New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow the CookieHttpSessionStrategy to be extended and overridden #243
Comments
+1 for this. I created a workaround for the OPs problem (see below), but the ability to extend the CookieHttpSessionStrategy would be nice.
|
+1 for this. |
Thanks for the great request! I'm trying to aggregate all the feature requests for cookies, so we can solve this problem more holistically. Therefore, I'm closing this in favor of #299 which takes this feature into account. |
This is now resolved via #299 See http://docs.spring.io/spring-session/docs/current-SNAPSHOT/reference/html5/guides/custom-cookie.html for details. |
I don't think the resolution in #299 actually resolves this request. Your solution just added the ability to customize the Cookie implementation details. That is a valuable improvement, but it doesn't resolve the issue I'm trying to get to in this ticket. If you look at the solution from @brothhaar, the goal was not to change how the Cookie itself was changed, but to implement a more complicated strategy that utilizes a cookie AND a header. Since the class was marked I still think this issue is valid and should be re-opened. |
@zampettim Thank you for your feedback. You are right that #299 does not address this issue. Thank you for pointing that out. However, I'm wondering what advantage you gain by removing final from the class vs creating a wrapper class? In general, it is preferable to use composition over inheritance. Furthermore, by marking the class as final, it provides the framework the ability to make passive changes that might not otherwise be possible. |
+1 to removing the final keyword. For my single-page AJAX-y webapp, I'd like to have the multiple-sessions-with-aliases behaviour of the CookieHttpSessionStrategy, but override how it gets the alias name (from a header rather than a request parameter). Using inheritance, I could just override the getCurrentSessionAlias() method and I'm done. I can't see a way to do it by composition at all. |
@rwinch I agree that using composition over inheritance might be a good practice in many cases, but as pointed out by @RobRendell, it cannot solve all cases. I guess what I'm ultimately advocating is opening up the implementation to allow for a wider range of customization options. Keeping the The other alternative would be to provide more extension points, like was done for the Cookie work you did in #299. It just seems like a lot of extra work to go down that path right now. I can appreciate that concern about possibly having issues in the future if people extend the class, but even in the case of composition, that danger exists. For those of us that need to extend the behavior, we are signing up for that maintenance no matter which path we take. |
I am having the same problem, want to extend CookieHttpSessionStrategy but I cant but its final. Please make the class not final. |
If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed. |
What "requested information" is required? The question that rwinch asked on Nov 13, 2015, for examples of use-cases where composition is insufficient? I gave an example 5 days later. |
As you mentioned @RobRendell, this is an older issue and we want to make sure it is still valid. I saw you mentioned multiple sessions for a single user as a use case, however that support has since been removed, as part of the integration with the Servlet APIs that was done in #906. For anyone wondering how to use composition instead of inheritance, here is an example that delegates to both public class CustomCookieAndHeaderHttpSessionIdResolver implements HttpSessionIdResolver {
CookieHttpSessionIdResolver cookieHttpSessionIdResolver = new CookieHttpSessionIdResolver();
HeaderHttpSessionIdResolver headerHttpSessionIdResolver = HeaderHttpSessionIdResolver.xAuthToken();
@Override
public List<String> resolveSessionIds(HttpServletRequest request) {
List<String> combinedSessionIds = new ArrayList<>();
combinedSessionIds.addAll(this.cookieHttpSessionIdResolver.resolveSessionIds(request));
combinedSessionIds.addAll(this.headerHttpSessionIdResolver.resolveSessionIds(request));
return combinedSessionIds;
}
@Override
public void setSessionId(HttpServletRequest request, HttpServletResponse response, String sessionId) {
this.cookieHttpSessionIdResolver.setSessionId(request, response, sessionId);
}
@Override
public void expireSession(HttpServletRequest request, HttpServletResponse response) {
this.cookieHttpSessionIdResolver.expireSession(request, response);
}
} To reiterate, If you cannot use composition in your use case, please let us know. |
Well, I'm not longer working for that company, or with Java for that matter, so I don't recall the exact details. I can't really comment on whether I could have used composition with the latest version of Spring to solve my use-case back in 2015. So, it doesn't affect me if this issue is closed without action. |
If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed. |
Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue. |
The CookieHttpSessionStrategy implementation is marked as
final
and thus cannot be extended. So I'm forced to either cut and paste or re-implement all of the good work that went into the implementation. I want to extend the implementation with my own code that adds some additional capabilities, like adding the support for the header strategy if the header exists. This is to support things like dual API and Web Client strategy, or even to just add additional logic to how the session information is setup.By removing the
final
keyword, folks can override the implementation to do this. Or provide an alternative method to inject their own logic if desired.The text was updated successfully, but these errors were encountered: