Given the fact that DefaultWebSessionManager allows injecting a WebSessionStore and WebSessionStore allows any implementation of WebSession to be returned, it seems reasonable that DefaultWebSessionManager would work with a SessionStore that returns a different implementation of WebSession. However, this is not the case because it performs a cast to DefaultWebSession.
This makes it difficult for a custom implementation of WebSessionStore to be provided. This is further compounded by the fact that DefaultWebSession is package scope which means reading from an external data store cannot be performed since DefaultWebSession cannot be instantiated. It also means that a custom implementation of WebSession cannot be provided (which Spring Session needs).
Please make DefaultWebSessionManager able to work with any WebSession implementation being returned from WebSessionStore.
DefaultWebSessionManager is what actually creates new WebSession instances currently. Then WebSessionStore simply does persistence which is why DefaultWebSessionManager assumes it will get back what it saved in the first place.
Perhaps what we need is a way to make DefaultWebSessionManager configurable with some sort of factory for creating sessions? Or introduce an abstract base class, or simply a protected method to create new instances?
The casting to a DefaultWebSession by the way was introduced recently in a refactoring to make it completely immutable, so that lastAccessTime and saveSession action (which needs the current exchange) can be passed as constructor args. I suppose that might also be resolved with a factory of some sort.
spring-projects-issues commentedAug 18, 2017
•
edited
Rob Winch opened SPR-15875 and commented
Given the fact that
DefaultWebSessionManager
allows injecting aWebSessionStore
andWebSessionStore
allows any implementation ofWebSession
to be returned, it seems reasonable thatDefaultWebSessionManager
would work with aSessionStore
that returns a different implementation ofWebSession
. However, this is not the case because it performs a cast toDefaultWebSession
.This makes it difficult for a custom implementation of
WebSessionStore
to be provided. This is further compounded by the fact thatDefaultWebSession
is package scope which means reading from an external data store cannot be performed sinceDefaultWebSession
cannot be instantiated. It also means that a custom implementation ofWebSession
cannot be provided (which Spring Session needs).Please make
DefaultWebSessionManager
able to work with anyWebSession
implementation being returned fromWebSessionStore
.Affects: 5.0 RC3
Issue Links:
Referenced from: pull request #1507, and commits 2fc2dab, 8ad14ae, 8691247
The text was updated successfully, but these errors were encountered: