Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

HttpSession remains after server restart

I'm learning Spring. Doing the login/logout functionality. This is what my controller looks like:

@RequestMapping(value="/successfulLoginAuth", method=RequestMethod.GET)
public ModelAndView postHttpLogin(HttpSession session, Authentication authInfo) 
{

ModelAndView mav = new ModelAndView();
mav.setViewName("redirect:/index.html");
session.setAttribute("authInfo", authInfo);

return mav;

}

The log in is performed via Spring Security using a dao service which I have implemented. That works fine.

This is the content of index.jsp:

<% 
    HttpSession session1 = request.getSession(false);
    Authentication authInfo; 
    if( (session1 != null) && 
        ( (authInfo = (Authentication)session1.getAttribute("authInfo")) != null) 
      )
    {

        out.print(" yo " + authInfo.getName() + " " + authInfo.getAuthorities().iterator().next().getAuthority());
    }
    else
    {
%>    
<a href="${pageContext.request.contextPath}/registration">New? Sign Up!</a><br/>

<a href="${pageContext.request.contextPath}/login">Existing? Sign In!</a><br/>
<%} %>

When i log in, and restart the server, I'm still logged in. Shouldn't the session information be lost after a server restart? If i restart the browser, it works as it should (ie the session info is lost).

This is my Spring Security configuration:

<http auto-config="true"  use-expressions="true">
        <intercept-url pattern="/" access="permitAll" />
        <intercept-url pattern="/logout" access="permitAll" />
        <intercept-url pattern="/accessdenied" access="permitAll" />
        <form-login login-page="/login" default-target-url="/successfulLoginAuth" authentication-failure-url="/accessdenied" />
        <logout logout-success-url="/logout" />
    </http>

<authentication-manager>
    <authentication-provider user-service-ref="myUserDetailsService"></authentication-provider>
  </authentication-manager>
like image 701
Chinmay Shah Avatar asked Sep 27 '13 13:09

Chinmay Shah


2 Answers

I'm assuming you are using Tomcat, which uses a Manager component to persist sessions between application life-cycles. You can change all those settings in the Manager component configuration.

I think it also depends on the kind of changes you do. Eclipse's plugin for Tomcat server will decide if it should flush the serialized HttpSessions or not.

like image 151
Sotirios Delimanolis Avatar answered Nov 16 '22 02:11

Sotirios Delimanolis


I am guessing you are using Tomcat,

From the Docs SaveOnRestart property

Should all sessions be persisted and reloaded when Tomcat is shut down and restarted (or when this application is reloaded)? By default, this attribute is set to true.

You can control this by changing the property to false in your context.xml

<Manager pathname="">
      <saveOnRestart>false</saveOnRestart>
</Manager> 
like image 44
Siva Avatar answered Nov 16 '22 00:11

Siva