0

Is there a way to handle the restore of sessions from the session store of Spring Session (Redis, MongoDB or anything else)? How I understand such restoration happened every time I restart the application which is using Spring Session with session storage turned on.

I already tried an approach with SessionRegistry from here and it does not work for me How can I have list of all users logged in (via spring security) my web application

I guess HttpSessionListener don't handle the session restore.

Also, I tried another listener but also without success

@Bean
public HttpSessionActivationListener sessionRestoreListener() {
    return new HttpSessionActivationListener() {
        @Override
        public void sessionWillPassivate(HttpSessionEvent se) {
            logger.info("HTTP Session {} passivated", se.getSession().getId());
        }

        @Override
        public void sessionDidActivate(HttpSessionEvent se) {
            logger.info("HTTP Session {} activated", se.getSession().getId());
        }
    };
}

Is that possible at all to handle session restore in Spring Session?

Alexey Usharovski
  • 1,404
  • 13
  • 31
  • That should work out-of-the-box. The session is still managed by Spring Session if the id that comes in is still in the datastore it will be retrieved. Why would you need to do additional work for that. – M. Deinum Jul 03 '19 at 05:33
  • Are you about activation listener? – Alexey Usharovski Jul 03 '19 at 06:03
  • The full sources are here https://github.com/usharik/SpringBootPart2/tree/lesson4-webflow-and-websockets – Alexey Usharovski Jul 03 '19 at 13:55
  • You don't need an activation listener. It should work out-of-the-box. – M. Deinum Jul 04 '19 at 05:43
  • I will try to recheck but form the previous experience I see that all are like you explain but only for sessions of logged in users. Sessions of anonymous users aren't added to SessionRepository after application restart but still exists. – Alexey Usharovski Jul 04 '19 at 18:43
  • How can they exists if they aren't part of the `SessionRepository`? What you say doesn't really make sense. The sessions should be persisted regardless of they are anonymous or not. Spring Session has nothing to do with Spring Security (you can use Spring Session perfectly fine without Spring Security). They only thing I can think of is that you mistakenly only did such a configuration that the session filter is part of the security filter chain and not the normal filter chain (which it should be). – M. Deinum Jul 05 '19 at 08:51
  • 1
    Looks like I found a reason why `HttpSessionActivationListener` is ignored. Only several kinds of Listeners are allowed in Spring-boot applications. https://github.com/spring-projects/spring-boot/blob/master/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/servlet/ServletListenerRegistrationBean.java – Alexey Usharovski Nov 28 '19 at 13:54

0 Answers0