Skip to content

Add more session cookie properties for reactive web servers #26714

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 18 commits into from
Closed

Add more session cookie properties for reactive web servers #26714

wants to merge 18 commits into from

Conversation

weixsun
Copy link
Contributor

@weixsun weixsun commented May 30, 2021
edited
Loading

Add rich session cookie config property for WebFlux

No Session Repository

  • Provide spring.webflux.session.cookie.* properties.

    Provide configuration items to configure cookies instead of programmatically.

  • Provide spring.webflux.session.timeout properties.

    Conveniently set session expiration time.

Integrated spring-session

  • Make the current spring.webflux.session.cookie.same-site configuration items meaningful.

  • spring.webflux.session.cookie.* properties adaptation spring-session

  • spring.webflux.session.timeout and spring.session.timeout are equivalent

    However, spring.session.timeout has a higher priority.

@snicoll snicoll added the for: team-attention An issue we'd like other members of the team to review label May 31, 2021
@snicoll
Copy link
Member

snicoll commented Jun 1, 2021

@weixsun thanks for the PR. I am curious, what lead you to submit this? Are you using this in your own project?

@weixsun
Copy link
Contributor Author

weixsun commented Jun 1, 2021
edited
Loading

@snicoll Thank you for your attention.

what lead you to submit this?

  1. You should have noticed that this pr is closely related to Allow the WebSessionManager's session ID resolver to be customized using a WebSessionIdResolver bean #26437. It is not necessary to set the session separately and repeatedly in the code of each project every time (Of course, if you like, you can also set the session in an encoding way, which is the reason for the existence of Allow the WebSessionManager's session ID resolver to be customized using a WebSessionIdResolver bean #26437)
  2. If you don't integrate spring-session and want to set the session expiration time, it is currently not supported and can only endure the default value of 30m, unless the developer does work similar to this pr.

Are you using this in your own project?

Yes, this pr is derived from the needs of a microservice module in our actual project. This microservice module does not need to integrate spring-session in its architectural design, so when you want to set the session expiration time and cookie-related attributes , That the way of providing configuration is better than the way of encoding.

The advantages of adding these configurations must outweigh the disadvantages. I am not good at words and can only describe the general meaning, but the final result is still determined by experienced spring-boot members.

@wilkinsona wilkinsona removed the for: team-attention An issue we'd like other members of the team to review label Jul 26, 2021
@wilkinsona wilkinsona added this to the 2.6.x milestone Jul 26, 2021
@wilkinsona wilkinsona added the type: enhancement A general enhancement label Jul 26, 2021
@snicoll
Copy link
Member

snicoll commented Aug 16, 2021

I've rebased and squashed all the commits into one so @weixsun please do not push further update for now.

I was looking at the current arrangement where we have server.servlet.session.cookie.* for MVC. This PR adds a number of items that can be honored using webflux under spring.webflux.session.cookie.*, including a spring.webflux.session.timeout that aligns with server.servlet.session.timeout.

Before we start duplicating these properties, I'd like to reach out to the team again and verify this is what we want to do.

@snicoll snicoll added the for: team-meeting An issue we'd like to discuss as a team to make progress label Aug 16, 2021
@snicoll snicoll mentioned this pull request Aug 31, 2021
Closed
@philwebb philwebb added status: on-hold We can't start working on this issue yet and removed for: team-meeting An issue we'd like to discuss as a team to make progress labels Sep 22, 2021
@mbhave mbhave self-assigned this Sep 23, 2021
@philwebb philwebb assigned philwebb and unassigned mbhave Oct 13, 2021
@philwebb philwebb changed the title Add more session cookie config property for WebFlux Add more session cookie properties for reactive web servers Oct 20, 2021
@philwebb philwebb removed the status: on-hold We can't start working on this issue yet label Oct 21, 2021
philwebb pushed a commit that referenced this pull request Oct 21, 2021
@weixsun @philwebb
Add more session properties for reactive web servers
a2a802a 
Expand the session properties supported by reactive web servers to
include `timeout` support and additional `cookie` properties.

See gh-26714
philwebb added a commit that referenced this pull request Oct 21, 2021
@philwebb
Polish 'Add more session properties for reactive web servers'
3c71637 
See gh-26714
philwebb added a commit that referenced this pull request Oct 21, 2021
@philwebb
Relocate and unify reactive cookie properties
b72ff25 
Relocate the recently introduced `spring.webflux.session` properties
to `server.reactive.session` and create a unified `Cookie` properties
class.

Reactive session properties now mirror the existing
`server.servlet.session` properties and better reflect the fact that
they are related to the server and not just for WebFlux.

See gh-26714
@philwebb philwebb closed this in efa0436 Oct 21, 2021
@philwebb
Copy link
Member

philwebb commented Oct 21, 2021
edited by wilkinsona
Loading

Thanks very much for your work on this @weixsun, this is now merged this into main. I've made a made a few refinements, the main one being relocating spring.webflux.session to server.reactive.session. This help align the properties with the servlet versions in server.servlet.session.

Thanks again for driving this!

@philwebb philwebb modified the milestones: 2.6.x, 2.6.0-RC1 Oct 21, 2021
philwebb added a commit that referenced this pull request Oct 21, 2021
@philwebb
Fix ReactiveSessionAutoConfigurationRedisTests
1ad39b5 
See gh-26714
@DidierLoiseau
Copy link

Am I right that the new properties are not documented? I can see that server.reactive.session.timeout is documented but not any of the server.reactive.session.cookie ones.

I could only find a small mention of the new properties in the SB 2.6 Release notes.

@wilkinsona wilkinsona mentioned this pull request Jul 27, 2022
Closed
4 tasks
@wilkinsona
Copy link
Member

You are right, @DidierLoiseau. Thanks for spotting this. I've opened #31896.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@philwebb philwebb

Labels
type: enhancement A general enhancement
Projects
None yet
Milestone
2.6.0-RC1
Development

Successfully merging this pull request may close these issues.
6 participants
@weixsun @snicoll @philwebb @DidierLoiseau @wilkinsona @mbhave