Expected Behavior

Spring applications with sessions optionally expose an "observable" of session events (something like a WebSocket).

Context

When working with SPAs authorizing REST requests to a Spring backend with sessions, it would be nice that this Spring application expose something like a WebSocket to which the frontend(s) could subscribe to be notified with session events like a modification to the Authentication in session changes.

A few samples of when this could be useful: - sessions expiration - when working with an OAuth2 client, it is possible that the authorities change after an ID-token refreshing (or a new call to the userinfo endpoint is made) - when using Back-Channel Logout