.sessions, times(1)).set(eq(session.getId()), eq(session.getDelegate()), isA(Long.class),
+				eq(TimeUnit.SECONDS));
+		verifyNoMoreInteractions(this.sessions);
+	}
+
+	@Test
+	void saveNewFlushModeImmediate() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		this.repository.setFlushMode(FlushMode.IMMEDIATE);
+
+		HazelcastSession session = this.repository.createSession();
+		verify(this.sessions, times(1)).set(eq(session.getId()), eq(session.getDelegate()), isA(Long.class),
+				eq(TimeUnit.SECONDS));
+		verifyNoMoreInteractions(this.sessions);
+	}
+
+	@Test
+	void saveUpdatedAttributeFlushModeOnSave() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		HazelcastSession session = this.repository.createSession();
+		session.setAttribute("testName", "testValue");
+		verifyNoMoreInteractions(this.sessions);
+
+		this.repository.save(session);
+		verify(this.sessions, times(1)).set(eq(session.getId()), eq(session.getDelegate()), isA(Long.class),
+				eq(TimeUnit.SECONDS));
+		verifyNoMoreInteractions(this.sessions);
+	}
+
+	@Test
+	void saveUpdatedAttributeFlushModeImmediate() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		this.repository.setFlushMode(FlushMode.IMMEDIATE);
+
+		HazelcastSession session = this.repository.createSession();
+		session.setAttribute("testName", "testValue");
+		verify(this.sessions, times(1)).set(eq(session.getId()), eq(session.getDelegate()), isA(Long.class),
+				eq(TimeUnit.SECONDS));
+		verify(this.sessions, times(1)).executeOnKey(eq(session.getId()), any(EntryProcessor.class));
+
+		this.repository.save(session);
+		verifyNoMoreInteractions(this.sessions);
+	}
+
+	@Test
+	void removeAttributeFlushModeOnSave() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		HazelcastSession session = this.repository.createSession();
+		session.removeAttribute("testName");
+		verifyNoMoreInteractions(this.sessions);
+
+		this.repository.save(session);
+		verify(this.sessions, times(1)).set(eq(session.getId()), eq(session.getDelegate()), isA(Long.class),
+				eq(TimeUnit.SECONDS));
+		verifyNoMoreInteractions(this.sessions);
+	}
+
+	@Test
+	void removeAttributeFlushModeImmediate() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		this.repository.setFlushMode(FlushMode.IMMEDIATE);
+
+		HazelcastSession session = this.repository.createSession();
+		session.removeAttribute("testName");
+		verify(this.sessions, times(1)).set(eq(session.getId()), eq(session.getDelegate()), isA(Long.class),
+				eq(TimeUnit.SECONDS));
+		verify(this.sessions, times(1)).executeOnKey(eq(session.getId()), any(EntryProcessor.class));
+
+		this.repository.save(session);
+		verifyNoMoreInteractions(this.sessions);
+	}
+
+	@Test
+	void saveUpdatedLastAccessedTimeFlushModeOnSave() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		HazelcastSession session = this.repository.createSession();
+		session.setLastAccessedTime(Instant.now());
+		verifyNoMoreInteractions(this.sessions);
+
+		this.repository.save(session);
+		verify(this.sessions, times(1)).set(eq(session.getId()), eq(session.getDelegate()), isA(Long.class),
+				eq(TimeUnit.SECONDS));
+		verifyNoMoreInteractions(this.sessions);
+	}
+
+	@Test
+	void saveUpdatedLastAccessedTimeFlushModeImmediate() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		this.repository.setFlushMode(FlushMode.IMMEDIATE);
+
+		HazelcastSession session = this.repository.createSession();
+		session.setLastAccessedTime(Instant.now());
+		verify(this.sessions, times(1)).set(eq(session.getId()), eq(session.getDelegate()), isA(Long.class),
+				eq(TimeUnit.SECONDS));
+		verify(this.sessions, times(1)).executeOnKey(eq(session.getId()), any(EntryProcessor.class));
+
+		this.repository.save(session);
+		verifyNoMoreInteractions(this.sessions);
+	}
+
+	@Test
+	void saveUpdatedMaxInactiveIntervalInSecondsFlushModeOnSave() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		HazelcastSession session = this.repository.createSession();
+		session.setMaxInactiveInterval(Duration.ofSeconds(1));
+		verifyNoMoreInteractions(this.sessions);
+
+		this.repository.save(session);
+		verify(this.sessions, times(1)).set(eq(session.getId()), eq(session.getDelegate()), isA(Long.class),
+				eq(TimeUnit.SECONDS));
+		verifyNoMoreInteractions(this.sessions);
+	}
+
+	@Test
+	void saveUpdatedMaxInactiveIntervalInSecondsFlushModeImmediate() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		this.repository.setFlushMode(FlushMode.IMMEDIATE);
+
+		HazelcastSession session = this.repository.createSession();
+		String sessionId = session.getId();
+		session.setMaxInactiveInterval(Duration.ofSeconds(1));
+		verify(this.sessions, times(1)).set(eq(sessionId), eq(session.getDelegate()), isA(Long.class),
+				eq(TimeUnit.SECONDS));
+		verify(this.sessions).setTtl(eq(sessionId), anyLong(), any());
+		verify(this.sessions, times(1)).executeOnKey(eq(sessionId), any(EntryProcessor.class));
+
+		this.repository.save(session);
+		verifyNoMoreInteractions(this.sessions);
+	}
+
+	@Test
+	void saveUnchangedFlushModeOnSave() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		HazelcastSession session = this.repository.createSession();
+		this.repository.save(session);
+		verify(this.sessions, times(1)).set(eq(session.getId()), eq(session.getDelegate()), isA(Long.class),
+				eq(TimeUnit.SECONDS));
+
+		this.repository.save(session);
+		verifyNoMoreInteractions(this.sessions);
+	}
+
+	@Test
+	void saveUnchangedFlushModeImmediate() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		this.repository.setFlushMode(FlushMode.IMMEDIATE);
+
+		HazelcastSession session = this.repository.createSession();
+		verify(this.sessions, times(1)).set(eq(session.getId()), eq(session.getDelegate()), isA(Long.class),
+				eq(TimeUnit.SECONDS));
+
+		this.repository.save(session);
+		verifyNoMoreInteractions(this.sessions);
+	}
+
+	@Test
+	void getSessionNotFound() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		String sessionId = "testSessionId";
+
+		HazelcastSession session = this.repository.findById(sessionId);
+
+		assertThat(session).isNull();
+		verify(this.sessions, times(1)).get(eq(sessionId));
+		verifyNoMoreInteractions(this.sessions);
+	}
+
+	@Test
+	void getSessionExpired() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		MapSession expired = new MapSession();
+		expired.setLastAccessedTime(Instant.now().minusSeconds(MapSession.DEFAULT_MAX_INACTIVE_INTERVAL_SECONDS + 1));
+		given(this.sessions.get(eq(expired.getId()))).willReturn(expired);
+
+		HazelcastSession session = this.repository.findById(expired.getId());
+
+		assertThat(session).isNull();
+		verify(this.sessions, times(1)).get(eq(expired.getId()));
+		verify(this.sessions, times(1)).remove(eq(expired.getId()));
+		verifyNoMoreInteractions(this.sessions);
+	}
+
+	@Test
+	void getSessionFound() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		MapSession saved = new MapSession();
+		saved.setAttribute("savedName", "savedValue");
+		given(this.sessions.get(eq(saved.getId()))).willReturn(saved);
+
+		HazelcastSession session = this.repository.findById(saved.getId());
+
+		assertThat(session.getId()).isEqualTo(saved.getId());
+		assertThat(session.<String>getAttribute("savedName")).isEqualTo("savedValue");
+		verify(this.sessions, times(1)).get(eq(saved.getId()));
+		verifyNoMoreInteractions(this.sessions);
+	}
+
+	@Test
+	void delete() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		String sessionId = "testSessionId";
+
+		this.repository.deleteById(sessionId);
+
+		verify(this.sessions, times(1)).remove(eq(sessionId));
+		verifyNoMoreInteractions(this.sessions);
+	}
+
+	@Test
+	void findByIndexNameAndIndexValueUnknownIndexName() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		String indexValue = "testIndexValue";
+
+		Map<String, HazelcastSession> sessions = this.repository.findByIndexNameAndIndexValue("testIndexName",
+				indexValue);
+
+		assertThat(sessions).isEmpty();
+		verifyNoMoreInteractions(this.sessions);
+	}
+
+	@Test
+	void findByIndexNameAndIndexValuePrincipalIndexNameNotFound() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		String principal = "username";
+
+		Map<String, HazelcastSession> sessions = this.repository
+				.findByIndexNameAndIndexValue(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME, principal);
+
+		assertThat(sessions).isEmpty();
+		verify(this.sessions, times(1)).values(isA(EqualPredicate.class));
+		verifyNoMoreInteractions(this.sessions);
+	}
+
+	@Test
+	void findByIndexNameAndIndexValuePrincipalIndexNameFound() {
+		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
+
+		String principal = "username";
+		Authentication authentication = new UsernamePasswordAuthenticationToken(principal, "notused",
+				AuthorityUtils.createAuthorityList("ROLE_USER"));
+		List<MapSession> saved = new ArrayList<>(2);
+		MapSession saved1 = new MapSession();
+		saved1.setAttribute(SPRING_SECURITY_CONTEXT, authentication);
+		saved.add(saved1);
+		MapSession saved2 = new MapSession();
+		saved2.setAttribute(SPRING_SECURITY_CONTEXT, authentication);
+		saved.add(saved2);
+		given(this.sessions.values(isA(EqualPredicate.class))).willReturn(saved);
+
+		Map<String, HazelcastSession> sessions = this.repository
+				.findByIndexNameAndIndexValue(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME, principal);
+
+		assertThat(sessions).hasSize(2);
+		verify(this.sessions, times(1)).values(isA(EqualPredicate.class));
+		verifyNoMoreInteractions(this.sessions);
+	}
+
+	@Test // gh-1120
+	void getAttributeNamesAndRemove() {
+		HazelcastSession session = this.repository.createSession();
+		session.setAttribute("attribute1", "value1");
+		session.setAttribute("attribute2", "value2");
+
+		for (String attributeName : session.getAttributeNames()) {
+			session.removeAttribute(attributeName);
+		}
+
+		assertThat(session.getAttributeNames()).isEmpty();
+	}
+
+	@Test
+	@SuppressWarnings("unchecked")
+	void saveWithSaveModeOnSetAttribute() {
+		verify(this.sessions).addEntryListener(any(MapListener.class), anyBoolean());
+		this.repository.setSaveMode(SaveMode.ON_SET_ATTRIBUTE);
+		MapSession delegate = new MapSession();
+		delegate.setAttribute("attribute1", "value1");
+		delegate.setAttribute("attribute2", "value2");
+		delegate.setAttribute("attribute3", "value3");
+		HazelcastSession session = this.repository.new HazelcastSession(delegate, false);
+		session.getAttribute("attribute2");
+		session.setAttribute("attribute3", "value4");
+		this.repository.save(session);
+		ArgumentCaptor<Hazelcast4SessionUpdateEntryProcessor> captor = ArgumentCaptor
+				.forClass(Hazelcast4SessionUpdateEntryProcessor.class);
+		verify(this.sessions).executeOnKey(eq(session.getId()), captor.capture());
+		assertThat((Map<String, Object>) ReflectionTestUtils.getField(captor.getValue(), "delta")).hasSize(1);
+		verifyNoMoreInteractions(this.sessions);
+	}
+
+	@Test
+	@SuppressWarnings("unchecked")
+	void saveWithSaveModeOnGetAttribute() {
+		verify(this.sessions).addEntryListener(any(MapListener.class), anyBoolean());
+		this.repository.setSaveMode(SaveMode.ON_GET_ATTRIBUTE);
+		MapSession delegate = new MapSession();
+		delegate.setAttribute("attribute1", "value1");
+		delegate.setAttribute("attribute2", "value2");
+		delegate.setAttribute("attribute3", "value3");
+		HazelcastSession session = this.repository.new HazelcastSession(delegate, false);
+		session.getAttribute("attribute2");
+		session.setAttribute("attribute3", "value4");
+		this.repository.save(session);
+		ArgumentCaptor<Hazelcast4SessionUpdateEntryProcessor> captor = ArgumentCaptor
+				.forClass(Hazelcast4SessionUpdateEntryProcessor.class);
+		verify(this.sessions).executeOnKey(eq(session.getId()), captor.capture());
+		assertThat((Map<String, Object>) ReflectionTestUtils.getField(captor.getValue(), "delta")).hasSize(2);
+		verifyNoMoreInteractions(this.sessions);
+	}
+
+	@Test
+	@SuppressWarnings("unchecked")
+	void saveWithSaveModeAlways() {
+		verify(this.sessions).addEntryListener(any(MapListener.class), anyBoolean());
+		this.repository.setSaveMode(SaveMode.ALWAYS);
+		MapSession delegate = new MapSession();
+		delegate.setAttribute("attribute1", "value1");
+		delegate.setAttribute("attribute2", "value2");
+		delegate.setAttribute("attribute3", "value3");
+		HazelcastSession session = this.repository.new HazelcastSession(delegate, false);
+		session.getAttribute("attribute2");
+		session.setAttribute("attribute3", "value4");
+		this.repository.save(session);
+		ArgumentCaptor<Hazelcast4SessionUpdateEntryProcessor> captor = ArgumentCaptor
+				.forClass(Hazelcast4SessionUpdateEntryProcessor.class);
+		verify(this.sessions).executeOnKey(eq(session.getId()), captor.capture());
+		assertThat((Map<String, Object>) ReflectionTestUtils.getField(captor.getValue(), "delta")).hasSize(3);
+		verifyNoMoreInteractions(this.sessions);
+	}
+
+}

spring-session-hazelcast/spring-session-hazelcast.gradle

@@ -1,17 +1,29 @@
 apply plugin: 'io.spring.convention.spring-module'
 
+configurations {
+	hazelcast4
+}
+
 dependencies {
 	compile project(':spring-session-core')
 	compile "com.hazelcast:hazelcast"
 	compile "javax.annotation:javax.annotation-api"
 	compile "org.springframework:spring-context"
 
+	hazelcast4(project(path: ":hazelcast4", configuration: 'classesOnlyElements'))
+	compileOnly(project(":hazelcast4"))
+
 	testCompile "javax.servlet:javax.servlet-api"
 	testCompile "org.springframework:spring-web"
 	testCompile "org.springframework.security:spring-security-core"
 	testCompile "org.junit.jupiter:junit-jupiter-api"
+	testRuntime project(':hazelcast4')
 	testRuntime "org.junit.jupiter:junit-jupiter-engine"
 
 	integrationTestCompile "com.hazelcast:hazelcast-client"
 	integrationTestCompile "org.testcontainers:testcontainers"
 }
+
+jar {
+	from configurations.hazelcast4
+}

spring-session-hazelcast/src/integration-test/java/org/springframework/session/hazelcast/AbstractHazelcastIndexedSessionRepositoryITests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -58,16 +58,13 @@ abstract class AbstractHazelcastIndexedSessionRepositoryITests {
 		IMap<String, MapSession> hazelcastMap = this.hazelcastInstance
 				.getMap(HazelcastIndexedSessionRepository.DEFAULT_SESSION_MAP_NAME);
 
-		assertThat(hazelcastMap.size()).isEqualTo(0);
-
 		this.repository.save(sessionToSave);
 
-		assertThat(hazelcastMap.size()).isEqualTo(1);
 		assertThat(hazelcastMap.get(sessionId)).isEqualTo(sessionToSave);
 
 		this.repository.deleteById(sessionId);
 
-		assertThat(hazelcastMap.size()).isEqualTo(0);
+		assertThat(hazelcastMap.get(sessionId)).isNull();
 	}
 
 	@Test
@@ -183,6 +180,8 @@ abstract class AbstractHazelcastIndexedSessionRepositoryITests {
 		this.repository.save(session);
 
 		assertThat(this.repository.findById(sessionId)).isNotNull();
+
+		this.repository.deleteById(sessionId);
 	}
 
 	@Test
@@ -199,6 +198,8 @@ abstract class AbstractHazelcastIndexedSessionRepositoryITests {
 		this.repository.save(session);
 
 		assertThat(this.repository.findById(sessionId)).isNotNull();
+
+		this.repository.deleteById(sessionId);
 	}
 
 	@Test
@@ -220,6 +221,8 @@ abstract class AbstractHazelcastIndexedSessionRepositoryITests {
 		assertThat(this.repository
 				.findByIndexNameAndIndexValue(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME, username))
 						.hasSize(1);
+
+		this.repository.deleteById(session.getId());
 	}
 
 }

spring-session-hazelcast/src/integration-test/java/org/springframework/session/hazelcast/ClientServerHazelcastIndexedSessionRepositoryITests.java

@@ -46,7 +46,7 @@ import org.springframework.test.context.web.WebAppConfiguration;
 @WebAppConfiguration
 class ClientServerHazelcastIndexedSessionRepositoryITests extends AbstractHazelcastIndexedSessionRepositoryITests {
 
-	private static GenericContainer container = new GenericContainer<>("hazelcast/hazelcast:3.12.3")
+	private static GenericContainer container = new GenericContainer<>("hazelcast/hazelcast:3.12.12")
 			.withExposedPorts(5701).withCopyFileToContainer(MountableFile.forClasspathResource("/hazelcast-server.xml"),
 					"/opt/hazelcast/hazelcast.xml");
 

spring-session-hazelcast/src/integration-test/java/org/springframework/session/hazelcast/HazelcastITestUtils.java

@@ -20,9 +20,12 @@ import com.hazelcast.config.Config;
 import com.hazelcast.config.MapAttributeConfig;
 import com.hazelcast.config.MapIndexConfig;
 import com.hazelcast.config.NetworkConfig;
+import com.hazelcast.config.SerializerConfig;
 import com.hazelcast.core.Hazelcast;
 import com.hazelcast.core.HazelcastInstance;
 
+import org.springframework.session.MapSession;
+
 /**
  * Utility class for Hazelcast integration tests.
  *
@@ -48,6 +51,9 @@ final class HazelcastITestUtils {
 		config.getMapConfig(HazelcastIndexedSessionRepository.DEFAULT_SESSION_MAP_NAME)
 				.addMapAttributeConfig(attributeConfig).addMapIndexConfig(
 						new MapIndexConfig(HazelcastIndexedSessionRepository.PRINCIPAL_NAME_ATTRIBUTE, false));
+		SerializerConfig serializerConfig = new SerializerConfig();
+		serializerConfig.setImplementation(new HazelcastSessionSerializer()).setTypeClass(MapSession.class);
+		config.getSerializationConfig().addSerializerConfig(serializerConfig);
 		return Hazelcast.newHazelcastInstance(config);
 	}
 

spring-session-hazelcast/src/integration-test/resources/hazelcast-server.xml

@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <hazelcast xmlns="http://www.hazelcast.com/schema/config"
 		xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-		xsi:schemaLocation="http://www.hazelcast.com/schema/config https://www.hazelcast.com/schema/config/hazelcast-config-3.12.xsd">
+		xsi:schemaLocation="http://www.hazelcast.com/schema/config https://www.hazelcast.com/schema/config/hazelcast-config-3.13.xsd">
 
 	<network>
 		<join>

spring-session-hazelcast/src/main/java/org/springframework/session/hazelcast/HazelcastSessionSerializer.java

@@ -0,0 +1,159 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.hazelcast;
+
+import java.io.EOFException;
+import java.io.IOException;
+import java.time.Duration;
+import java.time.Instant;
+
+import com.hazelcast.nio.ObjectDataInput;
+import com.hazelcast.nio.ObjectDataOutput;
+import com.hazelcast.nio.serialization.StreamSerializer;
+
+import org.springframework.session.MapSession;
+
+/**
+ * A {@link com.hazelcast.nio.serialization.Serializer} implementation that handles the
+ * (de)serialization of {@link MapSession} stored on {@link com.hazelcast.core.IMap}.
+ *
+ * <p>
+ * The use of this serializer is optional and provides faster serialization of sessions.
+ * If not configured to be used, Hazelcast will serialize sessions via
+ * {@link java.io.Serializable} by default.
+ *
+ * <p>
+ * If multiple instances of a Spring application is run, then all of them need to use the
+ * same serialization method. If this serializer is registered on one instance and not
+ * another one, then it will end up with HazelcastSerializationException. The same applies
+ * when clients are configured to use this serializer but not the members, and vice versa.
+ * Also note that, if a new instance is created with this serialization but the existing
+ * Hazelcast cluster contains the values not serialized by this but instead the default
+ * one, this will result in incompatibility again.
+ *
+ * <p>
+ * An example of how to register the serializer on embedded instance can be seen below:
+ *
+ * <pre class="code">
+ * Config config = new Config();
+ *
+ * // ... other configurations for Hazelcast ...
+ *
+ * SerializerConfig serializerConfig = new SerializerConfig();
+ * serializerConfig.setImplementation(new HazelcastSessionSerializer()).setTypeClass(MapSession.class);
+ * config.getSerializationConfig().addSerializerConfig(serializerConfig);
+ *
+ * HazelcastInstance hazelcastInstance = Hazelcast.newHazelcastInstance(config);
+ * </pre>
+ *
+ * Below is the example of how to register the serializer on client instance. Note that,
+ * to use the serializer in client/server mode, the serializer - and hence
+ * {@link MapSession}, must exist on the server's classpath and must be registered via
+ * {@link com.hazelcast.config.SerializerConfig} with the configuration above for each
+ * server.
+ *
+ * <pre class="code">
+ * ClientConfig clientConfig = new ClientConfig();
+ *
+ * // ... other configurations for Hazelcast Client ...
+ *
+ * SerializerConfig serializerConfig = new SerializerConfig();
+ * serializerConfig.setImplementation(new HazelcastSessionSerializer()).setTypeClass(MapSession.class);
+ * clientConfig.getSerializationConfig().addSerializerConfig(serializerConfig);
+ *
+ * HazelcastInstance hazelcastClient = HazelcastClient.newHazelcastClient(clientConfig);
+ * </pre>
+ *
+ * @author Enes Ozcan
+ * @since 2.4.0
+ */
+public class HazelcastSessionSerializer implements StreamSerializer<MapSession> {
+
+	private static final int SERIALIZER_TYPE_ID = 1453;
+
+	@Override
+	public void write(ObjectDataOutput out, MapSession session) throws IOException {
+		out.writeUTF(session.getOriginalId());
+		out.writeUTF(session.getId());
+		writeInstant(out, session.getCreationTime());
+		writeInstant(out, session.getLastAccessedTime());
+		writeDuration(out, session.getMaxInactiveInterval());
+		for (String attrName : session.getAttributeNames()) {
+			Object attrValue = session.getAttribute(attrName);
+			if (attrValue != null) {
+				out.writeUTF(attrName);
+				out.writeObject(attrValue);
+			}
+		}
+	}
+
+	private void writeInstant(ObjectDataOutput out, Instant instant) throws IOException {
+		out.writeLong(instant.getEpochSecond());
+		out.writeInt(instant.getNano());
+	}
+
+	private void writeDuration(ObjectDataOutput out, Duration duration) throws IOException {
+		out.writeLong(duration.getSeconds());
+		out.writeInt(duration.getNano());
+	}
+
+	@Override
+	public MapSession read(ObjectDataInput in) throws IOException {
+		String originalId = in.readUTF();
+		MapSession cached = new MapSession(originalId);
+		cached.setId(in.readUTF());
+		cached.setCreationTime(readInstant(in));
+		cached.setLastAccessedTime(readInstant(in));
+		cached.setMaxInactiveInterval(readDuration(in));
+		try {
+			while (true) {
+				// During write, it's not possible to write
+				// number of non-null attributes without an extra
+				// iteration. Hence the attributes are read until
+				// EOF here.
+				String attrName = in.readUTF();
+				Object attrValue = in.readObject();
+				cached.setAttribute(attrName, attrValue);
+			}
+		}
+		catch (EOFException ignored) {
+		}
+		return cached;
+	}
+
+	private Instant readInstant(ObjectDataInput in) throws IOException {
+		long seconds = in.readLong();
+		int nanos = in.readInt();
+		return Instant.ofEpochSecond(seconds, nanos);
+	}
+
+	private Duration readDuration(ObjectDataInput in) throws IOException {
+		long seconds = in.readLong();
+		int nanos = in.readInt();
+		return Duration.ofSeconds(seconds, nanos);
+	}
+
+	@Override
+	public int getTypeId() {
+		return SERIALIZER_TYPE_ID;
+	}
+
+	@Override
+	public void destroy() {
+	}
+
+}

spring-session-hazelcast/src/main/java/org/springframework/session/hazelcast/config/annotation/web/http/EnableHazelcastHttpSession.java

@@ -33,7 +33,6 @@ import org.springframework.session.Session;
 import org.springframework.session.SessionRepository;
 import org.springframework.session.config.annotation.web.http.EnableSpringHttpSession;
 import org.springframework.session.hazelcast.HazelcastFlushMode;
-import org.springframework.session.hazelcast.HazelcastIndexedSessionRepository;
 import org.springframework.session.web.http.SessionRepositoryFilter;
 
 /**
@@ -81,11 +80,10 @@ public @interface EnableHazelcastHttpSession {
 
 	/**
 	 * This is the name of the Map that will be used in Hazelcast to store the session
-	 * data. Default is
-	 * {@link HazelcastIndexedSessionRepository#DEFAULT_SESSION_MAP_NAME}.
+	 * data. Default is "spring:session:sessions".
 	 * @return the name of the Map to store the sessions in Hazelcast
 	 */
-	String sessionMapName() default HazelcastIndexedSessionRepository.DEFAULT_SESSION_MAP_NAME;
+	String sessionMapName() default "spring:session:sessions";
 
 	/**
 	 * Flush mode for the Hazelcast sessions. The default is {@code ON_SAVE} which only

spring-session-hazelcast/src/main/java/org/springframework/session/hazelcast/config/annotation/web/http/HazelcastHttpSessionConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2020 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -35,12 +35,15 @@ import org.springframework.session.IndexResolver;
 import org.springframework.session.MapSession;
 import org.springframework.session.SaveMode;
 import org.springframework.session.Session;
+import org.springframework.session.SessionRepository;
 import org.springframework.session.config.SessionRepositoryCustomizer;
 import org.springframework.session.config.annotation.web.http.SpringHttpSessionConfiguration;
+import org.springframework.session.hazelcast.Hazelcast4IndexedSessionRepository;
 import org.springframework.session.hazelcast.HazelcastFlushMode;
 import org.springframework.session.hazelcast.HazelcastIndexedSessionRepository;
 import org.springframework.session.hazelcast.config.annotation.SpringSessionHazelcastInstance;
 import org.springframework.session.web.http.SessionRepositoryFilter;
+import org.springframework.util.ClassUtils;
 import org.springframework.util.StringUtils;
 
 /**
@@ -72,23 +75,23 @@ public class HazelcastHttpSessionConfiguration extends SpringHttpSessionConfigur
 
 	private List<SessionRepositoryCustomizer<HazelcastIndexedSessionRepository>> sessionRepositoryCustomizers;
 
+	private List<SessionRepositoryCustomizer<Hazelcast4IndexedSessionRepository>> hazelcast4SessionRepositoryCustomizers;
+
+	private static final boolean hazelcast4;
+
+	static {
+		ClassLoader classLoader = HazelcastHttpSessionConfiguration.class.getClassLoader();
+		hazelcast4 = ClassUtils.isPresent("com.hazelcast.map.IMap", classLoader);
+	}
+
 	@Bean
-	public HazelcastIndexedSessionRepository sessionRepository() {
-		HazelcastIndexedSessionRepository sessionRepository = new HazelcastIndexedSessionRepository(
-				this.hazelcastInstance);
-		sessionRepository.setApplicationEventPublisher(this.applicationEventPublisher);
-		if (this.indexResolver != null) {
-			sessionRepository.setIndexResolver(this.indexResolver);
+	public SessionRepository<?> sessionRepository() {
+		if (hazelcast4) {
+			return createHazelcast4IndexedSessionRepository();
 		}
-		if (StringUtils.hasText(this.sessionMapName)) {
-			sessionRepository.setSessionMapName(this.sessionMapName);
+		else {
+			return createHazelcastIndexedSessionRepository();
 		}
-		sessionRepository.setDefaultMaxInactiveInterval(this.maxInactiveIntervalInSeconds);
-		sessionRepository.setFlushMode(this.flushMode);
-		sessionRepository.setSaveMode(this.saveMode);
-		this.sessionRepositoryCustomizers
-				.forEach((sessionRepositoryCustomizer) -> sessionRepositoryCustomizer.customize(sessionRepository));
-		return sessionRepository;
 	}
 
 	public void setMaxInactiveIntervalInSeconds(int maxInactiveIntervalInSeconds) {
@@ -139,6 +142,13 @@ public class HazelcastHttpSessionConfiguration extends SpringHttpSessionConfigur
 		this.sessionRepositoryCustomizers = sessionRepositoryCustomizers.orderedStream().collect(Collectors.toList());
 	}
 
+	@Autowired(required = false)
+	public void setHazelcast4SessionRepositoryCustomizer(
+			ObjectProvider<SessionRepositoryCustomizer<Hazelcast4IndexedSessionRepository>> sessionRepositoryCustomizers) {
+		this.hazelcast4SessionRepositoryCustomizers = sessionRepositoryCustomizers.orderedStream()
+				.collect(Collectors.toList());
+	}
+
 	@Override
 	@SuppressWarnings("deprecation")
 	public void setImportMetadata(AnnotationMetadata importMetadata) {
@@ -159,4 +169,40 @@ public class HazelcastHttpSessionConfiguration extends SpringHttpSessionConfigur
 		this.saveMode = attributes.getEnum("saveMode");
 	}
 
+	private HazelcastIndexedSessionRepository createHazelcastIndexedSessionRepository() {
+		HazelcastIndexedSessionRepository sessionRepository = new HazelcastIndexedSessionRepository(
+				this.hazelcastInstance);
+		sessionRepository.setApplicationEventPublisher(this.applicationEventPublisher);
+		if (this.indexResolver != null) {
+			sessionRepository.setIndexResolver(this.indexResolver);
+		}
+		if (StringUtils.hasText(this.sessionMapName)) {
+			sessionRepository.setSessionMapName(this.sessionMapName);
+		}
+		sessionRepository.setDefaultMaxInactiveInterval(this.maxInactiveIntervalInSeconds);
+		sessionRepository.setFlushMode(this.flushMode);
+		sessionRepository.setSaveMode(this.saveMode);
+		this.sessionRepositoryCustomizers
+				.forEach((sessionRepositoryCustomizer) -> sessionRepositoryCustomizer.customize(sessionRepository));
+		return sessionRepository;
+	}
+
+	private Hazelcast4IndexedSessionRepository createHazelcast4IndexedSessionRepository() {
+		Hazelcast4IndexedSessionRepository sessionRepository = new Hazelcast4IndexedSessionRepository(
+				this.hazelcastInstance);
+		sessionRepository.setApplicationEventPublisher(this.applicationEventPublisher);
+		if (this.indexResolver != null) {
+			sessionRepository.setIndexResolver(this.indexResolver);
+		}
+		if (StringUtils.hasText(this.sessionMapName)) {
+			sessionRepository.setSessionMapName(this.sessionMapName);
+		}
+		sessionRepository.setDefaultMaxInactiveInterval(this.maxInactiveIntervalInSeconds);
+		sessionRepository.setFlushMode(this.flushMode);
+		sessionRepository.setSaveMode(this.saveMode);
+		this.hazelcast4SessionRepositoryCustomizers
+				.forEach((sessionRepositoryCustomizer) -> sessionRepositoryCustomizer.customize(sessionRepository));
+		return sessionRepository;
+	}
+
 }

spring-session-hazelcast/src/test/java/org/springframework/session/hazelcast/HazelcastIndexedSessionRepositoryTests.java

@@ -54,7 +54,7 @@ import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.verifyZeroInteractions;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
 
 /**
  * Tests for {@link HazelcastIndexedSessionRepository}.
@@ -99,7 +99,7 @@ class HazelcastIndexedSessionRepositoryTests {
 		HazelcastSession session = this.repository.createSession();
 
 		assertThat(session.getMaxInactiveInterval()).isEqualTo(new MapSession().getMaxInactiveInterval());
-		verifyZeroInteractions(this.sessions);
+		verifyNoMoreInteractions(this.sessions);
 	}
 
 	@Test
@@ -112,7 +112,7 @@ class HazelcastIndexedSessionRepositoryTests {
 		HazelcastSession session = this.repository.createSession();
 
 		assertThat(session.getMaxInactiveInterval()).isEqualTo(Duration.ofSeconds(interval));
-		verifyZeroInteractions(this.sessions);
+		verifyNoMoreInteractions(this.sessions);
 	}
 
 	@Test
@@ -120,12 +120,12 @@ class HazelcastIndexedSessionRepositoryTests {
 		verify(this.sessions, times(1)).addEntryListener(any(MapListener.class), anyBoolean());
 
 		HazelcastSession session = this.repository.createSession();
-		verifyZeroInteractions(this.sessions);
+		verifyNoMoreInteractions(this.sessions);
 
 		this.repository.save(session);
 		verify(this.sessions, times(1)).set(eq(session.getId()), eq(session.getDelegate()), isA(Long.class),
 				eq(TimeUnit.SECONDS));
-		verifyZeroInteractions(this.sessions);
+		verifyNoMoreInteractions(this.sessions);
 	}
 
 	@Test
@@ -137,7 +137,7 @@ class HazelcastIndexedSessionRepositoryTests {
 		HazelcastSession session = this.repository.createSession();
 		verify(this.sessions, times(1)).set(eq(session.getId()), eq(session.getDelegate()), isA(Long.class),
 				eq(TimeUnit.SECONDS));
-		verifyZeroInteractions(this.sessions);
+		verifyNoMoreInteractions(this.sessions);
 	}
 
 	@Test
@@ -146,12 +146,12 @@ class HazelcastIndexedSessionRepositoryTests {
 
 		HazelcastSession session = this.repository.createSession();
 		session.setAttribute("testName", "testValue");
-		verifyZeroInteractions(this.sessions);
+		verifyNoMoreInteractions(this.sessions);
 
 		this.repository.save(session);
 		verify(this.sessions, times(1)).set(eq(session.getId()), eq(session.getDelegate()), isA(Long.class),
 				eq(TimeUnit.SECONDS));
-		verifyZeroInteractions(this.sessions);
+		verifyNoMoreInteractions(this.sessions);
 	}
 
 	@Test
@@ -167,7 +167,7 @@ class HazelcastIndexedSessionRepositoryTests {
 		verify(this.sessions, times(1)).executeOnKey(eq(session.getId()), any(EntryProcessor.class));
 
 		this.repository.save(session);
-		verifyZeroInteractions(this.sessions);
+		verifyNoMoreInteractions(this.sessions);
 	}
 
 	@Test
@@ -176,12 +176,12 @@ class HazelcastIndexedSessionRepositoryTests {
 
 		HazelcastSession session = this.repository.createSession();
 		session.removeAttribute("testName");
-		verifyZeroInteractions(this.sessions);
+		verifyNoMoreInteractions(this.sessions);
 
 		this.repository.save(session);
 		verify(this.sessions, times(1)).set(eq(session.getId()), eq(session.getDelegate()), isA(Long.class),
 				eq(TimeUnit.SECONDS));
-		verifyZeroInteractions(this.sessions);
+		verifyNoMoreInteractions(this.sessions);
 	}
 
 	@Test
@@ -197,7 +197,7 @@ class HazelcastIndexedSessionRepositoryTests {
 		verify(this.sessions, times(1)).executeOnKey(eq(session.getId()), any(EntryProcessor.class));
 
 		this.repository.save(session);
-		verifyZeroInteractions(this.sessions);
+		verifyNoMoreInteractions(this.sessions);
 	}
 
 	@Test
@@ -206,12 +206,12 @@ class HazelcastIndexedSessionRepositoryTests {
 
 		HazelcastSession session = this.repository.createSession();
 		session.setLastAccessedTime(Instant.now());
-		verifyZeroInteractions(this.sessions);
+		verifyNoMoreInteractions(this.sessions);
 
 		this.repository.save(session);
 		verify(this.sessions, times(1)).set(eq(session.getId()), eq(session.getDelegate()), isA(Long.class),
 				eq(TimeUnit.SECONDS));
-		verifyZeroInteractions(this.sessions);
+		verifyNoMoreInteractions(this.sessions);
 	}
 
 	@Test
@@ -227,7 +227,7 @@ class HazelcastIndexedSessionRepositoryTests {
 		verify(this.sessions, times(1)).executeOnKey(eq(session.getId()), any(EntryProcessor.class));
 
 		this.repository.save(session);
-		verifyZeroInteractions(this.sessions);
+		verifyNoMoreInteractions(this.sessions);
 	}
 
 	@Test
@@ -236,12 +236,12 @@ class HazelcastIndexedSessionRepositoryTests {
 
 		HazelcastSession session = this.repository.createSession();
 		session.setMaxInactiveInterval(Duration.ofSeconds(1));
-		verifyZeroInteractions(this.sessions);
+		verifyNoMoreInteractions(this.sessions);
 
 		this.repository.save(session);
 		verify(this.sessions, times(1)).set(eq(session.getId()), eq(session.getDelegate()), isA(Long.class),
 				eq(TimeUnit.SECONDS));
-		verifyZeroInteractions(this.sessions);
+		verifyNoMoreInteractions(this.sessions);
 	}
 
 	@Test
@@ -259,7 +259,7 @@ class HazelcastIndexedSessionRepositoryTests {
 		verify(this.sessions, times(1)).executeOnKey(eq(sessionId), any(EntryProcessor.class));
 
 		this.repository.save(session);
-		verifyZeroInteractions(this.sessions);
+		verifyNoMoreInteractions(this.sessions);
 	}
 
 	@Test
@@ -272,7 +272,7 @@ class HazelcastIndexedSessionRepositoryTests {
 				eq(TimeUnit.SECONDS));
 
 		this.repository.save(session);
-		verifyZeroInteractions(this.sessions);
+		verifyNoMoreInteractions(this.sessions);
 	}
 
 	@Test
@@ -286,7 +286,7 @@ class HazelcastIndexedSessionRepositoryTests {
 				eq(TimeUnit.SECONDS));
 
 		this.repository.save(session);
-		verifyZeroInteractions(this.sessions);
+		verifyNoMoreInteractions(this.sessions);
 	}
 
 	@Test
@@ -299,7 +299,7 @@ class HazelcastIndexedSessionRepositoryTests {
 
 		assertThat(session).isNull();
 		verify(this.sessions, times(1)).get(eq(sessionId));
-		verifyZeroInteractions(this.sessions);
+		verifyNoMoreInteractions(this.sessions);
 	}
 
 	@Test
@@ -315,7 +315,7 @@ class HazelcastIndexedSessionRepositoryTests {
 		assertThat(session).isNull();
 		verify(this.sessions, times(1)).get(eq(expired.getId()));
 		verify(this.sessions, times(1)).remove(eq(expired.getId()));
-		verifyZeroInteractions(this.sessions);
+		verifyNoMoreInteractions(this.sessions);
 	}
 
 	@Test
@@ -331,7 +331,7 @@ class HazelcastIndexedSessionRepositoryTests {
 		assertThat(session.getId()).isEqualTo(saved.getId());
 		assertThat(session.<String>getAttribute("savedName")).isEqualTo("savedValue");
 		verify(this.sessions, times(1)).get(eq(saved.getId()));
-		verifyZeroInteractions(this.sessions);
+		verifyNoMoreInteractions(this.sessions);
 	}
 
 	@Test
@@ -343,7 +343,7 @@ class HazelcastIndexedSessionRepositoryTests {
 		this.repository.deleteById(sessionId);
 
 		verify(this.sessions, times(1)).remove(eq(sessionId));
-		verifyZeroInteractions(this.sessions);
+		verifyNoMoreInteractions(this.sessions);
 	}
 
 	@Test
@@ -356,7 +356,7 @@ class HazelcastIndexedSessionRepositoryTests {
 				indexValue);
 
 		assertThat(sessions).isEmpty();
-		verifyZeroInteractions(this.sessions);
+		verifyNoMoreInteractions(this.sessions);
 	}
 
 	@Test
@@ -370,7 +370,7 @@ class HazelcastIndexedSessionRepositoryTests {
 
 		assertThat(sessions).isEmpty();
 		verify(this.sessions, times(1)).values(isA(EqualPredicate.class));
-		verifyZeroInteractions(this.sessions);
+		verifyNoMoreInteractions(this.sessions);
 	}
 
 	@Test
@@ -394,7 +394,7 @@ class HazelcastIndexedSessionRepositoryTests {
 
 		assertThat(sessions).hasSize(2);
 		verify(this.sessions, times(1)).values(isA(EqualPredicate.class));
-		verifyZeroInteractions(this.sessions);
+		verifyNoMoreInteractions(this.sessions);
 	}
 
 	@Test // gh-1120
@@ -426,7 +426,7 @@ class HazelcastIndexedSessionRepositoryTests {
 		ArgumentCaptor<SessionUpdateEntryProcessor> captor = ArgumentCaptor.forClass(SessionUpdateEntryProcessor.class);
 		verify(this.sessions).executeOnKey(eq(session.getId()), captor.capture());
 		assertThat((Map<String, Object>) ReflectionTestUtils.getField(captor.getValue(), "delta")).hasSize(1);
-		verifyZeroInteractions(this.sessions);
+		verifyNoMoreInteractions(this.sessions);
 	}
 
 	@Test
@@ -445,7 +445,7 @@ class HazelcastIndexedSessionRepositoryTests {
 		ArgumentCaptor<SessionUpdateEntryProcessor> captor = ArgumentCaptor.forClass(SessionUpdateEntryProcessor.class);
 		verify(this.sessions).executeOnKey(eq(session.getId()), captor.capture());
 		assertThat((Map<String, Object>) ReflectionTestUtils.getField(captor.getValue(), "delta")).hasSize(2);
-		verifyZeroInteractions(this.sessions);
+		verifyNoMoreInteractions(this.sessions);
 	}
 
 	@Test
@@ -464,7 +464,7 @@ class HazelcastIndexedSessionRepositoryTests {
 		ArgumentCaptor<SessionUpdateEntryProcessor> captor = ArgumentCaptor.forClass(SessionUpdateEntryProcessor.class);
 		verify(this.sessions).executeOnKey(eq(session.getId()), captor.capture());
 		assertThat((Map<String, Object>) ReflectionTestUtils.getField(captor.getValue(), "delta")).hasSize(3);
-		verifyZeroInteractions(this.sessions);
+		verifyNoMoreInteractions(this.sessions);
 	}
 
 }

spring-session-hazelcast/src/test/java/org/springframework/session/hazelcast/HazelcastSessionSerializerTests.java

@@ -0,0 +1,99 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.hazelcast;
+
+import java.io.Serializable;
+import java.time.Duration;
+import java.time.Instant;
+
+import com.hazelcast.config.SerializationConfig;
+import com.hazelcast.config.SerializerConfig;
+import com.hazelcast.internal.serialization.impl.DefaultSerializationServiceBuilder;
+import com.hazelcast.nio.serialization.Data;
+import com.hazelcast.spi.serialization.SerializationService;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+
+import org.springframework.session.MapSession;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+class HazelcastSessionSerializerTests {
+
+	private SerializationService serializationService;
+
+	@BeforeEach
+	void setUp() {
+		SerializationConfig serializationConfig = new SerializationConfig();
+		SerializerConfig serializerConfig = new SerializerConfig().setImplementation(new HazelcastSessionSerializer())
+				.setTypeClass(MapSession.class);
+		serializationConfig.addSerializerConfig(serializerConfig);
+		this.serializationService = new DefaultSerializationServiceBuilder().setConfig(serializationConfig).build();
+	}
+
+	@Test
+	void serializeSessionWithStreamSerializer() {
+		MapSession originalSession = new MapSession();
+		originalSession.setAttribute("attr1", "value1");
+		originalSession.setAttribute("attr2", "value2");
+		originalSession.setAttribute("attr3", new SerializableTestAttribute(3));
+		originalSession.setMaxInactiveInterval(Duration.ofDays(5));
+		originalSession.setLastAccessedTime(Instant.now());
+		originalSession.setId("custom-id");
+
+		Data serialized = this.serializationService.toData(originalSession);
+		MapSession cached = this.serializationService.toObject(serialized);
+
+		assertThat(originalSession.getCreationTime()).isEqualTo(cached.getCreationTime());
+		assertThat(originalSession.getMaxInactiveInterval()).isEqualTo(cached.getMaxInactiveInterval());
+		assertThat(originalSession.getId()).isEqualTo(cached.getId());
+		assertThat(originalSession.getOriginalId()).isEqualTo(cached.getOriginalId());
+		assertThat(originalSession.getAttributeNames().size()).isEqualTo(cached.getAttributeNames().size());
+		assertThat(originalSession.<String>getAttribute("attr1")).isEqualTo(cached.getAttribute("attr1"));
+		assertThat(originalSession.<String>getAttribute("attr2")).isEqualTo(cached.getAttribute("attr2"));
+		assertThat(originalSession.<SerializableTestAttribute>getAttribute("attr3"))
+				.isEqualTo(cached.getAttribute("attr3"));
+	}
+
+	static class SerializableTestAttribute implements Serializable {
+
+		private int id;
+
+		SerializableTestAttribute(int id) {
+			this.id = id;
+		}
+
+		@Override
+		public boolean equals(Object o) {
+			if (this == o) {
+				return true;
+			}
+			if (!(o instanceof SerializableTestAttribute)) {
+				return false;
+			}
+			SerializableTestAttribute that = (SerializableTestAttribute) o;
+			return this.id == that.id;
+		}
+
+		@Override
+		public int hashCode() {
+			return this.id;
+		}
+
+	}
+
+}

spring-session-jdbc/src/integration-test/java/org/springframework/session/jdbc/AbstractJdbcIndexedSessionRepositoryITests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2020 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -29,8 +29,15 @@ import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Bean;
+import org.springframework.dao.DuplicateKeyException;
+import org.springframework.jdbc.core.JdbcOperations;
+import org.springframework.jdbc.core.JdbcTemplate;
 import org.springframework.jdbc.datasource.DataSourceTransactionManager;
+import org.springframework.jdbc.support.lob.DefaultLobHandler;
+import org.springframework.jdbc.support.lob.LobCreator;
+import org.springframework.jdbc.support.lob.LobHandler;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.AuthorityUtils;
@@ -38,6 +45,7 @@ import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.session.FindByIndexNameSessionRepository;
 import org.springframework.session.MapSession;
+import org.springframework.session.config.SessionRepositoryCustomizer;
 import org.springframework.session.jdbc.JdbcIndexedSessionRepository.JdbcSession;
 import org.springframework.session.jdbc.config.annotation.web.http.EnableJdbcHttpSession;
 import org.springframework.test.util.ReflectionTestUtils;
@@ -45,6 +53,8 @@ import org.springframework.transaction.PlatformTransactionManager;
 import org.springframework.transaction.annotation.Transactional;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * Base class for {@link JdbcIndexedSessionRepository} integration tests.
@@ -57,15 +67,27 @@ abstract class AbstractJdbcIndexedSessionRepositoryITests {
 
 	private static final String INDEX_NAME = FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME;
 
+	@Autowired
+	private ApplicationContext applicationContext;
+
+	@Autowired
+	private DataSource dataSource;
+
 	@Autowired
 	private JdbcIndexedSessionRepository repository;
 
+	private JdbcOperations jdbcOperations;
+
+	private LobHandler lobHandler;
+
 	private SecurityContext context;
 
 	private SecurityContext changedContext;
 
 	@BeforeEach
 	void setUp() {
+		this.jdbcOperations = new JdbcTemplate(this.dataSource);
+		this.lobHandler = new DefaultLobHandler();
 		this.context = SecurityContextHolder.createEmptyContext();
 		this.context.setAuthentication(new UsernamePasswordAuthenticationToken("username-" + UUID.randomUUID(), "na",
 				AuthorityUtils.createAuthorityList("ROLE_USER")));
@@ -564,6 +586,18 @@ abstract class AbstractJdbcIndexedSessionRepositoryITests {
 		assertThat(this.repository.findById(session.getId())).isNull();
 	}
 
+	@Test
+	void cleanupExpiredSessionsWhenMaxInactiveIntervalNegativeThenSessionNotDeleted() {
+		JdbcSession session = this.repository.createSession();
+		session.setMaxInactiveInterval(Duration.ofSeconds(-1));
+		session.setLastAccessedTime(Instant.now().minusSeconds(MapSession.DEFAULT_MAX_INACTIVE_INTERVAL_SECONDS + 1));
+
+		this.repository.save(session);
+		this.repository.cleanUpExpiredSessions();
+
+		assertThat(this.repository.findById(session.getId())).isNotNull();
+	}
+
 	@Test
 	void changeSessionIdWhenOnlyChangeId() {
 		String attrName = "changeSessionId";
@@ -759,6 +793,32 @@ abstract class AbstractJdbcIndexedSessionRepositoryITests {
 		assertThat((byte[]) session.getAttribute(attributeName)).hasSize(arraySize);
 	}
 
+	@Test // gh-1213
+	void saveNewSessionAttributeConcurrently() {
+		JdbcSession session = this.repository.createSession();
+		this.repository.save(session);
+		String attributeName = "attribute1";
+		String attributeValue = "value1";
+		try (LobCreator lobCreator = this.lobHandler.getLobCreator()) {
+			this.jdbcOperations.update("INSERT INTO SPRING_SESSION_ATTRIBUTES VALUES (?, ?, ?)", (ps) -> {
+				ps.setString(1, (String) ReflectionTestUtils.getField(session, "primaryKey"));
+				ps.setString(2, attributeName);
+				lobCreator.setBlobAsBytes(ps, 3, "value2".getBytes());
+			});
+		}
+		session.setAttribute(attributeName, attributeValue);
+		if (this.applicationContext.getBeansOfType(SessionRepositoryCustomizer.class).isEmpty()) {
+			// without DB specific upsert configured we're seeing duplicate key error
+			assertThatExceptionOfType(DuplicateKeyException.class).isThrownBy(() -> this.repository.save(session));
+		}
+		else {
+			// with DB specific upsert configured we're fine
+			assertThatCode(() -> this.repository.save(session)).doesNotThrowAnyException();
+			assertThat((String) this.repository.findById(session.getId()).getAttribute(attributeName))
+					.isEqualTo(attributeValue);
+		}
+	}
+
 	private String getSecurityName() {
 		return this.context.getAuthentication().getName();
 	}

spring-session-jdbc/src/integration-test/java/org/springframework/session/jdbc/DatabaseContainers.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2020 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,7 +17,6 @@
 package org.springframework.session.jdbc;
 
 import java.time.Duration;
-import java.time.temporal.ChronoUnit;
 
 import org.testcontainers.containers.Db2Container;
 import org.testcontainers.containers.JdbcDatabaseContainer;
@@ -38,169 +37,42 @@ final class DatabaseContainers {
 	private DatabaseContainers() {
 	}
 
-	static Db211Container db211() {
-		return new Db211Container();
+	static Db2Container db2() {
+		return new Db2Container("ibmcom/db2:11.5.4.0");
 	}
 
-	static MariaDBContainer mariaDb5() {
-		return new MariaDb5Container();
+	static MariaDBContainer<?> mariaDb() {
+		return new MariaDBContainer<>("mariadb:10.6.4");
 	}
 
-	static MariaDBContainer mariaDb10() {
-		return new MariaDb10Container();
+	static MySQLContainer<?> mySql() {
+		return new MySQLContainer<>("mysql:8.0.26");
 	}
 
-	static MySQLContainer mySql5() {
-		return new MySql5Container();
+	static OracleContainer oracle() {
+		return new OracleContainer() {
+
+			@Override
+			protected void configure() {
+				this.waitStrategy = new LogMessageWaitStrategy().withRegEx(".*DATABASE IS READY TO USE!.*\\s")
+						.withStartupTimeout(Duration.ofMinutes(10));
+				addEnv("ORACLE_PWD", getPassword());
+			}
+
+			@Override
+			protected void waitUntilContainerStarted() {
+				getWaitStrategy().waitUntilReady(this);
+			}
+
+		};
 	}
 
-	static MySQLContainer mySql8() {
-		return new MySql8Container();
+	static PostgreSQLContainer<?> postgreSql() {
+		return new PostgreSQLContainer<>("postgres:13.3");
 	}
 
-	static OracleXeContainer oracleXe() {
-		return new OracleXeContainer();
-	}
-
-	static PostgreSQLContainer postgreSql9() {
-		return new PostgreSql9Container();
-	}
-
-	static PostgreSQLContainer postgreSql10() {
-		return new PostgreSql10Container();
-	}
-
-	static PostgreSQLContainer postgreSql11() {
-		return new PostgreSql11Container();
-	}
-
-	static MSSQLServerContainer sqlServer2017() {
-		return new SqlServer2017Container();
-	}
-
-	private static class Db211Container extends Db2Container {
-
-		Db211Container() {
-			super("ibmcom/db2:11.5.0.0a");
-		}
-
-	}
-
-	private static class MariaDb5Container extends MariaDBContainer<MariaDb5Container> {
-
-		MariaDb5Container() {
-			super("mariadb:5.5.64");
-		}
-
-		@Override
-		protected void configure() {
-			super.configure();
-			setCommand("mysqld", "--character-set-server=utf8mb4", "--collation-server=utf8mb4_unicode_ci",
-					"--innodb_large_prefix", "--innodb_file_format=barracuda", "--innodb-file-per-table");
-		}
-
-	}
-
-	private static class MariaDb10Container extends MariaDBContainer<MariaDb10Container> {
-
-		MariaDb10Container() {
-			super("mariadb:10.4.8");
-		}
-
-		@Override
-		protected void configure() {
-			super.configure();
-			setCommand("mysqld", "--character-set-server=utf8mb4", "--collation-server=utf8mb4_unicode_ci");
-		}
-
-	}
-
-	private static class MySql5Container extends MySQLContainer<MySql5Container> {
-
-		MySql5Container() {
-			super("mysql:5.7.27");
-		}
-
-		@Override
-		protected void configure() {
-			super.configure();
-			setCommand("mysqld", "--character-set-server=utf8mb4", "--collation-server=utf8mb4_unicode_ci");
-		}
-
-		@Override
-		public String getDriverClassName() {
-			return "com.mysql.cj.jdbc.Driver";
-		}
-
-	}
-
-	private static class MySql8Container extends MySQLContainer<MySql8Container> {
-
-		MySql8Container() {
-			super("mysql:8.0.17");
-		}
-
-		@Override
-		protected void configure() {
-			super.configure();
-			setCommand("mysqld", "--default-authentication-plugin=mysql_native_password");
-		}
-
-		@Override
-		public String getDriverClassName() {
-			return "com.mysql.cj.jdbc.Driver";
-		}
-
-	}
-
-	private static class OracleXeContainer extends OracleContainer {
-
-		@Override
-		protected void configure() {
-			super.configure();
-			this.waitStrategy = new LogMessageWaitStrategy().withRegEx(".*DATABASE IS READY TO USE!.*\\s")
-					.withStartupTimeout(Duration.of(10, ChronoUnit.MINUTES));
-			setShmSize(1024L * 1024L * 1024L);
-			addEnv("ORACLE_PWD", getPassword());
-		}
-
-		@Override
-		protected void waitUntilContainerStarted() {
-			getWaitStrategy().waitUntilReady(this);
-		}
-
-	}
-
-	private static class PostgreSql9Container extends PostgreSQLContainer<PostgreSql9Container> {
-
-		PostgreSql9Container() {
-			super("postgres:9.6.15");
-		}
-
-	}
-
-	private static class PostgreSql10Container extends PostgreSQLContainer<PostgreSql10Container> {
-
-		PostgreSql10Container() {
-			super("postgres:10.10");
-		}
-
-	}
-
-	private static class PostgreSql11Container extends PostgreSQLContainer<PostgreSql11Container> {
-
-		PostgreSql11Container() {
-			super("postgres:11.5");
-		}
-
-	}
-
-	private static class SqlServer2017Container extends MSSQLServerContainer<SqlServer2017Container> {
-
-		SqlServer2017Container() {
-			super("mcr.microsoft.com/mssql/server:2017-CU16");
-		}
-
+	static MSSQLServerContainer<?> sqlServer() {
+		return new MSSQLServerContainer<>("mcr.microsoft.com/mssql/server:2019-CU8-ubuntu-16.04");
 	}
 
 }

spring-session-jdbc/src/integration-test/java/org/springframework/session/jdbc/Db2JdbcIndexedSessionRepositoryCustomizerITests.java

@@ -0,0 +1,48 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.jdbc;
+
+import org.junit.jupiter.api.extension.ExtendWith;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.context.web.WebAppConfiguration;
+
+/**
+ * Integration tests for {@link JdbcIndexedSessionRepository} using IBM DB2 database with
+ * {@link Db2JdbcIndexedSessionRepositoryCustomizer}.
+ *
+ * @author Vedran Pavic
+ */
+@ExtendWith(SpringExtension.class)
+@WebAppConfiguration
+@ContextConfiguration
+class Db2JdbcIndexedSessionRepositoryCustomizerITests extends Db2JdbcIndexedSessionRepositoryITests {
+
+	@Configuration
+	static class CustomizerConfig extends Config {
+
+		@Bean
+		Db2JdbcIndexedSessionRepositoryCustomizer db2JdbcIndexedSessionRepositoryCustomizer() {
+			return new Db2JdbcIndexedSessionRepositoryCustomizer();
+		}
+
+	}
+
+}

spring-session-jdbc/src/integration-test/java/org/springframework/session/jdbc/Db2JdbcIndexedSessionRepositoryITests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2020 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -27,21 +27,21 @@ import org.springframework.test.context.junit.jupiter.SpringExtension;
 import org.springframework.test.context.web.WebAppConfiguration;
 
 /**
- * Integration tests for {@link JdbcIndexedSessionRepository} using IBM DB2 11.x database.
+ * Integration tests for {@link JdbcIndexedSessionRepository} using IBM DB2 database.
  *
  * @author Vedran Pavic
  */
 @ExtendWith(SpringExtension.class)
 @WebAppConfiguration
 @ContextConfiguration
-class Db211JdbcIndexedSessionRepositoryITests extends AbstractContainerJdbcIndexedSessionRepositoryITests {
+class Db2JdbcIndexedSessionRepositoryITests extends AbstractContainerJdbcIndexedSessionRepositoryITests {
 
 	@Configuration
 	static class Config extends BaseContainerConfig {
 
 		@Bean
 		Db2Container databaseContainer() {
-			Db2Container databaseContainer = DatabaseContainers.db211();
+			Db2Container databaseContainer = DatabaseContainers.db2();
 			databaseContainer.start();
 			return databaseContainer;
 		}

spring-session-jdbc/src/integration-test/java/org/springframework/session/jdbc/MariaDb10JdbcIndexedSessionRepositoryITests.java

@@ -1,56 +0,0 @@
-/*
- * Copyright 2014-2019 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.session.jdbc;
-
-import org.junit.jupiter.api.extension.ExtendWith;
-import org.testcontainers.containers.MariaDBContainer;
-
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.jdbc.datasource.init.ResourceDatabasePopulator;
-import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit.jupiter.SpringExtension;
-import org.springframework.test.context.web.WebAppConfiguration;
-
-/**
- * Integration tests for {@link JdbcIndexedSessionRepository} using MariaDB 10.x database.
- *
- * @author Vedran Pavic
- */
-@ExtendWith(SpringExtension.class)
-@WebAppConfiguration
-@ContextConfiguration
-class MariaDb10JdbcIndexedSessionRepositoryITests extends AbstractContainerJdbcIndexedSessionRepositoryITests {
-
-	@Configuration
-	static class Config extends BaseContainerConfig {
-
-		@Bean
-		MariaDBContainer databaseContainer() {
-			MariaDBContainer databaseContainer = DatabaseContainers.mariaDb10();
-			databaseContainer.start();
-			return databaseContainer;
-		}
-
-		@Bean
-		ResourceDatabasePopulator databasePopulator() {
-			return DatabasePopulators.mySql();
-		}
-
-	}
-
-}

spring-session-jdbc/src/integration-test/java/org/springframework/session/jdbc/MariaDbJdbcIndexedSessionRepositoryCustomizerITests.java

@@ -0,0 +1,48 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.jdbc;
+
+import org.junit.jupiter.api.extension.ExtendWith;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.context.web.WebAppConfiguration;
+
+/**
+ * Integration tests for {@link JdbcIndexedSessionRepository} using MariaDB database with
+ * {@link MySqlJdbcIndexedSessionRepositoryCustomizer}.
+ *
+ * @author Vedran Pavic
+ */
+@ExtendWith(SpringExtension.class)
+@WebAppConfiguration
+@ContextConfiguration
+class MariaDbJdbcIndexedSessionRepositoryCustomizerITests extends MariaDbJdbcIndexedSessionRepositoryITests {
+
+	@Configuration
+	static class CustomizerConfig extends Config {
+
+		@Bean
+		MySqlJdbcIndexedSessionRepositoryCustomizer mySqlJdbcIndexedSessionRepositoryCustomizer() {
+			return new MySqlJdbcIndexedSessionRepositoryCustomizer();
+		}
+
+	}
+
+}

spring-session-jdbc/src/integration-test/java/org/springframework/session/jdbc/MariaDbJdbcIndexedSessionRepositoryITests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2020 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -27,21 +27,21 @@ import org.springframework.test.context.junit.jupiter.SpringExtension;
 import org.springframework.test.context.web.WebAppConfiguration;
 
 /**
- * Integration tests for {@link JdbcIndexedSessionRepository} using MariaDB 5.x database.
+ * Integration tests for {@link JdbcIndexedSessionRepository} using MariaDB database.
  *
  * @author Vedran Pavic
  */
 @ExtendWith(SpringExtension.class)
 @WebAppConfiguration
 @ContextConfiguration
-class MariaDb5JdbcIndexedSessionRepositoryITests extends AbstractContainerJdbcIndexedSessionRepositoryITests {
+class MariaDbJdbcIndexedSessionRepositoryITests extends AbstractContainerJdbcIndexedSessionRepositoryITests {
 
 	@Configuration
 	static class Config extends BaseContainerConfig {
 
 		@Bean
-		MariaDBContainer databaseContainer() {
-			MariaDBContainer databaseContainer = DatabaseContainers.mariaDb5();
+		MariaDBContainer<?> databaseContainer() {
+			MariaDBContainer<?> databaseContainer = DatabaseContainers.mariaDb();
 			databaseContainer.start();
 			return databaseContainer;
 		}

spring-session-jdbc/src/integration-test/java/org/springframework/session/jdbc/MySqlJdbcIndexedSessionRepositoryCustomizerITests.java

@@ -0,0 +1,48 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.jdbc;
+
+import org.junit.jupiter.api.extension.ExtendWith;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.context.web.WebAppConfiguration;
+
+/**
+ * Integration tests for {@link JdbcIndexedSessionRepository} using MySQL database with
+ * {@link MySqlJdbcIndexedSessionRepositoryCustomizer}.
+ *
+ * @author Vedran Pavic
+ */
+@ExtendWith(SpringExtension.class)
+@WebAppConfiguration
+@ContextConfiguration
+class MySqlJdbcIndexedSessionRepositoryCustomizerITests extends MySqlJdbcIndexedSessionRepositoryITests {
+
+	@Configuration
+	static class CustomizerConfig extends Config {
+
+		@Bean
+		MySqlJdbcIndexedSessionRepositoryCustomizer mySqlJdbcIndexedSessionRepositoryCustomizer() {
+			return new MySqlJdbcIndexedSessionRepositoryCustomizer();
+		}
+
+	}
+
+}

spring-session-jdbc/src/integration-test/java/org/springframework/session/jdbc/MySqlJdbcIndexedSessionRepositoryITests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2020 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -27,21 +27,21 @@ import org.springframework.test.context.junit.jupiter.SpringExtension;
 import org.springframework.test.context.web.WebAppConfiguration;
 
 /**
- * Integration tests for {@link JdbcIndexedSessionRepository} using MySQL 8.x database.
+ * Integration tests for {@link JdbcIndexedSessionRepository} using MySQL database.
  *
  * @author Vedran Pavic
  */
 @ExtendWith(SpringExtension.class)
 @WebAppConfiguration
 @ContextConfiguration
-class MySql8JdbcIndexedSessionRepositoryITests extends AbstractContainerJdbcIndexedSessionRepositoryITests {
+class MySqlJdbcIndexedSessionRepositoryITests extends AbstractContainerJdbcIndexedSessionRepositoryITests {
 
 	@Configuration
 	static class Config extends BaseContainerConfig {
 
 		@Bean
-		MySQLContainer databaseContainer() {
-			MySQLContainer databaseContainer = DatabaseContainers.mySql8();
+		MySQLContainer<?> databaseContainer() {
+			MySQLContainer<?> databaseContainer = DatabaseContainers.mySql();
 			databaseContainer.start();
 			return databaseContainer;
 		}

spring-session-jdbc/src/integration-test/java/org/springframework/session/jdbc/OracleJdbcIndexedSessionRepositoryCustomizerITests.java

@@ -0,0 +1,48 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.jdbc;
+
+import org.junit.jupiter.api.extension.ExtendWith;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.context.web.WebAppConfiguration;
+
+/**
+ * Integration tests for {@link JdbcIndexedSessionRepository} using Oracle database with
+ * {@link OracleJdbcIndexedSessionRepositoryCustomizer}.
+ *
+ * @author Vedran Pavic
+ */
+@ExtendWith(SpringExtension.class)
+@WebAppConfiguration
+@ContextConfiguration
+class OracleJdbcIndexedSessionRepositoryCustomizerITests extends OracleJdbcIndexedSessionRepositoryITests {
+
+	@Configuration
+	static class CustomizerConfig extends Config {
+
+		@Bean
+		OracleJdbcIndexedSessionRepositoryCustomizer oracleJdbcIndexedSessionRepositoryCustomizer() {
+			return new OracleJdbcIndexedSessionRepositoryCustomizer();
+		}
+
+	}
+
+}

spring-session-jdbc/src/integration-test/java/org/springframework/session/jdbc/OracleJdbcIndexedSessionRepositoryITests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2020 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -54,7 +54,7 @@ class OracleJdbcIndexedSessionRepositoryITests extends AbstractContainerJdbcInde
 
 		@Bean
 		OracleContainer databaseContainer() {
-			OracleContainer databaseContainer = DatabaseContainers.oracleXe();
+			OracleContainer databaseContainer = DatabaseContainers.oracle();
 			databaseContainer.start();
 			return databaseContainer;
 		}

spring-session-jdbc/src/integration-test/java/org/springframework/session/jdbc/PostgreSql10JdbcIndexedSessionRepositoryITests.java

@@ -1,57 +0,0 @@
-/*
- * Copyright 2014-2019 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.session.jdbc;
-
-import org.junit.jupiter.api.extension.ExtendWith;
-import org.testcontainers.containers.PostgreSQLContainer;
-
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.jdbc.datasource.init.ResourceDatabasePopulator;
-import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit.jupiter.SpringExtension;
-import org.springframework.test.context.web.WebAppConfiguration;
-
-/**
- * Integration tests for {@link JdbcIndexedSessionRepository} using PostgreSQL 10.x
- * database.
- *
- * @author Vedran Pavic
- */
-@ExtendWith(SpringExtension.class)
-@WebAppConfiguration
-@ContextConfiguration
-class PostgreSql10JdbcIndexedSessionRepositoryITests extends AbstractContainerJdbcIndexedSessionRepositoryITests {
-
-	@Configuration
-	static class Config extends BaseContainerConfig {
-
-		@Bean
-		PostgreSQLContainer databaseContainer() {
-			PostgreSQLContainer databaseContainer = DatabaseContainers.postgreSql10();
-			databaseContainer.start();
-			return databaseContainer;
-		}
-
-		@Bean
-		ResourceDatabasePopulator databasePopulator() {
-			return DatabasePopulators.postgreSql();
-		}
-
-	}
-
-}

spring-session-jdbc/src/integration-test/java/org/springframework/session/jdbc/PostgreSql11JdbcIndexedSessionRepositoryITests.java

@@ -1,57 +0,0 @@
-/*
- * Copyright 2014-2019 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.session.jdbc;
-
-import org.junit.jupiter.api.extension.ExtendWith;
-import org.testcontainers.containers.PostgreSQLContainer;
-
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.jdbc.datasource.init.ResourceDatabasePopulator;
-import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit.jupiter.SpringExtension;
-import org.springframework.test.context.web.WebAppConfiguration;
-
-/**
- * Integration tests for {@link JdbcIndexedSessionRepository} using PostgreSQL 11.x
- * database.
- *
- * @author Vedran Pavic
- */
-@ExtendWith(SpringExtension.class)
-@WebAppConfiguration
-@ContextConfiguration
-class PostgreSql11JdbcIndexedSessionRepositoryITests extends AbstractContainerJdbcIndexedSessionRepositoryITests {
-
-	@Configuration
-	static class Config extends BaseContainerConfig {
-
-		@Bean
-		PostgreSQLContainer databaseContainer() {
-			PostgreSQLContainer databaseContainer = DatabaseContainers.postgreSql11();
-			databaseContainer.start();
-			return databaseContainer;
-		}
-
-		@Bean
-		ResourceDatabasePopulator databasePopulator() {
-			return DatabasePopulators.postgreSql();
-		}
-
-	}
-
-}

spring-session-jdbc/src/integration-test/java/org/springframework/session/jdbc/PostgreSqlJdbcIndexedSessionRepositoryCustomizerITests.java

@@ -0,0 +1,48 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.jdbc;
+
+import org.junit.jupiter.api.extension.ExtendWith;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.context.web.WebAppConfiguration;
+
+/**
+ * Integration tests for {@link JdbcIndexedSessionRepository} using PostgreSQL database
+ * with {@link PostgreSqlJdbcIndexedSessionRepositoryCustomizer}.
+ *
+ * @author Vedran Pavic
+ */
+@ExtendWith(SpringExtension.class)
+@WebAppConfiguration
+@ContextConfiguration
+class PostgreSqlJdbcIndexedSessionRepositoryCustomizerITests extends PostgreSqlJdbcIndexedSessionRepositoryITests {
+
+	@Configuration
+	static class CustomizerConfig extends Config {
+
+		@Bean
+		PostgreSqlJdbcIndexedSessionRepositoryCustomizer postgreSqlJdbcIndexedSessionRepositoryCustomizer() {
+			return new PostgreSqlJdbcIndexedSessionRepositoryCustomizer();
+		}
+
+	}
+
+}

spring-session-jdbc/src/integration-test/java/org/springframework/session/jdbc/PostgreSqlJdbcIndexedSessionRepositoryITests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2020 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -27,22 +27,21 @@ import org.springframework.test.context.junit.jupiter.SpringExtension;
 import org.springframework.test.context.web.WebAppConfiguration;
 
 /**
- * Integration tests for {@link JdbcIndexedSessionRepository} using PostgreSQL 9.x
- * database.
+ * Integration tests for {@link JdbcIndexedSessionRepository} using PostgreSQL database.
  *
  * @author Vedran Pavic
  */
 @ExtendWith(SpringExtension.class)
 @WebAppConfiguration
 @ContextConfiguration
-class PostgreSql9JdbcIndexedSessionRepositoryITests extends AbstractContainerJdbcIndexedSessionRepositoryITests {
+class PostgreSqlJdbcIndexedSessionRepositoryITests extends AbstractContainerJdbcIndexedSessionRepositoryITests {
 
 	@Configuration
 	static class Config extends BaseContainerConfig {
 
 		@Bean
-		PostgreSQLContainer databaseContainer() {
-			PostgreSQLContainer databaseContainer = DatabaseContainers.postgreSql9();
+		PostgreSQLContainer<?> databaseContainer() {
+			PostgreSQLContainer<?> databaseContainer = DatabaseContainers.postgreSql();
 			databaseContainer.start();
 			return databaseContainer;
 		}

spring-session-jdbc/src/integration-test/java/org/springframework/session/jdbc/SqlServerJdbcIndexedSessionRepositoryCustomizerITests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2020 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,38 +17,30 @@
 package org.springframework.session.jdbc;
 
 import org.junit.jupiter.api.extension.ExtendWith;
-import org.testcontainers.containers.MySQLContainer;
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.jdbc.datasource.init.ResourceDatabasePopulator;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit.jupiter.SpringExtension;
 import org.springframework.test.context.web.WebAppConfiguration;
 
 /**
- * Integration tests for {@link JdbcIndexedSessionRepository} using MySQL 5.x database.
+ * Integration tests for {@link JdbcIndexedSessionRepository} using SQL Server database
+ * with {@link SqlServerJdbcIndexedSessionRepositoryCustomizer}.
  *
  * @author Vedran Pavic
  */
 @ExtendWith(SpringExtension.class)
 @WebAppConfiguration
 @ContextConfiguration
-class MySql5JdbcIndexedSessionRepositoryITests extends AbstractContainerJdbcIndexedSessionRepositoryITests {
+class SqlServerJdbcIndexedSessionRepositoryCustomizerITests extends SqlServerJdbcIndexedSessionRepositoryITests {
 
 	@Configuration
-	static class Config extends BaseContainerConfig {
+	static class CustomizerConfig extends Config {
 
 		@Bean
-		MySQLContainer databaseContainer() {
-			MySQLContainer databaseContainer = DatabaseContainers.mySql5();
-			databaseContainer.start();
-			return databaseContainer;
-		}
-
-		@Bean
-		ResourceDatabasePopulator databasePopulator() {
-			return DatabasePopulators.mySql();
+		SqlServerJdbcIndexedSessionRepositoryCustomizer sqlServerJdbcIndexedSessionRepositoryCustomizer() {
+			return new SqlServerJdbcIndexedSessionRepositoryCustomizer();
 		}
 
 	}

spring-session-jdbc/src/integration-test/java/org/springframework/session/jdbc/SqlServerJdbcIndexedSessionRepositoryITests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2020 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -41,8 +41,8 @@ class SqlServerJdbcIndexedSessionRepositoryITests extends AbstractContainerJdbcI
 	static class Config extends BaseContainerConfig {
 
 		@Bean
-		MSSQLServerContainer databaseContainer() {
-			MSSQLServerContainer databaseContainer = DatabaseContainers.sqlServer2017();
+		MSSQLServerContainer<?> databaseContainer() {
+			MSSQLServerContainer<?> databaseContainer = DatabaseContainers.sqlServer();
 			databaseContainer.start();
 			return databaseContainer;
 		}

spring-session-jdbc/src/integration-test/resources/container-license-acceptance.txt

@@ -1,2 +1,2 @@
-ibmcom/db2:11.5.0.0a
-mcr.microsoft.com/mssql/server:2017-CU16
+ibmcom/db2:11.5.4.0
+mcr.microsoft.com/mssql/server:2019-CU8-ubuntu-16.04

spring-session-jdbc/src/main/java/org/springframework/session/jdbc/Db2JdbcIndexedSessionRepositoryCustomizer.java

@@ -0,0 +1,50 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.jdbc;
+
+import org.springframework.session.config.SessionRepositoryCustomizer;
+
+/**
+ * A {@link SessionRepositoryCustomizer} implementation that applies IBM DB2 specific
+ * optimized SQL statements to {@link JdbcIndexedSessionRepository}.
+ *
+ * @author Vedran Pavic
+ * @since 2.5.0
+ */
+public class Db2JdbcIndexedSessionRepositoryCustomizer
+		implements SessionRepositoryCustomizer<JdbcIndexedSessionRepository> {
+
+	// @formatter:off
+	private static final String CREATE_SESSION_ATTRIBUTE_QUERY = ""
+			+ "MERGE INTO %TABLE_NAME%_ATTRIBUTES SA "
+			+ "USING ( "
+			+ "    VALUES (?, ?, ?) "
+			+ ") A (SESSION_PRIMARY_ID, ATTRIBUTE_NAME, ATTRIBUTE_BYTES) "
+			+ "ON (SA.SESSION_PRIMARY_ID = A.SESSION_PRIMARY_ID and SA.ATTRIBUTE_NAME = A.ATTRIBUTE_NAME) "
+			+ "WHEN MATCHED THEN "
+			+ "    UPDATE SET ATTRIBUTE_BYTES = A.ATTRIBUTE_BYTES "
+			+ "WHEN NOT MATCHED THEN "
+			+ "    INSERT (SESSION_PRIMARY_ID, ATTRIBUTE_NAME, ATTRIBUTE_BYTES) "
+			+ "    VALUES (A.SESSION_PRIMARY_ID, A.ATTRIBUTE_NAME, A.ATTRIBUTE_BYTES)";
+	// @formatter:on
+
+	@Override
+	public void customize(JdbcIndexedSessionRepository sessionRepository) {
+		sessionRepository.setCreateSessionAttributeQuery(CREATE_SESSION_ATTRIBUTE_QUERY);
+	}
+
+}

spring-session-jdbc/src/main/java/org/springframework/session/jdbc/JdbcIndexedSessionRepository.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2020 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -40,10 +40,13 @@ import org.springframework.core.convert.support.GenericConversionService;
 import org.springframework.core.serializer.support.DeserializingConverter;
 import org.springframework.core.serializer.support.SerializingConverter;
 import org.springframework.dao.DataAccessException;
+import org.springframework.dao.DataIntegrityViolationException;
+import org.springframework.dao.DuplicateKeyException;
 import org.springframework.jdbc.core.BatchPreparedStatementSetter;
 import org.springframework.jdbc.core.JdbcOperations;
 import org.springframework.jdbc.core.ResultSetExtractor;
 import org.springframework.jdbc.support.lob.DefaultLobHandler;
+import org.springframework.jdbc.support.lob.LobCreator;
 import org.springframework.jdbc.support.lob.LobHandler;
 import org.springframework.session.DelegatingIndexResolver;
 import org.springframework.session.FindByIndexNameSessionRepository;
@@ -138,55 +141,65 @@ public class JdbcIndexedSessionRepository
 	private static final String SPRING_SECURITY_CONTEXT = "SPRING_SECURITY_CONTEXT";
 
 	// @formatter:off
-	private static final String CREATE_SESSION_QUERY = "INSERT INTO %TABLE_NAME%(PRIMARY_ID, SESSION_ID, CREATION_TIME, LAST_ACCESS_TIME, MAX_INACTIVE_INTERVAL, EXPIRY_TIME, PRINCIPAL_NAME) "
+	private static final String CREATE_SESSION_QUERY = ""
+			+ "INSERT INTO %TABLE_NAME% (PRIMARY_ID, SESSION_ID, CREATION_TIME, LAST_ACCESS_TIME, MAX_INACTIVE_INTERVAL, EXPIRY_TIME, PRINCIPAL_NAME) "
 			+ "VALUES (?, ?, ?, ?, ?, ?, ?)";
 	// @formatter:on
 
 	// @formatter:off
-	private static final String CREATE_SESSION_ATTRIBUTE_QUERY = "INSERT INTO %TABLE_NAME%_ATTRIBUTES(SESSION_PRIMARY_ID, ATTRIBUTE_NAME, ATTRIBUTE_BYTES) "
-			+ "SELECT PRIMARY_ID, ?, ? "
-			+ "FROM %TABLE_NAME% "
-			+ "WHERE SESSION_ID = ?";
+	private static final String CREATE_SESSION_ATTRIBUTE_QUERY = ""
+			+ "INSERT INTO %TABLE_NAME%_ATTRIBUTES (SESSION_PRIMARY_ID, ATTRIBUTE_NAME, ATTRIBUTE_BYTES) "
+			+ "VALUES (?, ?, ?)";
 	// @formatter:on
 
 	// @formatter:off
-	private static final String GET_SESSION_QUERY = "SELECT S.PRIMARY_ID, S.SESSION_ID, S.CREATION_TIME, S.LAST_ACCESS_TIME, S.MAX_INACTIVE_INTERVAL, SA.ATTRIBUTE_NAME, SA.ATTRIBUTE_BYTES "
+	private static final String GET_SESSION_QUERY = ""
+			+ "SELECT S.PRIMARY_ID, S.SESSION_ID, S.CREATION_TIME, S.LAST_ACCESS_TIME, S.MAX_INACTIVE_INTERVAL, SA.ATTRIBUTE_NAME, SA.ATTRIBUTE_BYTES "
 			+ "FROM %TABLE_NAME% S "
-			+ "LEFT OUTER JOIN %TABLE_NAME%_ATTRIBUTES SA ON S.PRIMARY_ID = SA.SESSION_PRIMARY_ID "
+			+ "LEFT JOIN %TABLE_NAME%_ATTRIBUTES SA ON S.PRIMARY_ID = SA.SESSION_PRIMARY_ID "
 			+ "WHERE S.SESSION_ID = ?";
 	// @formatter:on
 
 	// @formatter:off
-	private static final String UPDATE_SESSION_QUERY = "UPDATE %TABLE_NAME% SET SESSION_ID = ?, LAST_ACCESS_TIME = ?, MAX_INACTIVE_INTERVAL = ?, EXPIRY_TIME = ?, PRINCIPAL_NAME = ? "
+	private static final String UPDATE_SESSION_QUERY = ""
+			+ "UPDATE %TABLE_NAME% "
+			+ "SET SESSION_ID = ?, LAST_ACCESS_TIME = ?, MAX_INACTIVE_INTERVAL = ?, EXPIRY_TIME = ?, PRINCIPAL_NAME = ? "
 			+ "WHERE PRIMARY_ID = ?";
 	// @formatter:on
 
 	// @formatter:off
-	private static final String UPDATE_SESSION_ATTRIBUTE_QUERY = "UPDATE %TABLE_NAME%_ATTRIBUTES SET ATTRIBUTE_BYTES = ? "
+	private static final String UPDATE_SESSION_ATTRIBUTE_QUERY = ""
+			+ "UPDATE %TABLE_NAME%_ATTRIBUTES "
+			+ "SET ATTRIBUTE_BYTES = ? "
 			+ "WHERE SESSION_PRIMARY_ID = ? "
 			+ "AND ATTRIBUTE_NAME = ?";
 	// @formatter:on
 
 	// @formatter:off
-	private static final String DELETE_SESSION_ATTRIBUTE_QUERY = "DELETE FROM %TABLE_NAME%_ATTRIBUTES "
+	private static final String DELETE_SESSION_ATTRIBUTE_QUERY = ""
+			+ "DELETE FROM %TABLE_NAME%_ATTRIBUTES "
 			+ "WHERE SESSION_PRIMARY_ID = ? "
 			+ "AND ATTRIBUTE_NAME = ?";
 	// @formatter:on
 
 	// @formatter:off
-	private static final String DELETE_SESSION_QUERY = "DELETE FROM %TABLE_NAME% "
-			+ "WHERE SESSION_ID = ?";
+	private static final String DELETE_SESSION_QUERY = ""
+			+ "DELETE FROM %TABLE_NAME% "
+			+ "WHERE SESSION_ID = ? "
+			+ "AND MAX_INACTIVE_INTERVAL >= 0";
 	// @formatter:on
 
 	// @formatter:off
-	private static final String LIST_SESSIONS_BY_PRINCIPAL_NAME_QUERY = "SELECT S.PRIMARY_ID, S.SESSION_ID, S.CREATION_TIME, S.LAST_ACCESS_TIME, S.MAX_INACTIVE_INTERVAL, SA.ATTRIBUTE_NAME, SA.ATTRIBUTE_BYTES "
+	private static final String LIST_SESSIONS_BY_PRINCIPAL_NAME_QUERY = ""
+			+ "SELECT S.PRIMARY_ID, S.SESSION_ID, S.CREATION_TIME, S.LAST_ACCESS_TIME, S.MAX_INACTIVE_INTERVAL, SA.ATTRIBUTE_NAME, SA.ATTRIBUTE_BYTES "
 			+ "FROM %TABLE_NAME% S "
-			+ "LEFT OUTER JOIN %TABLE_NAME%_ATTRIBUTES SA ON S.PRIMARY_ID = SA.SESSION_PRIMARY_ID "
+			+ "LEFT JOIN %TABLE_NAME%_ATTRIBUTES SA ON S.PRIMARY_ID = SA.SESSION_PRIMARY_ID "
 			+ "WHERE S.PRINCIPAL_NAME = ?";
 	// @formatter:on
 
 	// @formatter:off
-	private static final String DELETE_SESSIONS_BY_EXPIRY_TIME_QUERY = "DELETE FROM %TABLE_NAME% "
+	private static final String DELETE_SESSIONS_BY_EXPIRY_TIME_QUERY = ""
+			+ "DELETE FROM %TABLE_NAME% "
 			+ "WHERE EXPIRY_TIME < ?";
 	// @formatter:on
 
@@ -267,7 +280,7 @@ public class JdbcIndexedSessionRepository
 	 */
 	public void setCreateSessionQuery(String createSessionQuery) {
 		Assert.hasText(createSessionQuery, "Query must not be empty");
-		this.createSessionQuery = createSessionQuery;
+		this.createSessionQuery = getQuery(createSessionQuery);
 	}
 
 	/**
@@ -276,7 +289,7 @@ public class JdbcIndexedSessionRepository
 	 */
 	public void setCreateSessionAttributeQuery(String createSessionAttributeQuery) {
 		Assert.hasText(createSessionAttributeQuery, "Query must not be empty");
-		this.createSessionAttributeQuery = createSessionAttributeQuery;
+		this.createSessionAttributeQuery = getQuery(createSessionAttributeQuery);
 	}
 
 	/**
@@ -285,7 +298,7 @@ public class JdbcIndexedSessionRepository
 	 */
 	public void setGetSessionQuery(String getSessionQuery) {
 		Assert.hasText(getSessionQuery, "Query must not be empty");
-		this.getSessionQuery = getSessionQuery;
+		this.getSessionQuery = getQuery(getSessionQuery);
 	}
 
 	/**
@@ -294,7 +307,7 @@ public class JdbcIndexedSessionRepository
 	 */
 	public void setUpdateSessionQuery(String updateSessionQuery) {
 		Assert.hasText(updateSessionQuery, "Query must not be empty");
-		this.updateSessionQuery = updateSessionQuery;
+		this.updateSessionQuery = getQuery(updateSessionQuery);
 	}
 
 	/**
@@ -303,7 +316,7 @@ public class JdbcIndexedSessionRepository
 	 */
 	public void setUpdateSessionAttributeQuery(String updateSessionAttributeQuery) {
 		Assert.hasText(updateSessionAttributeQuery, "Query must not be empty");
-		this.updateSessionAttributeQuery = updateSessionAttributeQuery;
+		this.updateSessionAttributeQuery = getQuery(updateSessionAttributeQuery);
 	}
 
 	/**
@@ -312,7 +325,7 @@ public class JdbcIndexedSessionRepository
 	 */
 	public void setDeleteSessionAttributeQuery(String deleteSessionAttributeQuery) {
 		Assert.hasText(deleteSessionAttributeQuery, "Query must not be empty");
-		this.deleteSessionAttributeQuery = deleteSessionAttributeQuery;
+		this.deleteSessionAttributeQuery = getQuery(deleteSessionAttributeQuery);
 	}
 
 	/**
@@ -321,7 +334,7 @@ public class JdbcIndexedSessionRepository
 	 */
 	public void setDeleteSessionQuery(String deleteSessionQuery) {
 		Assert.hasText(deleteSessionQuery, "Query must not be empty");
-		this.deleteSessionQuery = deleteSessionQuery;
+		this.deleteSessionQuery = getQuery(deleteSessionQuery);
 	}
 
 	/**
@@ -330,7 +343,7 @@ public class JdbcIndexedSessionRepository
 	 */
 	public void setListSessionsByPrincipalNameQuery(String listSessionsByPrincipalNameQuery) {
 		Assert.hasText(listSessionsByPrincipalNameQuery, "Query must not be empty");
-		this.listSessionsByPrincipalNameQuery = listSessionsByPrincipalNameQuery;
+		this.listSessionsByPrincipalNameQuery = getQuery(listSessionsByPrincipalNameQuery);
 	}
 
 	/**
@@ -339,7 +352,7 @@ public class JdbcIndexedSessionRepository
 	 */
 	public void setDeleteSessionsByExpiryTimeQuery(String deleteSessionsByExpiryTimeQuery) {
 		Assert.hasText(deleteSessionsByExpiryTimeQuery, "Query must not be empty");
-		this.deleteSessionsByExpiryTimeQuery = deleteSessionsByExpiryTimeQuery;
+		this.deleteSessionsByExpiryTimeQuery = getQuery(deleteSessionsByExpiryTimeQuery);
 	}
 
 	/**
@@ -460,63 +473,84 @@ public class JdbcIndexedSessionRepository
 
 	private void insertSessionAttributes(JdbcSession session, List<String> attributeNames) {
 		Assert.notEmpty(attributeNames, "attributeNames must not be null or empty");
-		if (attributeNames.size() > 1) {
-			this.jdbcOperations.batchUpdate(this.createSessionAttributeQuery, new BatchPreparedStatementSetter() {
+		try (LobCreator lobCreator = this.lobHandler.getLobCreator()) {
+			if (attributeNames.size() > 1) {
+				try {
+					this.jdbcOperations.batchUpdate(this.createSessionAttributeQuery,
+							new BatchPreparedStatementSetter() {
 
-				@Override
-				public void setValues(PreparedStatement ps, int i) throws SQLException {
-					String attributeName = attributeNames.get(i);
-					ps.setString(1, attributeName);
-					getLobHandler().getLobCreator().setBlobAsBytes(ps, 2,
-							serialize(session.getAttribute(attributeName)));
-					ps.setString(3, session.getId());
+								@Override
+								public void setValues(PreparedStatement ps, int i) throws SQLException {
+									String attributeName = attributeNames.get(i);
+									ps.setString(1, session.primaryKey);
+									ps.setString(2, attributeName);
+									lobCreator.setBlobAsBytes(ps, 3, serialize(session.getAttribute(attributeName)));
+								}
+
+								@Override
+								public int getBatchSize() {
+									return attributeNames.size();
+								}
+
+							});
 				}
-
-				@Override
-				public int getBatchSize() {
-					return attributeNames.size();
+				catch (DuplicateKeyException ex) {
+					throw ex;
 				}
-
-			});
-		}
-		else {
-			this.jdbcOperations.update(this.createSessionAttributeQuery, (ps) -> {
-				String attributeName = attributeNames.get(0);
-				ps.setString(1, attributeName);
-				getLobHandler().getLobCreator().setBlobAsBytes(ps, 2, serialize(session.getAttribute(attributeName)));
-				ps.setString(3, session.getId());
-			});
+				catch (DataIntegrityViolationException ex) {
+					// parent record not found - we are ignoring this error because we
+					// assume that a concurrent request has removed the session
+				}
+			}
+			else {
+				try {
+					this.jdbcOperations.update(this.createSessionAttributeQuery, (ps) -> {
+						String attributeName = attributeNames.get(0);
+						ps.setString(1, session.primaryKey);
+						ps.setString(2, attributeName);
+						lobCreator.setBlobAsBytes(ps, 3, serialize(session.getAttribute(attributeName)));
+					});
+				}
+				catch (DuplicateKeyException ex) {
+					throw ex;
+				}
+				catch (DataIntegrityViolationException ex) {
+					// parent record not found - we are ignoring this error because we
+					// assume that a concurrent request has removed the session
+				}
+			}
 		}
 	}
 
 	private void updateSessionAttributes(JdbcSession session, List<String> attributeNames) {
 		Assert.notEmpty(attributeNames, "attributeNames must not be null or empty");
-		if (attributeNames.size() > 1) {
-			this.jdbcOperations.batchUpdate(this.updateSessionAttributeQuery, new BatchPreparedStatementSetter() {
+		try (LobCreator lobCreator = this.lobHandler.getLobCreator()) {
+			if (attributeNames.size() > 1) {
+				this.jdbcOperations.batchUpdate(this.updateSessionAttributeQuery, new BatchPreparedStatementSetter() {
 
-				@Override
-				public void setValues(PreparedStatement ps, int i) throws SQLException {
-					String attributeName = attributeNames.get(i);
-					getLobHandler().getLobCreator().setBlobAsBytes(ps, 1,
-							serialize(session.getAttribute(attributeName)));
+					@Override
+					public void setValues(PreparedStatement ps, int i) throws SQLException {
+						String attributeName = attributeNames.get(i);
+						lobCreator.setBlobAsBytes(ps, 1, serialize(session.getAttribute(attributeName)));
+						ps.setString(2, session.primaryKey);
+						ps.setString(3, attributeName);
+					}
+
+					@Override
+					public int getBatchSize() {
+						return attributeNames.size();
+					}
+
+				});
+			}
+			else {
+				this.jdbcOperations.update(this.updateSessionAttributeQuery, (ps) -> {
+					String attributeName = attributeNames.get(0);
+					lobCreator.setBlobAsBytes(ps, 1, serialize(session.getAttribute(attributeName)));
 					ps.setString(2, session.primaryKey);
 					ps.setString(3, attributeName);
-				}
-
-				@Override
-				public int getBatchSize() {
-					return attributeNames.size();
-				}
-
-			});
-		}
-		else {
-			this.jdbcOperations.update(this.updateSessionAttributeQuery, (ps) -> {
-				String attributeName = attributeNames.get(0);
-				getLobHandler().getLobCreator().setBlobAsBytes(ps, 1, serialize(session.getAttribute(attributeName)));
-				ps.setString(2, session.primaryKey);
-				ps.setString(3, attributeName);
-			});
+				});
+			}
 		}
 	}
 
@@ -668,6 +702,9 @@ public class JdbcIndexedSessionRepository
 		}
 
 		Instant getExpiryTime() {
+			if (getMaxInactiveInterval().isNegative()) {
+				return Instant.ofEpochMilli(Long.MAX_VALUE);
+			}
 			return getLastAccessedTime().plus(getMaxInactiveInterval());
 		}
 

spring-session-jdbc/src/main/java/org/springframework/session/jdbc/MySqlJdbcIndexedSessionRepositoryCustomizer.java

@@ -0,0 +1,43 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.jdbc;
+
+import org.springframework.session.config.SessionRepositoryCustomizer;
+
+/**
+ * A {@link SessionRepositoryCustomizer} implementation that applies MySQL specific
+ * optimized SQL statements to {@link JdbcIndexedSessionRepository}.
+ *
+ * @author Vedran Pavic
+ * @since 2.5.0
+ */
+public class MySqlJdbcIndexedSessionRepositoryCustomizer
+		implements SessionRepositoryCustomizer<JdbcIndexedSessionRepository> {
+
+	// @formatter:off
+	private static final String CREATE_SESSION_ATTRIBUTE_QUERY = ""
+			+ "INSERT INTO %TABLE_NAME%_ATTRIBUTES (SESSION_PRIMARY_ID, ATTRIBUTE_NAME, ATTRIBUTE_BYTES) "
+			+ "VALUES (?, ?, ?) "
+			+ "ON DUPLICATE KEY UPDATE ATTRIBUTE_BYTES = VALUES(ATTRIBUTE_BYTES)";
+	// @formatter:on
+
+	@Override
+	public void customize(JdbcIndexedSessionRepository sessionRepository) {
+		sessionRepository.setCreateSessionAttributeQuery(CREATE_SESSION_ATTRIBUTE_QUERY);
+	}
+
+}

spring-session-jdbc/src/main/java/org/springframework/session/jdbc/OracleJdbcIndexedSessionRepositoryCustomizer.java

@@ -0,0 +1,51 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.jdbc;
+
+import org.springframework.session.config.SessionRepositoryCustomizer;
+
+/**
+ * A {@link SessionRepositoryCustomizer} implementation that applies Oracle specific
+ * optimized SQL statements to {@link JdbcIndexedSessionRepository}.
+ *
+ * @author Vedran Pavic
+ * @since 2.5.0
+ */
+public class OracleJdbcIndexedSessionRepositoryCustomizer
+		implements SessionRepositoryCustomizer<JdbcIndexedSessionRepository> {
+
+	// @formatter:off
+	private static final String CREATE_SESSION_ATTRIBUTE_QUERY = ""
+			+ "MERGE INTO %TABLE_NAME%_ATTRIBUTES SA "
+			+ "USING ( "
+			+ "    SELECT ? AS SESSION_PRIMARY_ID, ? AS ATTRIBUTE_NAME, ? AS ATTRIBUTE_BYTES "
+			+ "    FROM DUAL "
+			+ ") A "
+			+ "ON (SA.SESSION_PRIMARY_ID = A.SESSION_PRIMARY_ID and SA.ATTRIBUTE_NAME = A.ATTRIBUTE_NAME) "
+			+ "WHEN MATCHED THEN "
+			+ "    UPDATE SET ATTRIBUTE_BYTES = A.ATTRIBUTE_BYTES "
+			+ "WHEN NOT MATCHED THEN "
+			+ "    INSERT (SESSION_PRIMARY_ID, ATTRIBUTE_NAME, ATTRIBUTE_BYTES) "
+			+ "    VALUES (A.SESSION_PRIMARY_ID, A.ATTRIBUTE_NAME, A.ATTRIBUTE_BYTES)";
+	// @formatter:on
+
+	@Override
+	public void customize(JdbcIndexedSessionRepository sessionRepository) {
+		sessionRepository.setCreateSessionAttributeQuery(CREATE_SESSION_ATTRIBUTE_QUERY);
+	}
+
+}

spring-session-jdbc/src/main/java/org/springframework/session/jdbc/PostgreSqlJdbcIndexedSessionRepositoryCustomizer.java

@@ -0,0 +1,44 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.jdbc;
+
+import org.springframework.session.config.SessionRepositoryCustomizer;
+
+/**
+ * A {@link SessionRepositoryCustomizer} implementation that applies PostgreSQL specific
+ * optimized SQL statements to {@link JdbcIndexedSessionRepository}.
+ *
+ * @author Vedran Pavic
+ * @since 2.5.0
+ */
+public class PostgreSqlJdbcIndexedSessionRepositoryCustomizer
+		implements SessionRepositoryCustomizer<JdbcIndexedSessionRepository> {
+
+	// @formatter:off
+	private static final String CREATE_SESSION_ATTRIBUTE_QUERY = ""
+			+ "INSERT INTO %TABLE_NAME%_ATTRIBUTES (SESSION_PRIMARY_ID, ATTRIBUTE_NAME, ATTRIBUTE_BYTES) "
+			+ "VALUES (?, ?, ?) "
+			+ "ON CONFLICT (SESSION_PRIMARY_ID, ATTRIBUTE_NAME) "
+			+ "DO UPDATE SET ATTRIBUTE_BYTES = EXCLUDED.ATTRIBUTE_BYTES";
+	// @formatter:on
+
+	@Override
+	public void customize(JdbcIndexedSessionRepository sessionRepository) {
+		sessionRepository.setCreateSessionAttributeQuery(CREATE_SESSION_ATTRIBUTE_QUERY);
+	}
+
+}

spring-session-jdbc/src/main/java/org/springframework/session/jdbc/SqlServerJdbcIndexedSessionRepositoryCustomizer.java

@@ -0,0 +1,50 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.jdbc;
+
+import org.springframework.session.config.SessionRepositoryCustomizer;
+
+/**
+ * A {@link SessionRepositoryCustomizer} implementation that applies SQL Server specific
+ * optimized SQL statements to {@link JdbcIndexedSessionRepository}.
+ *
+ * @author Vedran Pavic
+ * @since 2.5.0
+ */
+public class SqlServerJdbcIndexedSessionRepositoryCustomizer
+		implements SessionRepositoryCustomizer<JdbcIndexedSessionRepository> {
+
+	// @formatter:off
+	private static final String CREATE_SESSION_ATTRIBUTE_QUERY = ""
+			+ "MERGE INTO %TABLE_NAME%_ATTRIBUTES SA "
+			+ "USING ( "
+			+ "    VALUES (?, ?, ?) "
+			+ ") A (SESSION_PRIMARY_ID, ATTRIBUTE_NAME, ATTRIBUTE_BYTES) "
+			+ "ON (SA.SESSION_PRIMARY_ID = A.SESSION_PRIMARY_ID and SA.ATTRIBUTE_NAME = A.ATTRIBUTE_NAME) "
+			+ "WHEN MATCHED THEN "
+			+ "    UPDATE SET ATTRIBUTE_BYTES = A.ATTRIBUTE_BYTES "
+			+ "WHEN NOT MATCHED THEN "
+			+ "    INSERT (SESSION_PRIMARY_ID, ATTRIBUTE_NAME, ATTRIBUTE_BYTES) "
+			+ "    VALUES (A.SESSION_PRIMARY_ID, A.ATTRIBUTE_NAME, A.ATTRIBUTE_BYTES);";
+	// @formatter:on
+
+	@Override
+	public void customize(JdbcIndexedSessionRepository sessionRepository) {
+		sessionRepository.setCreateSessionAttributeQuery(CREATE_SESSION_ATTRIBUTE_QUERY);
+	}
+
+}

spring-session-jdbc/src/test/java/org/springframework/session/jdbc/JdbcIndexedSessionRepositoryTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2020 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -35,6 +35,8 @@ import org.springframework.jdbc.core.BatchPreparedStatementSetter;
 import org.springframework.jdbc.core.JdbcOperations;
 import org.springframework.jdbc.core.PreparedStatementSetter;
 import org.springframework.jdbc.core.ResultSetExtractor;
+import org.springframework.jdbc.support.lob.DefaultLobHandler;
+import org.springframework.jdbc.support.lob.TemporaryLobCreator;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.AuthorityUtils;
@@ -53,6 +55,8 @@ import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.ArgumentMatchers.isA;
 import static org.mockito.ArgumentMatchers.startsWith;
 import static org.mockito.BDDMockito.given;
+import static org.mockito.Mockito.atLeastOnce;
+import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoMoreInteractions;
@@ -286,9 +290,9 @@ class JdbcIndexedSessionRepositoryTests {
 		this.repository.save(session);
 
 		assertThat(session.isNew()).isFalse();
-		verify(this.jdbcOperations, times(1)).update(startsWith("INSERT INTO SPRING_SESSION("),
+		verify(this.jdbcOperations, times(1)).update(startsWith("INSERT INTO SPRING_SESSION ("),
 				isA(PreparedStatementSetter.class));
-		verify(this.jdbcOperations, times(1)).update(startsWith("INSERT INTO SPRING_SESSION_ATTRIBUTES("),
+		verify(this.jdbcOperations, times(1)).update(startsWith("INSERT INTO SPRING_SESSION_ATTRIBUTES ("),
 				isA(PreparedStatementSetter.class));
 		verifyNoMoreInteractions(this.jdbcOperations);
 	}
@@ -302,9 +306,9 @@ class JdbcIndexedSessionRepositoryTests {
 		this.repository.save(session);
 
 		assertThat(session.isNew()).isFalse();
-		verify(this.jdbcOperations, times(1)).update(startsWith("INSERT INTO SPRING_SESSION("),
+		verify(this.jdbcOperations, times(1)).update(startsWith("INSERT INTO SPRING_SESSION ("),
 				isA(PreparedStatementSetter.class));
-		verify(this.jdbcOperations, times(1)).batchUpdate(startsWith("INSERT INTO SPRING_SESSION_ATTRIBUTES("),
+		verify(this.jdbcOperations, times(1)).batchUpdate(startsWith("INSERT INTO SPRING_SESSION_ATTRIBUTES ("),
 				isA(BatchPreparedStatementSetter.class));
 		verifyNoMoreInteractions(this.jdbcOperations);
 	}
@@ -317,7 +321,7 @@ class JdbcIndexedSessionRepositoryTests {
 		this.repository.save(session);
 
 		assertThat(session.isNew()).isFalse();
-		verify(this.jdbcOperations, times(1)).update(startsWith("INSERT INTO SPRING_SESSION_ATTRIBUTES("),
+		verify(this.jdbcOperations, times(1)).update(startsWith("INSERT INTO SPRING_SESSION_ATTRIBUTES ("),
 				isA(PreparedStatementSetter.class));
 		verifyNoMoreInteractions(this.jdbcOperations);
 	}
@@ -331,7 +335,7 @@ class JdbcIndexedSessionRepositoryTests {
 		this.repository.save(session);
 
 		assertThat(session.isNew()).isFalse();
-		verify(this.jdbcOperations, times(1)).batchUpdate(startsWith("INSERT INTO SPRING_SESSION_ATTRIBUTES("),
+		verify(this.jdbcOperations, times(1)).batchUpdate(startsWith("INSERT INTO SPRING_SESSION_ATTRIBUTES ("),
 				isA(BatchPreparedStatementSetter.class));
 		verifyNoMoreInteractions(this.jdbcOperations);
 	}
@@ -420,7 +424,7 @@ class JdbcIndexedSessionRepositoryTests {
 		this.repository.save(session);
 
 		assertThat(session.isNew()).isFalse();
-		verify(this.jdbcOperations).update(startsWith("INSERT INTO SPRING_SESSION_ATTRIBUTES("),
+		verify(this.jdbcOperations).update(startsWith("INSERT INTO SPRING_SESSION_ATTRIBUTES ("),
 				isA(PreparedStatementSetter.class));
 		verifyNoMoreInteractions(this.jdbcOperations);
 	}
@@ -675,7 +679,7 @@ class JdbcIndexedSessionRepositoryTests {
 		JdbcSession session = this.repository.new JdbcSession(new MapSession(), "primaryKey", false);
 		String attrName = "someAttribute";
 		session.setAttribute(attrName, "someValue");
-		verify(this.jdbcOperations).update(startsWith("INSERT INTO SPRING_SESSION_ATTRIBUTES("),
+		verify(this.jdbcOperations).update(startsWith("INSERT INTO SPRING_SESSION_ATTRIBUTES ("),
 				isA(PreparedStatementSetter.class));
 		verifyNoMoreInteractions(this.jdbcOperations);
 	}
@@ -710,4 +714,19 @@ class JdbcIndexedSessionRepositoryTests {
 		verifyNoMoreInteractions(this.jdbcOperations);
 	}
 
+	@Test
+	void saveAndFreeTemporaryLob() {
+		DefaultLobHandler lobHandler = mock(DefaultLobHandler.class);
+		TemporaryLobCreator lobCreator = mock(TemporaryLobCreator.class);
+		given(lobHandler.getLobCreator()).willReturn(lobCreator);
+		lobHandler.setCreateTemporaryLob(true);
+		this.repository.setLobHandler(lobHandler);
+
+		JdbcSession session = this.repository.new JdbcSession(new MapSession(), "primaryKey", false);
+		session.setAttribute("testName", "testValue");
+		this.repository.save(session);
+
+		verify(lobCreator, atLeastOnce()).close();
+	}
+
 }

spring-session-samples/gradle/dependency-management.gradle

@@ -1,23 +1,23 @@
 dependencyManagement {
 	imports {
-		mavenBom 'com.fasterxml.jackson:jackson-bom:2.11.0'
+		mavenBom 'com.fasterxml.jackson:jackson-bom:2.12.4'
 	}
 
 	dependencies {
-		dependency 'ch.qos.logback:logback-classic:1.2.3'
-		dependency 'com.maxmind.geoip2:geoip2:2.14.0'
+		dependency 'ch.qos.logback:logback-classic:1.2.5'
+		dependency 'com.maxmind.geoip2:geoip2:2.15.0'
 		dependency 'javax.servlet.jsp.jstl:javax.servlet.jsp.jstl-api:1.2.2'
 		dependency 'javax.servlet.jsp:javax.servlet.jsp-api:2.3.3'
 		dependency 'org.apache.taglibs:taglibs-standard-jstlel:1.2.5'
-		dependency 'org.seleniumhq.selenium:htmlunit-driver:2.36.0'
-		dependency 'org.slf4j:jcl-over-slf4j:1.7.30'
-		dependency 'org.slf4j:log4j-over-slf4j:1.7.30'
+		dependency 'org.seleniumhq.selenium:htmlunit-driver:2.49.1'
+		dependency 'org.slf4j:jcl-over-slf4j:1.7.32'
+		dependency 'org.slf4j:log4j-over-slf4j:1.7.32'
 		dependency 'org.webjars:bootstrap:2.3.2'
-		dependency 'org.webjars:html5shiv:3.7.3'
-		dependency 'org.webjars:jquery:1.12.4'
-		dependency 'org.webjars:knockout:2.3.0'
-		dependency 'org.webjars:sockjs-client:0.3.4'
-		dependency 'org.webjars:stomp-websocket:2.3.3'
+		dependency 'org.webjars:html5shiv:3.7.3-1'
+		dependency 'org.webjars:jquery:3.6.0'
+		dependency 'org.webjars:knockout:3.5.1'
+		dependency 'org.webjars:sockjs-client:1.5.1'
+		dependency 'org.webjars:stomp-websocket:2.3.4'
 		dependency 'org.webjars:webjars-taglib:0.3'
 	}
 }

spring-session-samples/spring-session-sample-boot-findbyusername/src/integration-test/java/sample/FindByUsernameTests.java

@@ -46,7 +46,7 @@ import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDr
 @SpringBootTest(webEnvironment = WebEnvironment.MOCK)
 class FindByUsernameTests {
 
-	private static final String DOCKER_IMAGE = "redis:5.0.6";
+	private static final String DOCKER_IMAGE = "redis:5.0.10";
 
 	@Autowired
 	private MockMvc mockMvc;

spring-session-samples/spring-session-sample-boot-hazelcast/spring-session-sample-boot-hazelcast.gradle

@@ -0,0 +1,19 @@
+apply plugin: 'io.spring.convention.spring-sample-boot'
+
+dependencies {
+    compile project(':spring-session-hazelcast')
+    compile "org.springframework.boot:spring-boot-starter-web"
+    compile "org.springframework.boot:spring-boot-starter-thymeleaf"
+    compile "org.springframework.boot:spring-boot-starter-security"
+    compile "com.hazelcast:hazelcast-client"
+    compile "nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect"
+    compile "org.webjars:bootstrap"
+    compile "org.webjars:html5shiv"
+    compile "org.webjars:webjars-locator-core"
+
+    testCompile "org.springframework.boot:spring-boot-starter-test"
+    testCompile "org.junit.jupiter:junit-jupiter-api"
+    testRuntime "org.junit.jupiter:junit-jupiter-engine"
+    integrationTestCompile seleniumDependencies
+    integrationTestCompile "org.testcontainers:testcontainers"
+}

spring-session-samples/spring-session-sample-boot-hazelcast/src/integration-test/java/sample/BootTests.java

@@ -0,0 +1,98 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample;
+
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.openqa.selenium.WebDriver;
+import org.testcontainers.containers.GenericContainer;
+import sample.pages.HomePage;
+import sample.pages.LoginPage;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.boot.test.context.TestConfiguration;
+import org.springframework.context.annotation.Bean;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDriverBuilder;
+
+/**
+ * @author Ellie Bahadori
+ */
+@ExtendWith(SpringExtension.class)
+@AutoConfigureMockMvc
+@SpringBootTest(webEnvironment = WebEnvironment.MOCK)
+class BootTests {
+
+	private static final String DOCKER_IMAGE = "hazelcast/hazelcast:latest";
+
+	@Autowired
+	private MockMvc mockMvc;
+
+	private WebDriver driver;
+
+	@BeforeEach
+	void setup() {
+		this.driver = MockMvcHtmlUnitDriverBuilder.mockMvcSetup(this.mockMvc).build();
+	}
+
+	@AfterEach
+	void tearDown() {
+		this.driver.quit();
+	}
+
+	@Test
+	void home() {
+		LoginPage login = HomePage.go(this.driver);
+		login.assertAt();
+	}
+
+	@Test
+	void login() {
+		LoginPage login = HomePage.go(this.driver);
+		HomePage home = login.form().login(HomePage.class);
+		home.assertAt();
+		home.containCookie("SESSION");
+		home.doesNotContainCookie("JSESSIONID");
+	}
+
+	@Test
+	void logout() {
+		LoginPage login = HomePage.go(this.driver);
+		HomePage home = login.form().login(HomePage.class);
+		home.logout();
+		login.assertAt();
+	}
+
+	@TestConfiguration
+	static class Config {
+
+		@Bean
+		GenericContainer hazelcastContainer() {
+			GenericContainer hazelcastContainer = new GenericContainer(DOCKER_IMAGE).withExposedPorts(5701);
+			hazelcastContainer.start();
+			return hazelcastContainer;
+		}
+
+	}
+
+}

spring-session-samples/spring-session-sample-boot-hazelcast/src/integration-test/java/sample/pages/BasePage.java

@@ -0,0 +1,41 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.pages;
+
+import org.openqa.selenium.WebDriver;
+
+/**
+ * @author Ellie Bahadori
+ */
+public class BasePage {
+
+	private WebDriver driver;
+
+	public BasePage(WebDriver driver) {
+		this.driver = driver;
+	}
+
+	public WebDriver getDriver() {
+		return this.driver;
+	}
+
+	public static void get(WebDriver driver, String get) {
+		String baseUrl = "http://localhost";
+		driver.get(baseUrl + get);
+	}
+
+}

spring-session-samples/spring-session-sample-boot-hazelcast/src/integration-test/java/sample/pages/HomePage.java

@@ -0,0 +1,63 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.pages;
+
+import java.util.Set;
+
+import org.openqa.selenium.By;
+import org.openqa.selenium.Cookie;
+import org.openqa.selenium.WebDriver;
+import org.openqa.selenium.WebElement;
+import org.openqa.selenium.support.PageFactory;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * @author Ellie Bahadori
+ */
+public class HomePage extends BasePage {
+
+	public HomePage(WebDriver driver) {
+		super(driver);
+	}
+
+	public static LoginPage go(WebDriver driver) {
+		get(driver, "/");
+		return PageFactory.initElements(driver, LoginPage.class);
+	}
+
+	public void assertAt() {
+		assertThat(getDriver().getTitle()).isEqualTo("Spring Session Sample - Secured Content");
+	}
+
+	public void containCookie(String cookieName) {
+		Set<Cookie> cookies = getDriver().manage().getCookies();
+		assertThat(cookies).extracting("name").contains(cookieName);
+	}
+
+	public void doesNotContainCookie(String cookieName) {
+		Set<Cookie> cookies = getDriver().manage().getCookies();
+		assertThat(cookies).extracting("name").doesNotContain(cookieName);
+	}
+
+	public HomePage logout() {
+		WebElement logout = getDriver().findElement(By.cssSelector("input[type=\"submit\"]"));
+		logout.click();
+		return PageFactory.initElements(getDriver(), HomePage.class);
+	}
+
+}

spring-session-samples/spring-session-sample-boot-hazelcast/src/integration-test/java/sample/pages/LoginPage.java

@@ -0,0 +1,69 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.pages;
+
+import org.openqa.selenium.SearchContext;
+import org.openqa.selenium.WebDriver;
+import org.openqa.selenium.WebElement;
+import org.openqa.selenium.support.FindBy;
+import org.openqa.selenium.support.PageFactory;
+import org.openqa.selenium.support.pagefactory.DefaultElementLocatorFactory;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * @author Ellie Bahadori
+ */
+public class LoginPage extends BasePage {
+
+	public LoginPage(WebDriver driver) {
+		super(driver);
+	}
+
+	public void assertAt() {
+		assertThat(getDriver().getTitle()).isEqualTo("Please sign in");
+	}
+
+	public Form form() {
+		return new Form(getDriver());
+	}
+
+	public class Form {
+
+		@FindBy(name = "username")
+		private WebElement username;
+
+		@FindBy(name = "password")
+		private WebElement password;
+
+		@FindBy(tagName = "button")
+		private WebElement button;
+
+		public Form(SearchContext context) {
+			PageFactory.initElements(new DefaultElementLocatorFactory(context), this);
+		}
+
+		public <T> T login(Class<T> page) {
+			this.username.sendKeys("user");
+			this.password.sendKeys("password");
+			this.button.click();
+			return PageFactory.initElements(getDriver(), page);
+		}
+
+	}
+
+}

spring-session-samples/spring-session-sample-boot-hazelcast/src/integration-test/resources/testcontainers.properties

@@ -0,0 +1 @@
+ryuk.container.timeout=120

spring-session-samples/spring-session-sample-boot-hazelcast/src/main/java/sample/Application.java

@@ -0,0 +1,34 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.cache.annotation.EnableCaching;
+
+/**
+ * @author Ellie Bahadori
+ */
+@EnableCaching
+@SpringBootApplication
+public class Application {
+
+	public static void main(String[] args) {
+		SpringApplication.run(Application.class, args);
+	}
+
+}

spring-session-samples/spring-session-sample-boot-hazelcast/src/main/java/sample/config/IndexController.java

@@ -0,0 +1,30 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.config;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+@Controller
+public class IndexController {
+
+	@RequestMapping("/")
+	public String index() {
+		return "index";
+	}
+
+}

spring-session-samples/spring-session-sample-boot-hazelcast/src/main/java/sample/config/SecurityConfig.java

@@ -0,0 +1,48 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.config;
+
+import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+/**
+ * Spring Security configuration.
+ *
+ * @author Ellie Bahadori
+ */
+@Configuration
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+	// @formatter:off
+	// tag::config[]
+	@Override
+	protected void configure(HttpSecurity http) throws Exception {
+		http
+			.authorizeRequests((authorize) -> authorize
+				.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
+				.anyRequest().authenticated()
+			)
+			.formLogin((formLogin) -> formLogin
+				.permitAll()
+			);
+	}
+	// end::config[]
+	// @formatter:on
+
+}

spring-session-samples/spring-session-sample-boot-hazelcast/src/main/java/sample/config/SessionConfig.java

@@ -0,0 +1,56 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.config;
+
+import com.hazelcast.config.Config;
+import com.hazelcast.config.MapAttributeConfig;
+import com.hazelcast.config.MapIndexConfig;
+import com.hazelcast.config.NetworkConfig;
+import com.hazelcast.config.SerializerConfig;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.session.MapSession;
+import org.springframework.session.hazelcast.HazelcastIndexedSessionRepository;
+import org.springframework.session.hazelcast.HazelcastSessionSerializer;
+import org.springframework.session.hazelcast.PrincipalNameExtractor;
+
+// tag::class[]
+@Configuration
+public class SessionConfig {
+
+	@Bean
+	public Config clientConfig() {
+		Config config = new Config();
+		NetworkConfig networkConfig = config.getNetworkConfig();
+		networkConfig.setPort(0);
+		networkConfig.getJoin().getMulticastConfig().setEnabled(false);
+		MapAttributeConfig attributeConfig = new MapAttributeConfig()
+				.setName(HazelcastIndexedSessionRepository.PRINCIPAL_NAME_ATTRIBUTE)
+				.setExtractor(PrincipalNameExtractor.class.getName());
+		config.getMapConfig(HazelcastIndexedSessionRepository.DEFAULT_SESSION_MAP_NAME)
+				.addMapAttributeConfig(attributeConfig).addMapIndexConfig(
+						new MapIndexConfig(HazelcastIndexedSessionRepository.PRINCIPAL_NAME_ATTRIBUTE, false));
+		SerializerConfig serializerConfig = new SerializerConfig();
+		serializerConfig.setImplementation(new HazelcastSessionSerializer()).setTypeClass(MapSession.class);
+		config.getSerializationConfig().addSerializerConfig(serializerConfig);
+		return config;
+
+	}
+
+}
+// end::class[]

spring-session-samples/spring-session-sample-boot-hazelcast/src/main/resources/application.properties

@@ -0,0 +1 @@
+spring.security.user.password=password

spring-session-samples/spring-session-sample-boot-hazelcast/src/main/resources/templates/index.html

@@ -0,0 +1,11 @@
+<html xmlns:th="https://www.thymeleaf.org" xmlns:layout="https://github.com/ultraq/thymeleaf-layout-dialect" layout:decorate="~{layout}">
+<head>
+	<title>Secured Content</title>
+</head>
+<body>
+	<div layout:fragment="content">
+		<h1>Secured Page</h1>
+		<p>This page is secured using Spring Boot, Spring Session, and Spring Security.</p>
+	</div>
+</body>
+</html>

spring-session-samples/spring-session-sample-boot-hazelcast/src/main/resources/templates/layout.html

@@ -0,0 +1,122 @@
+<!DOCTYPE html SYSTEM "https://www.thymeleaf.org/dtd/xhtml1-strict-thymeleaf-spring4-3.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"
+			xmlns:th="https://www.thymeleaf.org"
+			xmlns:layout="https://github.com/ultraq/thymeleaf-layout-dialect">
+	<head>
+		<title layout:title-pattern="$LAYOUT_TITLE - $CONTENT_TITLE">Spring Session Sample</title>
+		<link rel="icon" type="image/x-icon" th:href="@{/favicon.ico}" href="../static/favicon.ico"/>
+		<link th:href="@{/webjars/bootstrap/css/bootstrap.min.css}" href="/webjars/bootstrap/css/bootstrap.min.css" rel="stylesheet"></link>
+		<style type="text/css">
+			/* Sticky footer styles
+			-------------------------------------------------- */
+
+			html,
+			body {
+				height: 100%;
+				/* The html and body elements cannot have any padding or margin. */
+			}
+
+			/* Wrapper for page content to push down footer */
+			#wrap {
+				min-height: 100%;
+				height: auto !important;
+				height: 100%;
+				/* Negative indent footer by it's height */
+				margin: 0 auto -60px;
+			}
+
+			/* Set the fixed height of the footer here */
+			#push,
+			#footer {
+				height: 60px;
+			}
+			#footer {
+				background-color: #f5f5f5;
+			}
+
+			/* Lastly, apply responsive CSS fixes as necessary */
+			@media (max-width: 767px) {
+				#footer {
+					margin-left: -20px;
+					margin-right: -20px;
+					padding-left: 20px;
+					padding-right: 20px;
+				}
+			}
+
+
+
+			/* Custom page CSS
+			-------------------------------------------------- */
+			/* Not required for template or sticky footer method. */
+
+			.container {
+				width: auto;
+				max-width: 680px;
+			}
+			.container .credit {
+				margin: 20px 0;
+				text-align: center;
+			}
+			a {
+					color: green;
+			}
+			.navbar-form {
+				margin-left: 1em;
+			}
+		</style>
+		<link th:href="@{/webjars/bootstrap/css/bootstrap-responsive.min.css}" href="/webjars/bootstrap/css/bootstrap-responsive.min.css" rel="stylesheet"></link>
+
+		<!-- HTML5 shim, for IE6-8 support of HTML5 elements -->
+		<!--[if lt IE 9]>
+			<script th:src="@{/webjars/html5shiv/html5shiv.min.js}" src="/webjars/html5shiv/html5shiv.min.js"></script>
+		<![endif]-->
+	</head>
+
+
+	<body>
+		<div id="wrap">
+			<div class="navbar navbar-inverse navbar-static-top">
+				<div class="navbar-inner">
+					<div class="container">
+						<a class="brand" th:href="@{/}"><img th:src="@{/images/logo.png}" alt="Spring Security Sample"/></a>
+
+<div class="nav-collapse collapse"
+		th:with="currentUser=${#httpServletRequest.userPrincipal?.principal}">
+	<div th:if="${currentUser != null}">
+			<form class="navbar-form pull-right" th:action="@{/logout}" method="post">
+					<input type="submit" value="Log out" />
+			</form>
+			<p id="un" class="navbar-text pull-right" th:text="${currentUser.username}">
+				sample_user
+			</p>
+	</div>
+	<ul class="nav">
+	</ul>
+</div>
+
+				</div>
+			</div>
+		</div>
+			<!-- Begin page content -->
+			<div class="container">
+				<div class="alert alert-success"
+							th:if="${globalMessage}"
+							th:text="${globalMessage}">
+						Some Success message
+				</div>
+				<div layout:fragment="content">
+						Fake content
+				</div>
+			</div>
+
+			<div id="push"><!--  --></div>
+		</div>
+
+		<div id="footer">
+			<div class="container">
+				<p class="muted credit">Visit the <a href="https://projects.spring.io/spring-session/">Spring Session</a> site for more <a href="https://github.com/spring-projects/spring-session/tree/main/spring-session-samples">samples</a>.</p>
+			</div>
+		</div>
+	</body>
+</html>

spring-session-samples/spring-session-sample-boot-hazelcast4/spring-session-sample-boot-hazelcast4.gradle

@@ -0,0 +1,20 @@
+apply plugin: 'io.spring.convention.spring-sample-boot'
+
+dependencies {
+    compile project(':spring-session-hazelcast')
+    compile project(':hazelcast4')
+    compile "org.springframework.boot:spring-boot-starter-web"
+    compile "org.springframework.boot:spring-boot-starter-thymeleaf"
+    compile "org.springframework.boot:spring-boot-starter-security"
+    compile "com.hazelcast:hazelcast:4.2.2"
+    compile "nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect"
+    compile "org.webjars:bootstrap"
+    compile "org.webjars:html5shiv"
+    compile "org.webjars:webjars-locator-core"
+
+    testCompile "org.springframework.boot:spring-boot-starter-test"
+    testCompile "org.junit.jupiter:junit-jupiter-api"
+    testRuntime "org.junit.jupiter:junit-jupiter-engine"
+    integrationTestCompile seleniumDependencies
+    integrationTestCompile "org.testcontainers:testcontainers"
+}

spring-session-samples/spring-session-sample-boot-hazelcast4/src/integration-test/java/sample/BootTests.java

@@ -0,0 +1,95 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample;
+
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.openqa.selenium.WebDriver;
+import org.testcontainers.containers.GenericContainer;
+import sample.pages.HomePage;
+import sample.pages.LoginPage;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.boot.test.context.TestConfiguration;
+import org.springframework.context.annotation.Bean;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDriverBuilder;
+
+@ExtendWith(SpringExtension.class)
+@AutoConfigureMockMvc
+@SpringBootTest(webEnvironment = WebEnvironment.MOCK)
+class BootTests {
+
+	private static final String DOCKER_IMAGE = "hazelcast/hazelcast:latest";
+
+	@Autowired
+	private MockMvc mockMvc;
+
+	private WebDriver driver;
+
+	@BeforeEach
+	void setup() {
+		this.driver = MockMvcHtmlUnitDriverBuilder.mockMvcSetup(this.mockMvc).build();
+	}
+
+	@AfterEach
+	void tearDown() {
+		this.driver.quit();
+	}
+
+	@Test
+	void home() {
+		LoginPage login = HomePage.go(this.driver);
+		login.assertAt();
+	}
+
+	@Test
+	void login() {
+		LoginPage login = HomePage.go(this.driver);
+		HomePage home = login.form().login(HomePage.class);
+		home.assertAt();
+		home.containCookie("SESSION");
+		home.doesNotContainCookie("JSESSIONID");
+	}
+
+	@Test
+	void logout() {
+		LoginPage login = HomePage.go(this.driver);
+		HomePage home = login.form().login(HomePage.class);
+		home.logout();
+		login.assertAt();
+	}
+
+	@TestConfiguration
+	static class Config {
+
+		@Bean
+		GenericContainer hazelcastContainer() {
+			GenericContainer hazelcastContainer = new GenericContainer(DOCKER_IMAGE).withExposedPorts(5701);
+			hazelcastContainer.start();
+			return hazelcastContainer;
+		}
+
+	}
+
+}

spring-session-samples/spring-session-sample-boot-hazelcast4/src/integration-test/java/sample/pages/BasePage.java

@@ -0,0 +1,38 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.pages;
+
+import org.openqa.selenium.WebDriver;
+
+public class BasePage {
+
+	private WebDriver driver;
+
+	public BasePage(WebDriver driver) {
+		this.driver = driver;
+	}
+
+	public WebDriver getDriver() {
+		return this.driver;
+	}
+
+	public static void get(WebDriver driver, String get) {
+		String baseUrl = "http://localhost";
+		driver.get(baseUrl + get);
+	}
+
+}

spring-session-samples/spring-session-sample-boot-hazelcast4/src/integration-test/java/sample/pages/HomePage.java

@@ -0,0 +1,60 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.pages;
+
+import java.util.Set;
+
+import org.openqa.selenium.By;
+import org.openqa.selenium.Cookie;
+import org.openqa.selenium.WebDriver;
+import org.openqa.selenium.WebElement;
+import org.openqa.selenium.support.PageFactory;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+public class HomePage extends BasePage {
+
+	public HomePage(WebDriver driver) {
+		super(driver);
+	}
+
+	public static LoginPage go(WebDriver driver) {
+		get(driver, "/");
+		return PageFactory.initElements(driver, LoginPage.class);
+	}
+
+	public void assertAt() {
+		assertThat(getDriver().getTitle()).isEqualTo("Spring Session Sample - Secured Content");
+	}
+
+	public void containCookie(String cookieName) {
+		Set<Cookie> cookies = getDriver().manage().getCookies();
+		assertThat(cookies).extracting("name").contains(cookieName);
+	}
+
+	public void doesNotContainCookie(String cookieName) {
+		Set<Cookie> cookies = getDriver().manage().getCookies();
+		assertThat(cookies).extracting("name").doesNotContain(cookieName);
+	}
+
+	public HomePage logout() {
+		WebElement logout = getDriver().findElement(By.cssSelector("input[type=\"submit\"]"));
+		logout.click();
+		return PageFactory.initElements(getDriver(), HomePage.class);
+	}
+
+}