Commit Graph

88 Commits

Author SHA1 Message Date
Rob Winch
690fbc8d3f RedisOperations<String,ExpiringSession> -> RedisOperations<Object,Object>
The RedisOperations manages more than just ExpiringSessions, so we need
to make this more generice.

Fixes gh-259
2015-08-12 16:37:56 -05:00
Rob Winch
3ba07ec0a8 Polish add SessionDeletedEvent & SessionExpiredEvent
* Add @author Mark Anderson for proper credit
* SessionDestroyedEvent no longer abstract to preserve passivity

Issue gh-258
2015-08-12 16:34:35 -05:00
Mark Anderson
7518306975 Add SessionExpiredEvent and SessionDeletedEvent
Fixes gh-258
2015-08-12 16:24:18 -05:00
Rob Winch
f633037d6b Document SessionRepsitoryFilter ordering
Fixes gh-172
2015-07-29 11:22:57 -05:00
Rob Winch
3a17a84434 Re-run Tests against Spring 3
Fixes gh-120
2015-07-29 11:18:51 -05:00
Rob Winch
d5484e15ca CookieHttpSessionStrategy only writes same Session once
If SessionRepositoryRequestWrapper.commitSession() is invoked twice
when a new session is created, then CookieHttpSessionStrategy will
add the same cookie twice. A couple examples of how this could happen:

* The response is committed and
  SessionRepositoryResponseWrapper.onResponseCommitted() invokes
  SessionRepositoryRequestWrapper.commitSession(). Then the finally
  block in SessionRepositoryFilter invokes
  SessionRepositoryRequestWrapper.commitSession() again.
* The new session is initialized and an Exception is thrown (i.e.
  gh-229). The SessionRepositoryFilter invokes
  SessionRepositoryRequestWrapper.commitSession() in the REQUEST
  dispatch. Then in the ERROR dispatch SessionRepositoryFilter invokes
  SessionRepositoryRequestWrapper.commitSession() invokes it again.

This commit ensures if the same Session is passed into
CookieHttpSessionStrategy multiple times within the same HttpServletRequest
it is only written once by keeping track of the sessions on a request
attribute.

Fixes gh-251
2015-07-28 15:01:51 -05:00
Rob Winch
3d93f2cf56 currentSession saved on HttpServletRequest attribute
Previously, if the following happened:

* New Session Created
* Exception thrown
* Exception processed by error handler within Servlet
* Error Handler used a session

The result would be two sessions were created. This means the
data from the first session was also lost. This happend
because ERROR dispatch is a separate Filter invocation where
the request is no longer wrapped.

This commit ensures that currentSession is saved on a
HttpServletRequest attribute so that the ERROR dispatch sees
that a session was already created.

Fixes: gh-229
2015-07-27 17:23:34 -05:00
Rob Winch
8929e85fb1 Fix Tests
These tests passed, but were technically incorrect. The
invalid tests were noticed when fixing gh-229.

Issue: gh-229
2015-07-27 17:11:04 -05:00
Rob Winch
b79913240d HttpServletRequest.changeSessionId() impacts previous references
Previously, if a user had a reference to an existing HttpSession and
changed the session id, it would not work. For example:

HttpSession s = request.getSession();
request.changeSessionId();
s.setAttribute(...);

This commit fixes holding on to a reference of an HttpSession when
the session id is changed.

Fixes gh-227
2015-07-27 15:25:58 -05:00
Rob Winch
4c24384243 Remove generic type from SpringSessionRepositoryFilterTests
If there is a generic type in tests, Eclipse cannot figure out that
it is a test. This makes it difficult to run in the IDE.
2015-07-27 15:13:49 -05:00
Rob Winch
1635ea90ca enableRedisKeyspaceNotificationsInitializer return type InitializingBean
Previously RedisHttpSessionConfiguration
enableRedisKeyspaceNotificationsInitializer return type was a package
protected class. This meant if someone extended
RedisHttpSessionConfiguration they got IllegalAccessErrors.

This changes the return type to InitializingBean.

Fixes gh-109
2015-07-25 08:09:51 -05:00
Rob Winch
9724953b2f Rename local var to enableRedisHttpSessionAnnotation
From enableWebSecurityAnnotation to enableRedisHttpSessionAnnotation.

Fixes gh-194
2015-07-25 07:44:21 -05:00
Rob Winch
1bee69ef15 Add tests for SessionRepositoryFilter set HttpSessionStrategy null
Issue gh-224
2015-07-24 16:53:00 -05:00
james
3b0dd129ba Fix SessionRepository setHttpSessionStrategy Validationi
Fixes gh-224
2015-07-24 16:52:23 -05:00
Geoffrey Tucker
c3c6215a24 Remove EnableRedisKeyspaceNotificationsInitializer.CONFIG_NOTIFY_KEYSPACE_EVENTS
There's a duplicate of this field in
org.springframework.session.data.redis.config.ConfigureNotifyKeyspaceEventsAction which is
what is actually used.

Fixes gh-225
2015-07-24 16:42:05 -05:00
Rob Winch
8eca5ea4c6 Remove Embedded Redis
Fixes gh-248
2015-07-24 15:40:55 -05:00
Rob Winch
23afc1b354 Fix RedisSessionExpirationPolicy to properly cleanup expired sessions
Previously forcibly cleaning up sessions was not working. All the cleanup
was done by Redis expiration. This meant that sessions would be kept alive
until Redis cleaned them up (non deterministic).

This commit resolves the mapping of expiration to session ids.

Fixes gh-169
2015-04-15 15:25:50 -05:00
Rob Winch
f711876347 Add test assert SessionRepository not invoked unless neededwq 2015-04-15 12:45:54 -05:00
Rob Winch
5879d15692 Valid HTTP session no longer invalidated when HttpSession not accessed
Fixes gh-188
2015-04-15 12:33:34 -05:00
Rob Winch
d2e5005fa0 Allow disabling configuration of Redis
Fixes gh-124
2015-04-14 22:34:01 -05:00
Rob Winch
865e381c7c Move Embedded Redis classes to org.springframework.session.redis.embedded
This prevents the embedded redis from being picked up in ComponentScan
in any of the samples unless the @EnableEmebeddedRedis annotation is used.

Polish gh-184
2015-04-14 21:59:19 -05:00
Rob Winch
98cb22c670 Fix broken imports
Issues gh-184
2015-04-09 21:11:19 -05:00
Rob Winch
4a0aa6e608 Add EnableEmbeddedRedis
Fixes gh-184
2015-04-09 17:02:56 -05:00
Rob Winch
4631b57531 Make Servlet 2.5 compatible
Fixes gh-111 gh-182
2015-04-07 22:12:40 -05:00
Rob Winch
9ac570cba7 Update to Spring IO version
- Update Spring Boot 1.2.3.RELEASE
- Update Spring Security 4.0.0.RELEASE
- Update Spring 4.1.6.RELEASE
- Update Groovy 2.3.8
- Update Jackson 2.4.5
- Update Jedis 2.5.2
- Update Spring Data Redis 1.4.2

Fixes gh-126
2015-04-07 16:30:57 -05:00
Rob Winch
3d1cd9fae4 Implement changeSessionId()
Fixes gh-152
2015-04-03 17:07:21 -05:00
Rob Winch
3c72828500 SessionRepositoryFilterTests better setup of next request 2015-04-03 16:11:41 -05:00
Rob Winch
eddb10d52c Make RedisHttpSessionConfiguration more XML friendly
* add setMaxInactiveIntervalInSeconds
* add default value for maxInactiveIntervalInSeconds

Fixes gh-105
2015-04-03 13:00:27 -05:00
Rob Winch
4dedb4d10a Spaces to tabs and license cleanup 2015-04-03 11:13:13 -05:00
Rob Winch
2d8664d841 OnCommittedResponseWrapper tracks getOutputStream().write(byte[]) properly
Fixes gh-171
2015-03-10 00:29:26 -05:00
Dominik Dorn
6347c32f7b fixed javadoc errors 2015-02-23 12:45:41 +01:00
Rob Winch
020fbdaf4f Polish gh-154 2015-02-19 17:06:25 -06:00
Rob Winch
369e98c7ef SessionRepositoryRequestWrapper overrides isRequestedSessionIdValid
Fixes gh-142, gh-153
2015-02-19 16:49:38 -06:00
Dave Syer
29ad238307 Invoke HttpSessionStrategy.onNewSession if session id changed
Fixes gh-154
2015-02-19 16:49:38 -06:00
Rob Winch
d96c8f2ce5 Clarify Redis expirations and cleanup task 2015-01-08 10:29:07 -06:00
Rob Winch
5eb3695967 Fix Javadoc formatting for RedisOperationsSessionRepository 2015-01-07 14:39:26 -06:00
Rob Winch
5847801a32 RedisSessionExpirationPolicy.cleanExpiredSessions does not delete performs get
The Problem:

The background task that cleans up sessions can incorrectly remove a
session due to a race condition.

Assume an existing session with the id "1" exists and will expire at
1420656360000. This means our redis store has the following:

spring:session:expirations:1420656360000 -> [1]
spring:session:session:1 -> <session>
Consider the following sequence:

* Thread 1 requests Session 1 and determines it should be forcibly deleted
up at 1420656420000
* Thread 2 requests Session 2 and determines it should be forcibly deleted
one minute later at 1420656480000
* Thread 2 removes Session 1 from 1420656360000, so it will no longer be
forcibly deleted at that time

spring:session:expirations:1420656360000 -> []
spring:session:session:1 -> <session>

* Thread 2 adds Session 1 to 1420656480000

spring:session:expirations:1420656360000 -> []
spring:session:session:1 -> <session>
spring:session:expirations:1420656480000 -> [1]

* Thread 1 removes Session 1 (which was already removed) from 1420656360000 (the original expiration)

spring:session:expirations:1420656360000 -> []
spring:session:session:1 -> <session>
spring:session:expirations:1420656480000 -> [1]

* Thread 1 adds Session 1 to 1420656420000

spring:session:expirations:1420656360000 -> []
spring:session:session:1 -> <session>
spring:session:expirations:1420656480000 -> [1]
spring:session:expirations:1420656420000 -> [1]

Now the session is mapped to be forcibly deleted in two locations.
However, at most it will be cleaned up in one location. This means that the
session will be forcibly deleted even if the session is continued to be
used.

Fixing the Issue:

Instead of deleting the session, we should have the background task access
the key which will only forcibly delete the key if it is expired. This mean
s that a session could at earliest be deleted when the value in the
datastore indicates.

This still means that a session can be deleted too soon since the
incorrect TTL may be set on a key. However, at worst this is the the
longest HTTP request length. Short of using distributed locking there
isn't a good answer to get exact consistency.

Fixes gh-93
2015-01-07 14:39:10 -06:00
Rob Winch
9b168423b8 Remove unnecessary @Override 2015-01-07 14:33:53 -06:00
Rob Winch
6904678382 Remove default port from iTests 2015-01-07 10:50:43 -06:00
Rob Winch
0f09d5e000 Polish EnableRedisHttpSessionExpireSessionDestroyedTests 2015-01-07 10:28:04 -06:00
Rob Winch
1e56874338 RedisOperationsSessionRepository doesn't expose ExpirationRedisOperations
Fixes gh-91
2015-01-05 14:50:05 -06:00
Rob Winch
f4b87b7ae7 Include Time Unit for ExpiringSession maxinactiveInterval
Fixes gh-82
2015-01-05 14:10:04 -06:00
Rob Winch
64a0312bf7 Start Documentation
Issue gh-41
2014-12-23 17:26:27 -06:00
Rob Winch
ddff1f4c0d Ensure values of _s are encoded
Fixes gh-80
2014-12-23 16:39:18 -06:00
Rob Winch
7f9b5c0515 Ensure Redis Configured to Send Keyspace Notifications
Previously there was a possibility that Session to WebSocket mapping was
leaked if keyspace notifications were not enabled in Redis.

To resolve this the RedisHttpSessionConfiguration now ensures that Redis
is configured to enable Keyspace notifications.

Fixes gh-76 gh-81
2014-12-23 16:38:42 -06:00
Rob Winch
b3130edd98 Remove @Override from Interfaces
This is necessary to ensure the code compiles in Eclipse.

Fixes gh-83
2014-12-22 16:37:53 -06:00
Christopher Smith
873f4bacd6 Fix Javadoc for JDK8
Fixes gh-84
2014-12-22 16:37:33 -06:00
Rob Winch
0b403c3313 WebSocketRegistryListener handles null Session in SessionDisconnectEvent
Fixes gh-77
2014-12-12 15:26:07 -06:00
Rob Winch
977d1f474b Add Default Expiration Option to MapSessionRepository
Fixes gh-73
2014-12-11 21:00:03 -06:00
Rob Winch
62ce30fb38 Remove @Override from interface method implementations
Issues: gh-71
2014-12-11 11:07:40 -06:00