Retrieving Session ID with Spring Security

More easiest way is:

@GetMapping(path = "/foo")  
public void foo(HttpSession session) {  
    String sessionId = session.getId();  
}

You may use

RequestContextHolder.currentRequestAttributes().getSessionId();

This relies on Spring's RequestContextHolder, so it should be used with Spring MVC's DispatcherServlet or you should have a RequestContextListener declared. Also session will be created if not exists.