Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support application specific prefix #166

Closed
cscheffel opened this issue Feb 26, 2015 · 0 comments
Closed

Support application specific prefix #166

cscheffel opened this issue Feb 26, 2015 · 0 comments
Assignees
@rwinch
Milestone
1.1.0 M1

Comments

@cscheffel
Copy link

Session keys are stored as cookies in the browser and within a backend store like redis to hold the concrete session data.

Problem description

Using spring session in a "normal" production environment seperate the sessions within the cookies by hostname and/or (tomcat)-context, so no session data is merged within the backend.

This is especially important, if the session contains serialized binary data (i.e. instances of classes), because the deserialization may throw a ClassNotFoundException if a second app using the same session key may not know the serialized class.

However, on a developer machine, it is "normal", that serveral apps are started on the same host (i.e. localhost) using different ports but the same root context. This is even more true when using spring-boot, because it is easy to start serveral webapps up by mvn spring-boot:run so that they run on localhost with different ports.

This results in merging the sessions because all cookies will be registered on host "localhost" with contextPath "/".

Requirement

It would be helpful, if it is possible to configure application specific session keys to avoid session merging.
Of course, this could be done by using the session selector parameter (__s=key), but this is not process safe because the developer hat to do this by hand.

Possible solution alternatives

There are serveral ways to implement this feature:

  • Use a fixed session selector per app. The current implementation uses the last one found if no selector is given. Fixing this to a static selector may separate the sessions
  • Make the session key configurable in the Session class. This could be done by a key-prefix/suffix
  • Make session serialization configurable by a prefix/suffix.
@cscheffel cscheffel mentioned this issue Feb 26, 2015
Closed
@rwinch rwinch mentioned this issue Jul 13, 2015
Closed
@rwinch rwinch changed the title Allow to configure application specific session keys Support application specific prefix Aug 17, 2015
@rwinch rwinch added this to the 1.1.0 M1 milestone Aug 17, 2015
@rwinch rwinch self-assigned this Aug 17, 2015
rwinch pushed a commit that referenced this issue Aug 17, 2015
Refactor tests
6234dd5 
Prepare the tests for supporting an application prefix to ensure
there are no regressions.

Issue gh-166
@rwinch rwinch closed this as completed in db45698 Aug 17, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rwinch rwinch

Labels
None yet
Projects
None yet
Milestone
1.1.0 M1
Development

No branches or pull requests
2 participants
@rwinch @cscheffel