Questions tagged [spring-session]
Spring Session provides a common infrastructure for managing user’s session information.
spring-session
751
questions
0
votes
0
answers
22
views
session management in Spring Security 6.3.0 not working [duplicate]
I'm using Spring Boot 3.3.0. I have a custom provider and filter. The very first request from a user contains the credentials with which to authenticate. I can get my provider to successfully ...
- 131
1
vote
1
answer
53
views
Security Context with HttpSessionSecurityContextRepository always returns 403 after successful authentication, Spring Boot 3.3
Im revising and learning Spring Boot. With the 3.3 latest version, there are issues saving the security context in the session.
What I am trying to do is have a regular Server side stateful session ...
- 157
0
votes
0
answers
11
views
GCP Memstore Discovery End Point connectivity
We are using spring session which uses Lettuce connection factory to connect to the GCP redis single instance.
We are planning to move to GCP redis cluster which has Discovery End point (single IP ...
-1
votes
1
answer
63
views
What's the relationship between Keycloak SSO Session Idle Time and Spring Session Timeout?
I am referencing following tutorials to combine Keycloak OAuth2 and Spring Boot+Spring Gateway+Spring Security+Spring Session to save http session in Redis:
https://www.baeldung.com/spring-cloud-...
- 2,441
0
votes
1
answer
38
views
Getting HazelcastSerializationException when starting the spring boot application
Can someone tell me what could be a possible resolution for the below exception ?
2024-06-10 07:00:24,459 WARNING [catalina] [com.hazelcast.spi.impl.proxyservice.ProxyService] [10.6.7.136]:5701 [nev-...
- 89
0
votes
0
answers
19
views
when user login the system,if he hasn't operated a long time,how to logout the system and skip to login page
I want to achieve this function:when user login the system,if he hasn't operated a long time,how to logout the system and skip to login page?
I use a filter class which implements Filter,and when ...
- 11
0
votes
1
answer
57
views
Problem with HttpSession serialization (ClassNotFoundException) after migration to Spring Session 3 and Hazelcast 5
I am trying to migrate from Spring Boot 2.7 application with Hazelcast 4.2 to Spring Boot 3.2 and Hazelcast 5.3, which also includes JCache Hazelcast provider.
In previous version I was using ...
- 31
0
votes
2
answers
55
views
How to configure JdbcIndexedSessionRepository on spring.main.web-application-type=none
We have 2 spring-boot(3.3.0) application
web-application
N instances
each of them are scheduled spring-session(jdbc) cleanup-cron job every minutes (relying to spring.session.jdbc.cleanup-cron)
...
- 1,263
0
votes
0
answers
36
views
Bring JSESSIONID in Tomcat Application and JSESSIONID in Spring Boot together
I am working on bringing two apps together sessionwise.
So the prefered state is one JSESSIONID, which both apps - one is tomcat the other one can understand.
I found that the tomcat-JSESSIONID: ...
- 640
0
votes
0
answers
18
views
Redisson session management for Spring Webflow
So far we have been running our Spring Webflow based WebApps in a Tomcat cluster with sticky sessions. In the future, Tomcat session management will be implemented using Redisson Session Manager and ...
- 71
0
votes
0
answers
107
views
How to get the session ID returned by cookie with spring-session-data-redis
When managing sessions using spring-session-data-redis, I think the session ID is returned in a cookie named SESSION.
(FYI:https://spring.pleiades.io/spring-session/reference/guides/boot-redis.html)
I ...
0
votes
1
answer
194
views
expiredSessionStrategy not getting invoked when spring session expires
I have a HTML form that issues REST API calls to a Spring Boot backend. I'm using Spring Session to handle concurrent logins by the same user. If I use expiredUrl in the below code, I get redirected ...
- 13
0
votes
1
answer
63
views
I cannot change spring session ttl data in redis
@RequestMapping("/loginByEmail")
@GlobalInterceptor(checkParams = true)
public ResponseVO loginByEmail(HttpSession httpSession,
HttpServletRequest request,...
6
votes
0
answers
658
views
How to fix "Session was invalidated" Exception?
I have an endpoint (/logout) that invalidate the session manually by calling HttpSession#invalidate(). Sometimes i got the following exception (Within 1000 request it happens about a dozen times):
...
- 633
0
votes
0
answers
33
views
SpringSession and redis always rename sessionKey in redis
i am using the SpringSecurity,SpringSession and redis
When I logged into three accounts, SpringSession added three pieces of data to Redis
But the previous account was renamed by the later account
i ...
- 1
0
votes
0
answers
20
views
What to do when the storage service is down while using Spring Session?
As is described in the title. If the remote storage service is down, every request ganna throw 500 error. I don't know how to handle such exception nor the way to switch back to memory session storage ...
- 21
0
votes
2
answers
69
views
Spring SessionRepositoryFilter is not applied to forwarded requests
I'm using Hazelcast to store user sessions. Requests pass through the SessionRepositoryFilter, but if there's an error then the request is forwarded to /error. The forwarded request does not pass ...
- 3,761
1
vote
0
answers
42
views
[spring-session]sessionManagement settings don't work
http.sessionManagement(session -> session
.sessionConcurrency(concurrency -> concurrency
.sessionRegistry(sessionRegistry())
....
- 11
1
vote
0
answers
121
views
How to Mock JDBC in Unit Test for Spring Session
I'm working in a Kotlin application that uses Spring Boot, and one of the Controller classes uses Spring Session with JDBC to persist session IDs:
@RestController
@RequestMapping("/health")
...
0
votes
0
answers
53
views
Spring Session - Cookie Based Authentication's sessionToken leads to vulnerability
In my spring application, I have implemented spring security and cookie based authentication using spring session management whith redis server for storing sessions.
In my application after login the ...
0
votes
0
answers
59
views
Using Hazelcast for session management in Spring Non Boot Application
I have one non boot spring application and i want to implement hazelcast-session for that.
PFB the code snippet-
pom.xml
<dependency>
<groupId>org.springframework.security</...
- 25
0
votes
2
answers
499
views
How to make the user sessions not expire in Redis in Spring Boot applicaion
I am new to spring-data-redis. I have integrated it with a spring-boot application. As part of this, I have added a few configs as follows:
spring.session.store-type=redis
spring.session.redis....
- 4,395
0
votes
0
answers
34
views
Keep history of logged in, logged out and expired sessions in spring boot -
I'm working on a Spring Boot project that uses Oauth. I recently used Spring session in my project to configure concurrent session control using JDBC.
Here is my requirement - I need to keep history ...
- 13
0
votes
0
answers
39
views
Max session doesn't work when I set it in Spring Security
I am trying to secure my application with Spring security and spring session but setting max_session as 1 doesn't work.
@Configuration
@EnableWebSecurity
public class SecurityConfig {
private ...
- 1,026
0
votes
1
answer
376
views
Spring security - maximumSessions() - not working
I have a project in Spring boot, with Spring security and spring session. I wanted to persist my session in a database so I specified it in application.properties:
spring.session.store-type=jdbc
I ...
0
votes
1
answer
202
views
Initializing RedisHttpSessionConfiguration with Spring Session Data Redis
I am trying to replace the default JDBC session management in my Spring application with Redis, using Spring Session Data Redis 2.2.2.RELEASE and Jedis 3.10.0 on Java 11.
However, I am getting the ...
- 55
0
votes
0
answers
53
views
Is there a required order for the execution of logout handlers?
Im using Spring Security reactive with Spring Session Redis.
For custom logout handler, I read Spring Security doc.
new DelegatingServerLogoutHandler(
new WebSessionServerLogoutHandler(), new ...
- 11
0
votes
1
answer
98
views
Spring Websession does not encode session id while setting Cookie
HttpSession encode the sessionid(base64) but WebSession not. Is there any way we can encode session id in websession too.
HttpSession has following code which allows us to control encoding while ...
- 3
0
votes
0
answers
25
views
How do I reconnect to a Spring Session running in Spring Boot to given a session ID that was obtained from RequestContextHolder?
RequestContextHolder.currentRequestAttributes().getSessionId()
Provides us a session, but I was wondering how do I reconnect back to that session from a GET request?
- 39.5k
0
votes
1
answer
234
views
How to choose Session Store depending on active Profile in Spring Boot?
In a Spring Boot 3.2 application I want to choose which session store is being used, depending on active profiles.
In older Spring Boot versions there was a property to set:
spring.session.store-type=...
- 998