Favor lettuce because of multiplexing and improved scalability.
Using lettuce requires a fixed number of connections hence using
lettuce improves application scalability.
Fixes gh-652
* Upgrade to Spring Data GemFire 1.8.4.RELEASE
* Upgrade to Spring Data MongoDB 1.9.4.RELEASE
* Upgrade to Spring Framework 4.3.3.RELEASE
(Upgrade to Spring Data Redis 1.7.4.RELEASE failed)
Fixes gh-632
This revert is done because Geode is not supported by Spring IO yet.
This reverts commit 1256a94d7e.
# Conflicts:
# gradle.properties
# settings.gradle
This commit improves existing Hazelcast support, which is based on
MapSessionRepository, with dedicated HazelcastSessionRepository
that implements the FindByIndexNameSessionRepository contract.
Also a new hazelcast-spring-session module was added to provide
dependency management for Hazelcast support.
Fixes gh-544
Currently, JdbcOperationsSessionRepository#cleanUpExpiredSessions only considers
the repository defined max inactive interval which causes incorrect cleanup of
sessions that define custom inactive interval. This commit fixes the problem by
delegating calculation of deletion interval to the underlying SQL DELETE statement.
Fixes gh-580
Fix to https://support.pivotal.io/tickets/30469
I do notice 2 bugs in the spring-session code, both inside the
CookieHttpSessionStrategy class.
The first, using their own sample application, after getting a new
session alias from the HttpSessionManager, it calls
HttpSessionManager.encodeURL and then stores the output into a request
attribute which is later rendered. However, in a Spring MVC
application, a Controller may want to issue a redirect to a
newly-encoded URL, like this:
HttpSessionManager sessionManager = (HttpSessionManager)
request.getAttribute(HttpSessionManager.class.getName());
String newSessionAlias = sessionManager.getNewSessionAlias(request);
String currentSessionAlias =
sessionManager.getCurrentSessionAlias(request);
return String.format("redirect:%s",
sessionManager.encodeURL("/effectiveUser", newSessionAlias));
The problem here is that Spring MVC will funnel the redirect back
through
CookieHttpSessionStrategy.MultiSessionHttpServletResponse.encodeRedirect
URL, which then looks up the current alias & re-encodes with that
alias, effectively replacing the new alias which the controller added.
The fix would be for the
CookieHttpSessionStrategy.MultiSessionHttpServletResponse to examine
the inputted url for the appropriate parameter & don't re-encode if it
finds it there.
The second issue is that inside CookieHttpSessionStrategy line 346
(return path + "?" + query;) is that if there is no query string (on
the default session alias) then the resulting URL will end in a ? with
nothing after it. In that situation the ? should be removed as well
because the query string is empty.
This commit addresses the issue with deserializing JDBC sessions in Spring Boot
applications that use DevTools. Previously, such configuration would cause
`ClassCastException` when deserializing JDBC sessions due to app class loader
being used instead of restart class loader.
Fixes gh-610
* Spring Security Concurrent Session Integration #65
add SpringSessionBackedSessionRegistry
* Spring Security Concurrent Session Integration #65
add documentation
* Spring Security Concurrent Session Integration #65
support marking SessionInformations as expired before deleting the Session