2

I have angular2 app and use Tomcat with spring for getting data. I don't want any page reloads or redirects, all I need is data, so all responses from server have @ResponseBody annotations.

My problem is, that because of this annotation I can not get users session variable. When I log in I create session, store user data in it but can not get it with next call.

@JsonIgnoreProperties(ignoreUnknown = true)
@RequestMapping(method = RequestMethod.POST)
@ResponseBody
public String login(HttpServletRequest REQ, @RequestBody String BODY) throws Exception
{
            ...check if all ok...
                REQ.getSession().setAttribute("user", user);
            ... return user data...
}

Is there any other way I can send my data back to client, together with the data needed, to be able to use session.

Edit: Problem is not on server side but client. Angular is not sending cookie JSESSIONID at cross domain requests by default.

FGHJ
  • 23
  • 5
  • What does "can not get users session variable" mean? Doesn't it compile? Does it crash? Does it return invalid or empty data? What error message if any do you get? – Codo Aug 11 '16 at 21:13
  • This has nothing to do with angular2, so you might want to remove that tag. – Koos Gadellaa Aug 11 '16 at 22:13
  • @Koos Gadellaa I just wanted to write - This has nothing to do with Spring and possibly even Java :) Depends on the point of view I guess. – B.Gen.Jack.O.Neill Aug 11 '16 at 22:20
  • I have removed java and spring, but angular i guess should remain. I guess the whole question should be removed... – FGHJ Aug 12 '16 at 07:16
  • Now you have a question with Java and Spring code with only angular2 tag. Just add those tags back and edit your question with brief explanation of what was wrong (client vs server problem) so when someone else has a similar problem this question can get him in the right direction :). – B.Gen.Jack.O.Neill Aug 12 '16 at 08:50

2 Answers2

2

First check your request/response (for example in Chrome dev tools). Tomcat creates new cookie named JSESSIONID to bind client with server session object, so look for this one in your login method response header. Then make sure you are sending this cookie back to your server in next request. Session creation has nothing to do with Spring or @ResponseBody, its lifetime is managed by container (Tomcat).

Also, if you are making cross domain requests, check this answer.

Community
  • 1
  • 1
B.Gen.Jack.O.Neill
  • 8,169
  • 12
  • 51
  • 79
  • Thank you for answer. I have messed up and searched in wrong place. Problem is with cross domain request (CORS) and angular2. The link pushed me one step further this.http.get('http://...', { withCredentials: true }). Now next requests also have cookie in header. I still have a problem, since cookie is different than the one send from server as set-cookie. This does not happen if the call is not CORS. – FGHJ Aug 12 '16 at 07:08
1

Anything you put on the session context isn't available to clients, it's only available to the server. see this stack overflow post for a good explanation on how servlets work, and specifically the part on how session state works.

As you can see, it works by adding a session-cookie to the response which contains a session-Id. The server stores the session state under that id in memory, and when a future request comes with that session-id, it makes the session state available again to the future request.

If your next requests do not have access to the session state, it's quite possible that the session-cookie isn't propagated properly. I suggest you check that first. It should be in the response where you log in, and should be posted in further requests to the server.

Community
  • 1
  • 1
Koos Gadellaa
  • 1,220
  • 7
  • 17