java - Spring security: Session is invalidated when user isn't authenticated -

whenever run web application , go default page, role_anonymous user inside authorities expected. however, when go idle, session times out causes invalid-session-url triggered. there anyway exclude unauthenticated users session timeout?

edit: easiest way found setting invalidsessionstrategy. problem is, don't know how to. don't need create own implementation of sessionmanagementfilter. want control of how application handle invalid-session-url. can me out?

having session practice un-authenticated users. implement invalid-session-url in way checks authentication before redirecting. if user not authenticated, redirect session-idle-timeout page.