Commit Graph

65 Commits

Author SHA1 Message Date
Rob Winch
d96c8f2ce5 Clarify Redis expirations and cleanup task 2015-01-08 10:29:07 -06:00
Rob Winch
57c361b878 Fix poms to be Maven Central compliant 2015-01-07 15:35:11 -06:00
Rob Winch
5eb3695967 Fix Javadoc formatting for RedisOperationsSessionRepository 2015-01-07 14:39:26 -06:00
Rob Winch
5847801a32 RedisSessionExpirationPolicy.cleanExpiredSessions does not delete performs get
The Problem:

The background task that cleans up sessions can incorrectly remove a
session due to a race condition.

Assume an existing session with the id "1" exists and will expire at
1420656360000. This means our redis store has the following:

spring:session:expirations:1420656360000 -> [1]
spring:session:session:1 -> <session>
Consider the following sequence:

* Thread 1 requests Session 1 and determines it should be forcibly deleted
up at 1420656420000
* Thread 2 requests Session 2 and determines it should be forcibly deleted
one minute later at 1420656480000
* Thread 2 removes Session 1 from 1420656360000, so it will no longer be
forcibly deleted at that time

spring:session:expirations:1420656360000 -> []
spring:session:session:1 -> <session>

* Thread 2 adds Session 1 to 1420656480000

spring:session:expirations:1420656360000 -> []
spring:session:session:1 -> <session>
spring:session:expirations:1420656480000 -> [1]

* Thread 1 removes Session 1 (which was already removed) from 1420656360000 (the original expiration)

spring:session:expirations:1420656360000 -> []
spring:session:session:1 -> <session>
spring:session:expirations:1420656480000 -> [1]

* Thread 1 adds Session 1 to 1420656420000

spring:session:expirations:1420656360000 -> []
spring:session:session:1 -> <session>
spring:session:expirations:1420656480000 -> [1]
spring:session:expirations:1420656420000 -> [1]

Now the session is mapped to be forcibly deleted in two locations.
However, at most it will be cleaned up in one location. This means that the
session will be forcibly deleted even if the session is continued to be
used.

Fixing the Issue:

Instead of deleting the session, we should have the background task access
the key which will only forcibly delete the key if it is expired. This mean
s that a session could at earliest be deleted when the value in the
datastore indicates.

This still means that a session can be deleted too soon since the
incorrect TTL may be set on a key. However, at worst this is the the
longest HTTP request length. Short of using distributed locking there
isn't a good answer to get exact consistency.

Fixes gh-93
2015-01-07 14:39:10 -06:00
Rob Winch
9b168423b8 Remove unnecessary @Override 2015-01-07 14:33:53 -06:00
Rob Winch
6904678382 Remove default port from iTests 2015-01-07 10:50:43 -06:00
Rob Winch
0f09d5e000 Polish EnableRedisHttpSessionExpireSessionDestroyedTests 2015-01-07 10:28:04 -06:00
Rob Winch
cdf52507c0 Add the Spring IO plugin to spring-session and spring-session-data-redis
Fixes #62
2015-01-05 16:27:24 -06:00
Rob Winch
1e56874338 RedisOperationsSessionRepository doesn't expose ExpirationRedisOperations
Fixes gh-91
2015-01-05 14:50:05 -06:00
Rob Winch
f4b87b7ae7 Include Time Unit for ExpiringSession maxinactiveInterval
Fixes gh-82
2015-01-05 14:10:04 -06:00
Rob Winch
64a0312bf7 Start Documentation
Issue gh-41
2014-12-23 17:26:27 -06:00
Rob Winch
ddff1f4c0d Ensure values of _s are encoded
Fixes gh-80
2014-12-23 16:39:18 -06:00
Rob Winch
7f9b5c0515 Ensure Redis Configured to Send Keyspace Notifications
Previously there was a possibility that Session to WebSocket mapping was
leaked if keyspace notifications were not enabled in Redis.

To resolve this the RedisHttpSessionConfiguration now ensures that Redis
is configured to enable Keyspace notifications.

Fixes gh-76 gh-81
2014-12-23 16:38:42 -06:00
Rob Winch
b3130edd98 Remove @Override from Interfaces
This is necessary to ensure the code compiles in Eclipse.

Fixes gh-83
2014-12-22 16:37:53 -06:00
Christopher Smith
873f4bacd6 Fix Javadoc for JDK8
Fixes gh-84
2014-12-22 16:37:33 -06:00
Rob Winch
900b9174d3 Fix integration tests for JDK8
Update jacoco version.

Fixes gh-86
2014-12-22 16:37:06 -06:00
Rob Winch
0b403c3313 WebSocketRegistryListener handles null Session in SessionDisconnectEvent
Fixes gh-77
2014-12-12 15:26:07 -06:00
Rob Winch
977d1f474b Add Default Expiration Option to MapSessionRepository
Fixes gh-73
2014-12-11 21:00:03 -06:00
Rob Winch
62ce30fb38 Remove @Override from interface method implementations
Issues: gh-71
2014-12-11 11:07:40 -06:00
Rob Winch
604ec4a50d Session.getAttribute returns generic type
This prevents the need to cast the attribute values.

Fixes: gh-64
2014-12-11 11:05:33 -06:00
Rob Winch
9834e91c6d Make JDK 1.5 compatible
Fixes gh-71
2014-11-26 08:49:58 -06:00
Rob Winch
d015f4c25a Added Hazelcast Sample
Fixes gh-63
2014-11-17 16:53:05 -06:00
Rob Winch
f7a35e8da3 Remove dependency on Spring for MapSessionRepository 2014-11-17 14:58:12 -06:00
Rob Winch
495d19982d Update CookieHttpSessionStrategy default parameter from u to _s
This both provides two things:
- more meaningful parameter name  since it relates to session
- less likely to have a collission due to the _ prefix

gh-49
2014-11-17 13:26:47 -06:00
Rob Winch
a0805e8411 Add support for multiple sessions in a browser
Fixes gh-49
2014-11-16 22:13:27 -06:00
Rob Winch
9df0594573 Polish RedisOperationsSessionRepository ConnectionFactory Constructor
Add test and remove unnecessary comment.

Relates to gh-61
2014-11-14 21:12:41 -06:00
Steve Storey
0926df9c54 Force initialization of default values after creation of the default template 2014-11-14 21:10:56 -06:00
Rob Winch
b001580334 Removed path check when reading Cookie
The Cookie path is not passed to the server so there is no point to check
it.

Relates to gh-34
2014-11-12 21:37:02 -06:00
Rob Winch
25804f1725 Add WebSocket Support
Fixes gh-35
2014-11-12 21:13:23 -06:00
Rob Winch
04fcc393fd MapSessionRepository handles expried sessions
Fixes gh-31
2014-11-12 17:37:37 -06:00
Rob Winch
46173f6486 Add SessionDestroyedEvent
Add support for SessionDestroyedEvent so that applications can detect
when a Spring Session has expired or explicitly deleted. This will
ensure that we can cleanup resources (i.e. WebSockets) can be cleaned up
when a Session ends.

Fixes gh-60
2014-11-12 17:37:30 -06:00
Rob Winch
6430e43f0e Add Support for background task cleanup of RedisSession
Redis key expiration has no guarantees of when the expired key is
actually removed. In some instances, it is necessary to clean up resources
as soon as the sessione expires. For example, when an HTTP Session expires
we must ensure that the associated Web Socket sessions are closed.

Sessions are now mapped to their expiration times and a background task
is used to clean up the sessions as they expire.

Fixes gh-59
2014-11-12 17:30:50 -06:00
Rob Winch
dbc7018a11 Add ExpiringSession.isExpired
Fixes gh-58
2014-11-12 17:29:09 -06:00
Rob Winch
9cb5c75b4e MapSessionTests tabs -> spaces 2014-11-12 17:27:39 -06:00
Rob Winch
1ad47fc7b1 Disable onCommit after first commit
At times OnCommittedResponseWrapper#onResponseCommitted() can be invoked
multiple times. For example, when flush is performed multiple times. This
means that the session can be written multiple times which is inefficient.
Instead, we should only save on the first update.

Fixes gh-57
2014-11-12 17:26:43 -06:00
Rob Winch
2a558885ad Polish SessionRepository javadoc
Clarifies that getSession updates expiration, but it must be saved for
the expiration to be persisted.
2014-11-10 13:39:24 -06:00
Rob Winch
87e4dd8a0b Allow configure HttpSessionStrategy 2014-10-27 13:45:32 -05:00
Rob Winch
97f3333194 SessionRepositoryFilter implements Ordered
Support Spring Boot applications by implementing Ordered.
2014-10-27 11:28:37 -05:00
Rob Winch
07ff3088bf Change RedisOperationsSessionRepository.BOUNDED_HASH_KEY_PREFIX
Previously the key contained spring-security-sessions in it since the
project was originally going to be a part of Spring Security.

This commit moves it to spring:session:sessions: to better align with
being part of Spring Session

Fixes #46
2014-10-08 22:01:25 -05:00
Rob Winch
6a22a11187 Allow configure expires for EnableRedisHttpSession 2014-10-01 16:14:40 -05:00
Rob Winch
d026dd6821 Add AbstractHttpSessionApplicationInitializer
This reduces the boilerplate code required to register Spring Session with
the servlet container.

Fixes gh-43
2014-09-30 14:13:26 -05:00
Rob Winch
417174388b Add EnableRedisHttpSession
Fixes gh-42
2014-09-30 13:40:15 -05:00
Rob Winch
750ae663fc Create spring-session-data-redis pom 2014-09-30 10:09:47 -05:00
Rob Winch
0abbba0309 Polish Generics and Update Spring Version
We needed to update Spring Version to avoid
https://jira.spring.io/browse/SPR-11471
2014-09-30 09:07:46 -05:00
Rob Winch
6130a10d14 Remove Compiler Warnings
* Fixes Generics
* Remove unused imports
* Ignore serialize warnings in tests

Fixes gh-40
2014-09-29 22:00:46 -05:00
Rob Winch
876d466563 Remove JDK8 options from Javadoc 2014-09-29 21:04:06 -05:00
Rob Winch
83b902c86b Add ext.javadocLinks 2014-09-29 21:00:31 -05:00
Rob Winch
ee4bd71855 Cleanup Maven Publishing
* Ensure that Maven Source Jars are published
* Ensure that Javadoc is published
* Ensure Maven pom includes required information for central

Fixes gh-36
2014-09-29 20:56:54 -05:00
Rob Winch
a4e003ebf1 HeaderSessionStrategy uses response.setHeader
Previously multiple headers might be outputed. This ensures that only a
single header is sent back with the session id.

Fixes #32
2014-08-01 15:24:50 -05:00
Rob Winch
2732a183f3 OnCommitedResponseWrapper commits when buffer exceeded
Fixes #26
2014-08-01 15:24:50 -05:00