When SessionFixationProtectionStrategy changes the session, the new session id is not reflected in WebAuthenticationDetails. Is this a glitch?
Subclassing the strategy and implementing onSessionChange won't help because I do not have access to the request.

Can anyone enlighted me?!

Thanks, Mike