Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
HttpSessionHandshakeInterceptor's getSession(request) [SPR-12840] #17438
On the websocket document, it describes about HttpSessionHandshakeInterceptor and I've used it but I didn't get the session's id for the request. So, I've debugged it for a while and I got the reason why I didn't get it.
As you can see, the getSession(false) is used to get the HttpSession from ServletServerHttpRequest, and (as you may know) it returns session object or null if there's no current session. That's why I can't see the session id when I tried to connect websocket without using getSession() before.
I didn't use getSession() explicitly or implicitly. The controller is just serving a static HTML file like this:
In this case, HttpSessionHandshakeInterceptor can't provide the session id, even though I config like this.
It was a little bit long to describe, I just create this issue to know why you made decision to use getSession(false) and I want to suggest how about using getSession() or providing an option that the developers can use it for a flag to decide to use getSession(true) or getSession(false).
And, If you agree with me and If you don't mind, I want to contribute with this issue using pull-request on the Github.
Thanks for reading.
Referenced from: commits 73d6d30
Rossen Stoyanchev commented
I think the assumption is that if you're interested in the HTTP session id the application is likely using the HTTP session but we err on the side of caution and don't cause its creation by default. That said having such a flag makes sense so feel free to submit a PR.
Also I presume that you're using the HTTP session in some way since you're interested in the HTTP session id?
Keesun Baik commented
Thanks for your comment and I can understand what's your intention for the default.
Right, I will use the HTTP session at some time, and I want it to be created at the time when I need it. That said, In some cases, I can use the HttpSessionHandshakeInterceptor before I create the HTTP session, and the other cases, I can use it after creating new HTTP session for signing in , adding some attributes or something. it would be good if I can use the HTTP session id in both cases.
I will submit a PR that adding a flag. Thanks.