sessionRegistry

[jprabawa]

Is there a way to make this work for sessionRegistry? I have confirmed that with the plugin and registering the sessionRegistry bean, I can no longer login. Removing either of the two (either the plugin or the sessionRegistry) solves the issue.

Im following this post to let me get a list of logged in users and then from what Ive read, its also then possible to force particular users to be logged out.

http://classpattern.com/spring-security-sessionregistry-on-grails.html#.Vk1FtBArKK4

[benlucchesi]

hi,

pardon my ignorance of the session registry - I haven't used it. I briefly looked at what it does and I suspect that its inspecting the list of stored session and/or intercepting new session creation. Either of these activities is going to be problematic for the cookie session plugin because 1) sessions aren't stored on the server and therefore won't be available to inspect and 2) if the session registry intercepts session creation (which I haven't confirmed whether it does or doesn't) then it will be in conflict with the cookie session plugin which also asserts itself very early in the filter chains.

honestly, I don't think the functionality you're looking for would be very difficult at all to implement even with the use of cookie-session. however, if you're really keen on having that much control over the user's session and having the ability to zap them at your will, I would recommend either not using cookie sessions or adapt the cookie session plugin so that instead of storing the sessions in cookies, store them in a database with some other meta information. that way inspecting sessions, determining who's logged in, for how long, etc is as simple as looking up a database record.

If you need design help on the latter, I can point you in the right direction.

-ben

On Wed, Nov 18, 2015 at 8:26 PM, jprabawa notifications@github.com wrote:

Is there a way to make this work for sessionRegistry? I have confirmed that with the plugin and registering the sessionRegistry bean, I can no longer login. Removing either of the two (either the plugin or the sessionRegistry) solves the issue.

Im following this post to let me get a list of logged in users and then from what Ive read, its also then possible to force particular users to be logged out.

http://classpattern.com/spring-security-sessionregistry-on-grails.html#.Vk1FtBArKK4

— Reply to this email directly or view it on GitHub https://github.com/benlucchesi/grails-cookie-session/issues/64.

[jprabawa]

Thanks for the quick reply Ben! I agree that this would be difficult to make work with cookie session. Hmm...

I was initially using Burt's database session plugin but I couldn't make it work and the plugin hasn't been updated for a very long time: https://grails.org/plugin/database-session

I've also read that it might be possible to configure ehcache to work in distributed mode so that the session information is shared at that level.

I'm not sure if I should rework the cookie session plugin to work with databases, debug Burt's plugin, or work on the ehcache solution.

Any thoughts? As in, should I try adapting the cookie session plugin first?

[benlucchesi]

That's really up to you, but I can scratch together some code that weird the session to a db instead of a cookie today. You can look at it and decide if you want to take out further? Let me know if you want me to.

On Thu, Nov 19, 2015, 3:02 AM jprabawa notifications@github.com wrote:

Thanks for the quick reply Ben! I agree that this would be difficult to make work with cookie session. Hmm...

I was initially using Burt's database session plugin but I couldn't make it work and the plugin hasn't been updated for a very long time: https://grails.org/plugin/database-session

I've also read that it might be possible to configure ehcache to work in distributed mode so that the session information is shared at that level.

I'm not sure if I should rework the cookie session plugin to work with databases, debug Burt's plugin, or work on the ehcache solution.

Any thoughts? As in, should I try adapting the cookie session plugin first?

— Reply to this email directly or view it on GitHub https://github.com/benlucchesi/grails-cookie-session/issues/64#issuecomment-158023583 .

[jprabawa]

Thanks Ben. I don't want to trouble you. Lemme see if I can figure this out on my own. Many thanks again :)

[benlucchesi]

ok, sounds good...

let me offer some thoughts though.

There's an interface in the cookie-session call SessionRepository - you can look at the implementation that's in there to see how it works with cookies, but all you need to do is implement this interface so that it writes to a database.

https://github.com/benlucchesi/grails-cookie-session/blob/release/2.0.18/src/groovy/com/granicus/grails/plugins/cookiesession/SessionRepository.groovy

the implementation that writes to cookies is

https://github.com/benlucchesi/grails-cookie-session/blob/release/2.0.18/src/groovy/com/granicus/grails/plugins/cookiesession/CookieSessionRepository.groovy

The repository is loaded as a bean so all you need to do is add it to the application context and it will get auto-wired in place.

Super easy....

Whats more is that you don't need to split the serialized session like is done in the cookie session repository - just write it out as a big string to a database field.

-ben

On Thu, Nov 19, 2015 at 7:59 AM, jprabawa notifications@github.com wrote:

Closed #64 https://github.com/benlucchesi/grails-cookie-session/issues/64.

— Reply to this email directly or view it on GitHub https://github.com/benlucchesi/grails-cookie-session/issues/64#event-469328119 .

[jprabawa]

Awesome thanks Ben :D