security校验session校验是在ConcurrentSessionFilter,在doFilter方法里可以看到如果session过期会执行方法
this.doLogout(request, response);
this.sessionInformationExpiredStrategy.onExpiredSessionDetected(new SessionInformationExpiredEvent(info, request, response));
先做退出操作,在执行session过期策略,这个策略的初始化是在SessionManagementConfigurer.getExpiredSessionStrategy
SessionInformationExpiredStrategy getExpiredSessionStrategy() {
if(this.expiredSessionStrategy != null) {
return this.expiredSessionStrategy;
} else if(this.expiredUrl == null) {
return null;
} else {
if(this.expiredSessionStrategy == null) {
this.expiredSessionStrategy = new SimpleRedirectSessionInformationExpiredStrategy(this.expiredUrl);
}
return this.expiredSessionStrategy;
}
}
所以如果你没有设置默认的策略和expiredU