为何要修改sessionId名称
如果多个应用系统,访问使用同一个域名或IP,不同端口时,在同一个浏览器登陆这些系统系统,它们之间会出现用户会话会出现覆盖问题,即登录到其中一个应用系统,其他应用系统出现重新登陆现象;
具体操作
经过分析SpringHttpSessionConfiguration的源码(这里不带大家对源码进行分析了),可归纳出以下两种方式可修改sessionId名称
1、定义相关的Bean,SpringHttpSessionConfiguration会自动将这些Bean注入到自身的配置中;
@Configuration
public class SpringSessionBeanConfiguration {
@Value("${spring.session.cookieName:'JSESSIONID'}")
private String cookieName;
//Cookie配置
@Bean
public CookieSerializer cookieSerializer(){
DefaultCookieSerializer cookieSerializer = new DefaultCookieSerializer();
cookieSerializer.setCookieName(cookieName);//sessionId名称
return cookieSerializer;
}
//HttpSessionId配置
@Bean
public HttpSessionIdResolver httpSessionIdResolver(){
CookieHttpSessionIdResolver cookieHttpSessionIdResolver = new CookieHttpSessionIdResolver();
cookieHttpSessionIdResolver.setCookieSerializer(cookieSerializer());
return cookieHttpSessionIdResolver;
}
}
2、自定义配置类并继承SpringHttpSessionConfiguration,然后直接对配置类中的属性进行修改,由于这里我用的是redis存储session,此时我直接继承RedisHttpSessionConfiguration(SpringHttpSessionConfiguration的子类)
@Configuration
public class RedisSessionConfiguration extends RedisHttpSessionConfiguration {
@Value("${spring.session.cookieName:'JSESSIONID'}")
private String cookieName;
@PostConstruct
@Override
public void init() {
DefaultCookieSerializer cookieSerializer = new DefaultCookieSerializer();
cookieSerializer.setCookieName(cookieName);//sessionId名称
CookieHttpSessionIdResolver cookieHttpSessionIdResolver = new CookieHttpSessionIdResolver();
cookieHttpSessionIdResolver.setCookieSerializer(cookieSerializer);
super.setHttpSessionIdResolver(cookieHttpSessionIdResolver);
super.setCookieSerializer(cookieSerializer);
}
}
这里面我遇到有一个坑,要在这个地方特别说明下:在第二种方案中的配置类中,如果在该配置类中定义@Bean,则在@Bean的方法体中无法获取application.yml(properties)中的属性值,具体样例代码如下:
@Configuration
public class RedisSessionConfiguration extends RedisHttpSessionConfiguration {
@Value("${spring.session.cookieName:'JSESSIONID'}")
private String cookieName;
//Cookie配置
@Bean
public CookieSerializer cookieSerializer(){
DefaultCookieSerializer cookieSerializer = new DefaultCookieSerializer();
//此处无法获取到通过@Value注入的cookieName的值
cookieSerializer.setCookieName(cookieName);//sessionId名称
return cookieSerializer;
}
//HttpSessionId配置
@Bean
public HttpSessionIdResolver httpSessionIdResolver(){
CookieHttpSessionIdResolver cookieHttpSessionIdResolver = new CookieHttpSessionIdResolver();
cookieHttpSessionIdResolver.setCookieSerializer(cookieSerializer());
return cookieHttpSessionIdResolver;
}
@PostConstruct
@Override
public void init() {
DefaultCookieSerializer cookieSerializer = new DefaultCookieSerializer();
//此处可以获取到cookieName的值
cookieSerializer.setCookieName(cookieName);//sessionId名称
CookieHttpSessionIdResolver cookieHttpSessionIdResolver = new CookieHttpSessionIdResolver();
cookieHttpSessionIdResolver.setCookieSerializer(cookieSerializer);
super.setHttpSessionIdResolver(cookieHttpSessionIdResolver);
super.setCookieSerializer(cookieSerializer);
}
}