Allow update of existing WebSession after max sessions limit is reached
Previously, when saving a WebSession, the system did not check whether the session ID already existed. As a result, even if the session being saved was an update to an existing one, it was incorrectly treated as a new session, and a "maximum sessions exceeded" error was triggered. This fix ensures that if a WebSession with the same ID already exists, it will be updated rather than counted as a new session, thereby preventing unnecessary session limit violations. Closes gh-35013 Signed-off-by: Mohammad Saeed Nouri <msnsaeed71@gmail.com>
This commit is contained in:
committed by
Sam Brannen
parent
3c265e1044
commit
c04902fefb
@@ -283,7 +283,7 @@ public class InMemoryWebSessionStore implements WebSessionStore {
|
||||
private void checkMaxSessionsLimit() {
|
||||
if (sessions.size() >= maxSessions) {
|
||||
expiredSessionChecker.removeExpiredSessions(clock.instant());
|
||||
if (sessions.size() >= maxSessions) {
|
||||
if (sessions.size() >= maxSessions && !sessions.containsKey(this.getId())) {
|
||||
throw new IllegalStateException("Max sessions limit reached: " + sessions.size());
|
||||
}
|
||||
}
|
||||
|
||||
@@ -23,6 +23,7 @@ import java.util.stream.IntStream;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
import reactor.core.scheduler.Schedulers;
|
||||
import reactor.test.StepVerifier;
|
||||
|
||||
import org.springframework.beans.DirectFieldAccessor;
|
||||
import org.springframework.web.server.WebSession;
|
||||
@@ -157,6 +158,25 @@ class InMemoryWebSessionStoreTests {
|
||||
.withMessage("Max sessions limit reached: 10");
|
||||
}
|
||||
|
||||
@Test
|
||||
void updateSession() {
|
||||
WebSession oneWebSession = insertSession();
|
||||
|
||||
StepVerifier.create(oneWebSession.save())
|
||||
.expectComplete()
|
||||
.verify();
|
||||
}
|
||||
|
||||
@Test
|
||||
void updateSession_whenMaxSessionsReached() {
|
||||
WebSession onceWebSession = insertSession();
|
||||
IntStream.range(1, 10000).forEach(i -> insertSession());
|
||||
|
||||
StepVerifier.create(onceWebSession.save())
|
||||
.expectComplete()
|
||||
.verify();
|
||||
}
|
||||
|
||||
|
||||
private WebSession insertSession() {
|
||||
WebSession session = this.store.createWebSession().block();
|
||||
|
||||
Reference in New Issue
Block a user