Align WebSession#save implementations with API clarifications

[vpavic]

We should ensure our WebSession#save implementations are aligned with API clarifications recently introduced in SPR-17051.

Namely:

/**
 * Save the session through the {@code WebSessionStore} as follows:
 * <ul>
 * <li>If the session is new (i.e. created but never persisted), it must have
 * been started explicitly via {@link #start()} or implicitly by adding
 * attributes, or otherwise this method should have no effect.
 * <li>If the session was retrieved through the {@code WebSessionStore},
 * the implementation for this method must check whether the session was
 * {@link #invalidate() invalidated} and if so return an error.
 * </ul>
 * <p>Note that this method is not intended for direct use by applications.
 * Instead it is automatically invoked just before the response is
 * committed is committed.
 * @return {@code Mono} to indicate completion with success or error
 */
Mono<Void> save();

[vpavic]

Ping @rwinch - what's your take on this?

In practice, our session repository implementations have always ignored attempts to update an invalid session i.e. the one that's missing from the store.

[rwinch]

I agree. We should ensure our implementation is aligned with the API clarifications

[vpavic]

ReactiveRedisOperationsSessionRepository is now aligned with WebSession#save API and will return a Mono#error containing IllegalStateException when an invalid (i.e. not present in the data store) RedisSession was passed in.