Closed jxblum closed 3 years ago
Users (customers) can workaround this issue by doing the following in their Spring configuration:
package example.app.config;
import org.springframework.session.web.http.CookieHttpSessionIdResolver;
import org.springframework.session.web.http.CookieSerializer;
import org.springframework.session.web.http.HttpSessionIdResolver;
import example.app.spring.session.web.http.CustomCookieSerializer;
@EnableGemFireHttpSssion
class SpringSessionApplicationConfiguration {
@Bean
CookieSerializer customCookieSerializer() {
return new CustomCookieSerializer();
}
@Bean
HttpSessionIdResolver cookieHttpSessionIdResolver(CookieSerializer cookieSerializer) {
CookieHttpSessionIdResolver httpSessionIdResolver = new CookieHttpSessionIdResolver();
httpSessionIdResolver.setCookieSerializer(cookieSerializer);
return httpSessionIdResolver;
}
}
NOTE: The
package
location and location/name of theCustomCookieSerializer
are hypothetical. The use of the Spring Session coreCookieHttpSessionIdResolver
is not!
We can take advantage of the fact that the HttpSessionIdResolver
is configured on the Spring Session SessionRepositoryFilter
bean method (see here).
By default, Spring Session (core) uses the CookieHttpSessionIdResolver
(see here then here).
NOTE: The
CookieHttpSessionIdResolver
(or some derivation/implementation) would be required to apply a "custom"CookieSerializer
at any rate.
This in effect allows users/customers to apply a "custom" CookieSerializer
until this bug is resolved.
The following test illustrates that this workaround/approach works!
Rather than override the SpringHttpSessionConfiguration
, @PostConstruct
annotated init()
method and call super.init()
in SSDG's overridden GemFireHttpSessionConfiguration.init()
method, I am simply going to rename SSDG's init
method to initGemFire
, which resolves the issue.
We will be back porting this fix to SSDG 2.2.x
, 2.3.x
and 2.4.x
.
Note, master
is currently set to 2.5.x
.
Note, 2.1.x
and earlier are no longer supported (EOL).
After SSDG 2.2.x
, 2.3.x
and 2.4.x
bits are released and available, new releases of SBDG 1.2.x
, 1.3.x
and 1.4.x
will pick up these new SSDG bits, respectively.
Fixed in all supported branches: SSDG 2.2.x
(2.2.7.RELEASE
), 2.3.x
(2.3.3.RELEASE
) and 2.4.x
(2.4.1
) along with master
for the upcoming 2.5.0.M1
release (TBD).
Currently, SSDG overrides the
@PostConstruct
annotated,SpringHttpSessionConfiguration.init()
method in theGemFireHttpSessionConfiguration
class (here) by extension.However, the overridden
@PostConstruct
annotatedinit()
method in the SSDGGemFireHttpSessionConfiguration
class does not appropriately call thesuper.init()
method in the Spring Session coreSpringHttpSessionConfiguration
base class, leaving (for example) the custom configuration of a Spring Session coreCookieSerializer
unrealized. Therefore, the configuredCookieSerializer
always defaults to theDefaultCookieSerializer
being registered on the configuredHttpSessionIdResolver
.This is a bug!