Introduce header-based WebSessionIdResolver [SPR-15917] #20471
Comments
|
Rossen Stoyanchev commented Greg Turnquist, could you provide a little more context on this request? In particular, in a header-based session id resolution strategy, there is no way to implement |
|
Greg Turnquist commented The basis for doing this is to support Spring Session's option to switch between Cookie-based and header-based session management. I guess I didn't read close enough, thinking that the read-only nature of the headers was buried in the MockServerHttpRequest, not realizing that is actually in AbstractServerHttpRequest. Assuming some solution was rendered, why can't clients know the session id? It's covered by WebSessionIdResolver.resolveSessionIds API, where the headers are inspected. |
|
Rossen Stoyanchev commented How does a remote client such as a browser know what session id to send in a header in the first place? In the Cookie strategy, the |
|
Greg Turnquist commented Okay, I should have coded setSessionId to actually put that in the response headers, which I'm attempting to fix this PR. |
|
Greg Turnquist commented I updated the PR so that it focuses on setting response headers. Also verifies that is parses incoming HTTP session headers properly. |
spring-projects-issues
added
type: enhancement
Greg Turnquist opened SPR-15917 and commented
Create a header-based implementation of WebSessionIdResolver.
Affects: 5.0 RC3
Referenced from: pull request #1510, and commits 167ddc7, c98e01a
The text was updated successfully, but these errors were encountered: