Spring Security Add getCreationTime() to SessionInformation for enhanced session lifecycle support

Summary

I'd like to propose adding a getCreationTime() method to the org.springframework.security.core.session.SessionInformation interface to enhance session lifecycle visibility and control. See also the discussion with @jgrandja in auth_time claim doesn't show the time of the original authentication. #2035

Motivation Currently, SessionInformation provides metadata such as the session ID, principal, last request time, and expiration status, but it lacks the creation timestamp of the session.

Adding getCreationTime() would provide key benefits for a variety of real-world use cases:

Use Cases

1. Auditing & Compliance
2. Enable "Who logged in when?" tracking.

3. Useful for audit trails in regulated environments.

4. Custom Session Expiration Rules based on creation time

5. Session Monitoring & Admin Tools

6. Example session display: "User X has been logged in since 08:12, last activity at 08:55."

7. OpenID Connect Support

8. Support for auth_time claim in ID Tokens.
9. Easier implementation of the max_age query parameter in OIDC requests (see: OpenID Connect Core 1.0 – §3.1.2.1 ).

Comment From: therepanic

I read the discussion and that's a really good feature. If no one objects, I could implement it