From 82c86b822f1e3fec7e0b8f96fdf37a06169e113c Mon Sep 17 00:00:00 2001 From: Marcus Da Coregio Date: Thu, 16 Feb 2023 10:57:02 -0300 Subject: [PATCH] Polish session-management.adoc Remove unresolved anchor Issue gh-12519 --- .../ROOT/pages/servlet/authentication/session-management.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/modules/ROOT/pages/servlet/authentication/session-management.adoc b/docs/modules/ROOT/pages/servlet/authentication/session-management.adoc index 80819a94a6..84c6b03678 100644 --- a/docs/modules/ROOT/pages/servlet/authentication/session-management.adoc +++ b/docs/modules/ROOT/pages/servlet/authentication/session-management.adoc @@ -90,7 +90,7 @@ The latter is also used when configuring an invalid session URL through the name [[moving-away-from-sessionmanagementfilter]] ==== Moving Away From `SessionManagementFilter` -In Spring Security 5, the default configuration relies on `SessionManagementFilter` to detect if a user just authenticated and invoke <<_the_sessionauthenticationstrategy,the `SessionAuthenticationStrategy`>>. +In Spring Security 5, the default configuration relies on `SessionManagementFilter` to detect if a user just authenticated and invoke {security-api-url}org/springframework/security/web/authentication/session/SessionAuthenticationStrategy.html[the `SessionAuthenticationStrategy`]. The problem with this is that it means that in a typical setup, the `HttpSession` must be read for every request. In Spring Security 6, the default is that authentication mechanisms themselves must invoke the `SessionAuthenticationStrategy`. @@ -161,7 +161,7 @@ In Spring Security 6, if you try to use any of these methods when `requireExplic [[customizing-where-authentication-is-stored]] == Customizing Where the Authentication Is Stored -By default, Spring Security stores the security context for you in the HTTP session (link to earlier description). However, here are several reasons you may want to customize that: +By default, Spring Security stores the security context for you in the HTTP session. However, here are several reasons you may want to customize that: * You may want call individual setters on the `HttpSessionSecurityContextRepository` instance * You may want to store the security context in a cache or database to enable horizontal scaling