SEC-1770: Call refreshLastRequest on the session registry rather than the SessionInformation object to make sure it works with alternative SessionRegistry implementations.

web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java

@@ -101,7 +101,7 @@ public class ConcurrentSessionFilter extends GenericFilterBean {
                     return;
                 } else {
                     // Non-expired - update last request date/time
-                    info.refreshLastRequest();
+                    sessionRegistry.refreshLastRequest(info.getSessionId());
                 }
             }
         }