Spring InMemoryWebSessionStore#changeSessionId makes blocking calls to UUID.randomUUID

While using blockhound to detect blocking operations in general, it was found for logout operation in reactive web support, InMemoryWebSessionStore makes a blocking call UUID.randomUUID via changeSessionId method call.

As evident from source, new session id generation would be performed on reactor thread.

reactor.blockhound.BlockingOperationError: Blocking call! java.io.FileInputStream#readBytes
    at java.io.FileInputStream.readBytes(FileInputStream.java) ~[?:?]
    Suppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException: 
Error has been observed at the following site(s):
    *__checkpoint ⇢ org.springframework.security.web.server.authentication.logout.LogoutWebFilter [DefaultWebFilterChain]
    *__checkpoint ⇢ org.springframework.security.web.server.savedrequest.ServerRequestCacheWebFilter [DefaultWebFilterChain]
    *__checkpoint ⇢ org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter [DefaultWebFilterChain]
    *__checkpoint ⇢ org.springframework.security.web.server.authentication.AuthenticationWebFilter [DefaultWebFilterChain]
    *__checkpoint ⇢ org.springframework.security.web.server.context.ReactorContextWebFilter [DefaultWebFilterChain]
    *__checkpoint ⇢ org.springframework.security.web.server.header.HttpHeaderWriterWebFilter [DefaultWebFilterChain]
    *__checkpoint ⇢ org.springframework.security.config.web.server.ServerHttpSecurity$ServerWebExchangeReactorContextWebFilter [DefaultWebFilterChain]
    *__checkpoint ⇢ org.springframework.security.web.server.WebFilterChainProxy [DefaultWebFilterChain]
    *__checkpoint ⇢ HTTP POST "/logout" [ExceptionHandlingWebHandler]
Original Stack Trace:
        at java.io.FileInputStream.readBytes(FileInputStream.java) ~[?:?]
        at java.io.FileInputStream.read(FileInputStream.java:276) ~[?:?]
        at java.io.FilterInputStream.read(FilterInputStream.java:132) ~[?:?]
        at sun.security.provider.NativePRNG$RandomIO.readFully(NativePRNG.java:425) ~[?:?]
        at sun.security.provider.NativePRNG$RandomIO.ensureBufferValid(NativePRNG.java:528) ~[?:?]
        at sun.security.provider.NativePRNG$RandomIO.implNextBytes(NativePRNG.java:547) ~[?:?]
        at sun.security.provider.NativePRNG.engineNextBytes(NativePRNG.java:221) ~[?:?]
        at java.security.SecureRandom.nextBytes(SecureRandom.java:758) ~[?:?]
        at java.util.UUID.randomUUID(UUID.java:151) ~[?:?]
        at org.springframework.util.JdkIdGenerator.generateId(JdkIdGenerator.java:31) ~[spring-core-5.3.22.jar:5.3.22]
        at org.springframework.web.server.session.InMemoryWebSessionStore$InMemoryWebSession.changeSessionId(InMemoryWebSessionStore.java:234) ~[spring-web-5.3.22.jar:5.3.22]

Comment From: rstoyanchev

Similar to #24027 but when changeSessionId is called rather than when a new session is created.