spring-session自定义cookie中的sessionId名称(基于springboot)

为何要修改sessionId名称

如果多个应用系统,访问使用同一个域名或IP,不同端口时,在同一个浏览器登陆这些系统系统,它们之间会出现用户会话会出现覆盖问题,即登录到其中一个应用系统,其他应用系统出现重新登陆现象;

具体操作

经过分析SpringHttpSessionConfiguration的源码(这里不带大家对源码进行分析了),可归纳出以下两种方式可修改sessionId名称

1、定义相关的Bean,SpringHttpSessionConfiguration会自动将这些Bean注入到自身的配置中;

 

@Configuration
public class SpringSessionBeanConfiguration {

    @Value("${spring.session.cookieName:'JSESSIONID'}")
    private String cookieName;



    //Cookie配置
    @Bean
    public CookieSerializer cookieSerializer(){
        DefaultCookieSerializer cookieSerializer = new DefaultCookieSerializer();
        cookieSerializer.setCookieName(cookieName);//sessionId名称
        return  cookieSerializer;
    }

    //HttpSessionId配置
    @Bean
    public HttpSessionIdResolver httpSessionIdResolver(){
        CookieHttpSessionIdResolver cookieHttpSessionIdResolver = new CookieHttpSessionIdResolver();
        cookieHttpSessionIdResolver.setCookieSerializer(cookieSerializer());
        return cookieHttpSessionIdResolver;
    }
}

2、自定义配置类并继承SpringHttpSessionConfiguration,然后直接对配置类中的属性进行修改,由于这里我用的是redis存储session,此时我直接继承RedisHttpSessionConfiguration(SpringHttpSessionConfiguration的子类)

@Configuration
public class RedisSessionConfiguration extends RedisHttpSessionConfiguration  {

    @Value("${spring.session.cookieName:'JSESSIONID'}")
    private String cookieName;


    @PostConstruct
    @Override
    public void init() {
        DefaultCookieSerializer cookieSerializer = new DefaultCookieSerializer();
        cookieSerializer.setCookieName(cookieName);//sessionId名称
        CookieHttpSessionIdResolver cookieHttpSessionIdResolver = new CookieHttpSessionIdResolver();
        cookieHttpSessionIdResolver.setCookieSerializer(cookieSerializer);
        super.setHttpSessionIdResolver(cookieHttpSessionIdResolver);
        super.setCookieSerializer(cookieSerializer);
    }
}

这里面我遇到有一个坑,要在这个地方特别说明下:在第二种方案中的配置类中,如果在该配置类中定义@Bean,则在@Bean的方法体中无法获取application.yml(properties)中的属性值,具体样例代码如下:



@Configuration
public class RedisSessionConfiguration extends RedisHttpSessionConfiguration  {

    @Value("${spring.session.cookieName:'JSESSIONID'}")
    private String cookieName;


    //Cookie配置
    @Bean
    public CookieSerializer cookieSerializer(){
        DefaultCookieSerializer cookieSerializer = new DefaultCookieSerializer();
        //此处无法获取到通过@Value注入的cookieName的值
        cookieSerializer.setCookieName(cookieName);//sessionId名称
        return  cookieSerializer;
    }

    //HttpSessionId配置
    @Bean
    public HttpSessionIdResolver httpSessionIdResolver(){
        CookieHttpSessionIdResolver cookieHttpSessionIdResolver = new CookieHttpSessionIdResolver();
        cookieHttpSessionIdResolver.setCookieSerializer(cookieSerializer());
        return cookieHttpSessionIdResolver;
    }


    @PostConstruct
    @Override
    public void init() {
        DefaultCookieSerializer cookieSerializer = new DefaultCookieSerializer();
        //此处可以获取到cookieName的值
        cookieSerializer.setCookieName(cookieName);//sessionId名称
        CookieHttpSessionIdResolver cookieHttpSessionIdResolver = new CookieHttpSessionIdResolver();
        cookieHttpSessionIdResolver.setCookieSerializer(cookieSerializer);
        super.setHttpSessionIdResolver(cookieHttpSessionIdResolver);
        super.setCookieSerializer(cookieSerializer);
    }
}

 

  • 2
    点赞
  • 16
    收藏
    觉得还不错? 一键收藏
  • 4
    评论
在使用spring-session-data-redis时,可以自定义sessionId生成策略。默认情况下,sessionId是使用java.util.UUID生成的随机字符串。要自定义sessionId,需要创建一个实现了`org.springframework.session.web.http.SessionIdResolver`接口的类,并将其配置为Spring Session的bean。 例如,可以创建一个自定义sessionId生成器,该生成器在每个会话使用客户端提供的自定义标头作为sessionId。该实现类可以如下所示: ```java import javax.servlet.http.HttpServletRequest; import org.springframework.session.web.http.HttpSessionIdResolver; public class CustomSessionIdResolver implements HttpSessionIdResolver { private static final String HEADER_NAME = "Custom-Session-Id"; @Override public List<String> resolveSessionIds(HttpServletRequest request) { String sessionId = request.getHeader(HEADER_NAME); if (sessionId != null) { return Collections.singletonList(sessionId); } else { return Collections.emptyList(); } } @Override public void setSessionId(HttpServletRequest request, HttpServletResponse response, String sessionId) { response.setHeader(HEADER_NAME, sessionId); } @Override public void expireSession(HttpServletRequest request, HttpServletResponse response) { response.setHeader(HEADER_NAME, ""); } } ``` 然后,可以在Spring配置将`CustomSessionIdResolver`类注册为Spring Session的bean,例如: ```java @Configuration @EnableRedisHttpSession public class RedisHttpSessionConfig { @Bean public HttpSessionIdResolver httpSessionIdResolver() { return new CustomSessionIdResolver(); } } ``` 这样,每次请求到来时,Spring Session就会使用自定义sessionId解析器生成或者获取sessionId
评论 4
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值