rstoyanchev
commented
2 years ago Thanks for the request.
WebSessionManager and related components are pluggable, so this would have to be done independent of the actual implementations, i.e. wrapping the WebSessionStore in WebSessionManager and the WebSession that that returns. This would allow intercepting create and retrieve on WebSessionStore, and save and invalidate on WebSession. I'll turn this into a feature request, but an application could do the same in the mean time.
For maxSessions, that's implementation specific but could be tracked by checking for errors from save.
For maxIdleTime, which is also implementation specific, there isn't any good way to detect that. You can get the map of all sessions and for each check if it is expired but that's not ideal. It might require exposing a WebSession callback that notifies when a session is detected to be expired.
TL; DR;
Add support for callbacks for tracking the lifecycle of a WebSession in WebSessionStore.
Foreword
We had a use case to track journey of a WebSession. We wanted to track various aspects of it like when it was created, retrieved, saved, invalidated etc.
Problem
The session expires based on -
We wanted to distinguish the sessions which were removed due to inactivity for 30mins or maxSessions limit reached. Currently there as no such hooks for any of the methods defined in WebSession interface to track the same.