Prevent SessionRepository.save(Session) on non-dirty Sessions.

[jxblum]

Currently, Spring Session core performs a "commit" of a Session twice during the HTTP request/response processing cycle. This double commit ends up calling SessionRepository.save(Session) twice.

The commit/save, more often than not, results in a non-dirty Session update. In fact I have not seen a case where the Session has become dirty again after it was saved the first time during the HTTP request/response processing cycle. Of course, more research is needed to actually confirm an update to the Session would not occur in some other code path after the first save, such as a Servlet Filter.

Anyway, more details to follow...

@rwinch FYI, ^^^^

[jxblum]

If this change is warranted, then it will also be included/back-ported to the SSDG 2.0.7.RELEASE.