Commit Graph

32 Commits

Author SHA1 Message Date
Rob Winch
369e98c7ef SessionRepositoryRequestWrapper overrides isRequestedSessionIdValid
Fixes gh-142, gh-153
2015-02-19 16:49:38 -06:00
Dave Syer
29ad238307 Invoke HttpSessionStrategy.onNewSession if session id changed
Fixes gh-154
2015-02-19 16:49:38 -06:00
Rob Winch
5847801a32 RedisSessionExpirationPolicy.cleanExpiredSessions does not delete performs get
The Problem:

The background task that cleans up sessions can incorrectly remove a
session due to a race condition.

Assume an existing session with the id "1" exists and will expire at
1420656360000. This means our redis store has the following:

spring:session:expirations:1420656360000 -> [1]
spring:session:session:1 -> <session>
Consider the following sequence:

* Thread 1 requests Session 1 and determines it should be forcibly deleted
up at 1420656420000
* Thread 2 requests Session 2 and determines it should be forcibly deleted
one minute later at 1420656480000
* Thread 2 removes Session 1 from 1420656360000, so it will no longer be
forcibly deleted at that time

spring:session:expirations:1420656360000 -> []
spring:session:session:1 -> <session>

* Thread 2 adds Session 1 to 1420656480000

spring:session:expirations:1420656360000 -> []
spring:session:session:1 -> <session>
spring:session:expirations:1420656480000 -> [1]

* Thread 1 removes Session 1 (which was already removed) from 1420656360000 (the original expiration)

spring:session:expirations:1420656360000 -> []
spring:session:session:1 -> <session>
spring:session:expirations:1420656480000 -> [1]

* Thread 1 adds Session 1 to 1420656420000

spring:session:expirations:1420656360000 -> []
spring:session:session:1 -> <session>
spring:session:expirations:1420656480000 -> [1]
spring:session:expirations:1420656420000 -> [1]

Now the session is mapped to be forcibly deleted in two locations.
However, at most it will be cleaned up in one location. This means that the
session will be forcibly deleted even if the session is continued to be
used.

Fixing the Issue:

Instead of deleting the session, we should have the background task access
the key which will only forcibly delete the key if it is expired. This mean
s that a session could at earliest be deleted when the value in the
datastore indicates.

This still means that a session can be deleted too soon since the
incorrect TTL may be set on a key. However, at worst this is the the
longest HTTP request length. Short of using distributed locking there
isn't a good answer to get exact consistency.

Fixes gh-93
2015-01-07 14:39:10 -06:00
Rob Winch
1e56874338 RedisOperationsSessionRepository doesn't expose ExpirationRedisOperations
Fixes gh-91
2015-01-05 14:50:05 -06:00
Rob Winch
f4b87b7ae7 Include Time Unit for ExpiringSession maxinactiveInterval
Fixes gh-82
2015-01-05 14:10:04 -06:00
Rob Winch
64a0312bf7 Start Documentation
Issue gh-41
2014-12-23 17:26:27 -06:00
Rob Winch
ddff1f4c0d Ensure values of _s are encoded
Fixes gh-80
2014-12-23 16:39:18 -06:00
Rob Winch
7f9b5c0515 Ensure Redis Configured to Send Keyspace Notifications
Previously there was a possibility that Session to WebSocket mapping was
leaked if keyspace notifications were not enabled in Redis.

To resolve this the RedisHttpSessionConfiguration now ensures that Redis
is configured to enable Keyspace notifications.

Fixes gh-76 gh-81
2014-12-23 16:38:42 -06:00
Rob Winch
b3130edd98 Remove @Override from Interfaces
This is necessary to ensure the code compiles in Eclipse.

Fixes gh-83
2014-12-22 16:37:53 -06:00
Rob Winch
0b403c3313 WebSocketRegistryListener handles null Session in SessionDisconnectEvent
Fixes gh-77
2014-12-12 15:26:07 -06:00
Rob Winch
977d1f474b Add Default Expiration Option to MapSessionRepository
Fixes gh-73
2014-12-11 21:00:03 -06:00
Rob Winch
9834e91c6d Make JDK 1.5 compatible
Fixes gh-71
2014-11-26 08:49:58 -06:00
Rob Winch
d015f4c25a Added Hazelcast Sample
Fixes gh-63
2014-11-17 16:53:05 -06:00
Rob Winch
495d19982d Update CookieHttpSessionStrategy default parameter from u to _s
This both provides two things:
- more meaningful parameter name  since it relates to session
- less likely to have a collission due to the _ prefix

gh-49
2014-11-17 13:26:47 -06:00
Rob Winch
a0805e8411 Add support for multiple sessions in a browser
Fixes gh-49
2014-11-16 22:13:27 -06:00
Rob Winch
9df0594573 Polish RedisOperationsSessionRepository ConnectionFactory Constructor
Add test and remove unnecessary comment.

Relates to gh-61
2014-11-14 21:12:41 -06:00
Rob Winch
25804f1725 Add WebSocket Support
Fixes gh-35
2014-11-12 21:13:23 -06:00
Rob Winch
04fcc393fd MapSessionRepository handles expried sessions
Fixes gh-31
2014-11-12 17:37:37 -06:00
Rob Winch
46173f6486 Add SessionDestroyedEvent
Add support for SessionDestroyedEvent so that applications can detect
when a Spring Session has expired or explicitly deleted. This will
ensure that we can cleanup resources (i.e. WebSockets) can be cleaned up
when a Session ends.

Fixes gh-60
2014-11-12 17:37:30 -06:00
Rob Winch
6430e43f0e Add Support for background task cleanup of RedisSession
Redis key expiration has no guarantees of when the expired key is
actually removed. In some instances, it is necessary to clean up resources
as soon as the sessione expires. For example, when an HTTP Session expires
we must ensure that the associated Web Socket sessions are closed.

Sessions are now mapped to their expiration times and a background task
is used to clean up the sessions as they expire.

Fixes gh-59
2014-11-12 17:30:50 -06:00
Rob Winch
dbc7018a11 Add ExpiringSession.isExpired
Fixes gh-58
2014-11-12 17:29:09 -06:00
Rob Winch
9cb5c75b4e MapSessionTests tabs -> spaces 2014-11-12 17:27:39 -06:00
Rob Winch
1ad47fc7b1 Disable onCommit after first commit
At times OnCommittedResponseWrapper#onResponseCommitted() can be invoked
multiple times. For example, when flush is performed multiple times. This
means that the session can be written multiple times which is inefficient.
Instead, we should only save on the first update.

Fixes gh-57
2014-11-12 17:26:43 -06:00
Rob Winch
6130a10d14 Remove Compiler Warnings
* Fixes Generics
* Remove unused imports
* Ignore serialize warnings in tests

Fixes gh-40
2014-09-29 22:00:46 -05:00
Rob Winch
a4e003ebf1 HeaderSessionStrategy uses response.setHeader
Previously multiple headers might be outputed. This ensures that only a
single header is sent back with the session id.

Fixes #32
2014-08-01 15:24:50 -05:00
Rob Winch
2732a183f3 OnCommitedResponseWrapper commits when buffer exceeded
Fixes #26
2014-08-01 15:24:50 -05:00
Rob Winch
0d217c680a OnCommittedResponseWrapper triggers commit when content length is reached
Fixes #26
2014-07-31 16:01:18 -05:00
Rob Winch
903017285b Create ExpiringSession which extends Session
This provides a better separation for consumers of the API. Most users are
likely not interested in checking to see if a session is expired so they
can focus on the Session API.

Fixes #28
2014-07-30 12:10:56 -05:00
Rob Winch
f1fa380bdd Move session.web to session.web.http
Fixes #18
2014-07-30 12:10:56 -05:00
Rob Winch
699bdf94a0 Remove Sesion.setLastAccessedTime
Fixes #16
2014-07-30 12:10:56 -05:00
Rob Winch
f03dd6f168 Improve test coverage 2014-07-08 13:25:09 -05:00
Rob Winch
1acbca062a Move src to separate project to support sample 2014-07-01 17:28:50 -05:00