Spring Security SEC-2401: A sample application using custom SessionRegistry and not using HttpSession

Cemo Koc (Migrated from SEC-2401) said:

It would be really nice to have a sample application at samples which is implementing a custom SessionRegistry and does not rely on HttpSession.

Comment From: spring-projects-issues

Cemo Koc said:

Rob, maybe there is a fundamental mistake at my question. I was considering that Spring Security could be responsible for both session management and security without Http Session. I would be very glad if you can explain responsibility of parts of Session creation and management. Theoretically I can completely disable HttpSession, and use a unique identifier as Session ID to create sessions with Spring Security. Is this possible?

Comment From: rwinch

The samples have been externalized to https://github.com/spring-projects/spring-security-samples