Menu
I have a project with Spring Boot 1.3.3 [another stuff] and Redis configurated to manage sessions, i.e., @EnableRedisHttpSession. The application works well and stores the information on Redis regularly. The problem that I'm facing is that, different from what documentation says, whether I define or not a server.session.timeout, the Redis always is using the default value for its annotation attribute (maxInactiveIntervalInSeconds) that is: 1800
Here, the documentation that I followed: http://docs.spring.io/spring-boot/docs/current/reference/html/boot-features-session.html
I've also tried the approach defined by @rwinch here https://github.com/spring-projects/spring-session/issues/110 but also without success.
Updating ......
My configuration file as requested:
#First attempt (server.session.timeout) following the Spring documentation mentioned
server:
session:
timeout: 10
spring:
#session timeout under spring (as mentioned by M Deinum in comment - unfortunately doesnt work)
session:
timeout: 10
redis:
host: 192.168.99.101
port: 6379
Beside that, I've also tried to implement a SessionListener that was in charge of setting the timeout (something like this):
public class SessionListener implements HttpSessionListener {
@Value(value = "${server.session.timeout}")
private int timeout;
@Override
public void sessionCreated(HttpSessionEvent event) {
if(event!=null && event.getSession()!=null){
event.getSession().setMaxInactiveInterval(timeout);
}
}
...
It still didn't result in a correct scenario. I'm really racking my brain :|
Please guys, am I missing some point? Does anyone else have faced it?
Thanks in advance.
352
One way we can implement a request timeout on database calls is to take advantage of Spring's @Transactional annotation. It has a timeout property that we can set. The default value for this property is -1, which is equivalent to not having any timeout at all.
@shinou-1519 The 30 minute timeout is a default value for Spring Boot, but this is not modified by Azure Spring Cloud.
The server. servlet. session. timeout configuration item from the Spring properties file defines the default session timeout interval for all sessions created in this web application. The current configuration specified a session timeout value greater than 30 minutes.
Spring security will perform authentication and authorization based on the given credentials. If the provided details are corrected, Spring security will create authentication object and store it in the security context. A cookie with name “SESSION” is generated and the session id is stored in the cookie.
@EnableRedisHttpSession(maxInactiveIntervalInSeconds = 60)
You can remove EnableRedisHttpSession annotation, instead, set the property:
spring.session.store-type=redis
Both spring.session.timeout and server.servlet.session.timeout will work. Please note spring.session.timeout will override server.servlet.session.timeout per my test.
45
Another solution:
@EnableRedisHttpSession
public class HttpSessionConfig {
@Value("${server.session.timeout}")
private Integer maxInactiveIntervalInMinutes;
@Inject
private RedisOperationsSessionRepository sessionRepository;
@PostConstruct
private void afterPropertiesSet() {
sessionRepository.setDefaultMaxInactiveInterval(maxInactiveIntervalInMinutes * 60);
}
In this way you use the default configuration, and just add your timeout. So you maintain the default HttpSessionListener, and you don't need to use an ApplicationListener to set the time out, just one time, in the application lifecycle.
39
Well, just in case someone is facing the same situation, we have 2 ways to workaround:
I. Implement the following:
@EnableRedisHttpSession
public class Application {
//some other codes here
@Value("${spring.session.timeout}")
private Integer maxInactiveIntervalInSeconds;
@Bean
public RedisOperationsSessionRepository sessionRepository( RedisConnectionFactory factory) {
RedisOperationsSessionRepository sessionRepository = new RedisOperationsSessionRepository(factory);
sessionRepository.setDefaultMaxInactiveInterval(maxInactiveIntervalInSeconds);
return sessionRepository;
}
Unfortunately, I had to implement a listener in order to perform additional actions when a session expires. And, when you define a RedisOperationsSessionRepository, you don't have a HttpSessionListener anymore (instead of it, you have a SessionMessageListener, as described here: http://docs.spring.io/spring-session/docs/current/reference/html5/#api-redisoperationssessionrepository). Because of this question, the 2nd approach was required.
II. To overcome the problem:
@EnableRedisHttpSession
public class Application implements ApplicationListener{
@Value("${spring.session.timeout}")
private Integer maxInactiveIntervalInSeconds;
@Autowired
private RedisOperationsSessionRepository redisOperation;
@Override
public void onApplicationEvent(ApplicationEvent event) {
if (event instanceof ContextRefreshedEvent) {
redisOperation.setDefaultMaxInactiveInterval(maxInactiveIntervalInSeconds);
}
}
...
Assuming that none of them are the desirable out-of-box setup, at least they allow me to continue in my PoC.
36
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With