Package org.springframework.web.server.session

Class InMemoryWebSessionStore

java.lang.Object
org.springframework.web.server.session.InMemoryWebSessionStore
All Implemented Interfaces:
WebSessionStore
public class InMemoryWebSessionStore extends Object implements WebSessionStore
Simple Map-based storage for WebSession instances.
Since:
5.0
Author:
Rossen Stoyanchev, Rob Winch

  • Constructor Details

    • InMemoryWebSessionStore

      public InMemoryWebSessionStore()

  • Method Details

    • setMaxSessions

      public void setMaxSessions(int maxSessions)
      Set the maximum number of sessions that can be stored. Once the limit is reached, any attempt to store an additional session will result in an IllegalStateException.

      By default set to 10000.

      Parameters:
      maxSessions - the maximum number of sessions
      Since:
      5.0.8

    • getMaxSessions

      public int getMaxSessions()
      Return the maximum number of sessions that can be stored.
      Since:
      5.0.8

    • setClock

      public void setClock(Clock clock)
      Configure the Clock to use to set the lastAccessTime on every created session and to calculate if the session has expired.

      This may be useful to align to different time zones or to set the clock back in a test, for example, Clock.offset(clock, Duration.ofMinutes(-31)) in order to simulate session expiration.

      By default this is Clock.system(ZoneId.of("GMT")).

      Parameters:
      clock - the clock to use

    • getClock

      public Clock getClock()
      Return the configured clock for session lastAccessTime calculations.

    • getSessions

      public Map<String,WebSession> getSessions()
      Return an unmodifiable copy of the map of sessions.

      This could be used for management purposes, to list active sessions, to invalidate expired sessions, etc.

      Since:
      5.0.8

    • createWebSession

      public reactor.core.publisher.Mono<WebSession> createWebSession()
      Description copied from interface: WebSessionStore
      Create a new WebSession.

      Note that this does nothing more than create a new instance. The session can later be started explicitly via WebSession.start() or implicitly by adding attributes -- and then persisted via WebSession.save().

      Specified by:
      createWebSession in interface WebSessionStore
      Returns:
      the created session instance

    • retrieveSession

      public reactor.core.publisher.Mono<WebSession> retrieveSession(String id)
      Description copied from interface: WebSessionStore
      Return the WebSession for the given id.

      Note: This method should perform an expiration check, and if it has expired remove the session and return empty. This method should also update the lastAccessTime of retrieved sessions.

      Specified by:
      retrieveSession in interface WebSessionStore
      Parameters:
      id - the session to load
      Returns:
      the session, or an empty Mono

    • removeSession

      public reactor.core.publisher.Mono<Void> removeSession(String id)
      Description copied from interface: WebSessionStore
      Remove the WebSession for the specified id.
      Specified by:
      removeSession in interface WebSessionStore
      Parameters:
      id - the id of the session to remove
      Returns:
      a completion notification (success or error)

    • updateLastAccessTime

      public reactor.core.publisher.Mono<WebSession> updateLastAccessTime(WebSession session)
      Description copied from interface: WebSessionStore
      Update the last accessed timestamp to "now".
      Specified by:
      updateLastAccessTime in interface WebSessionStore
      Parameters:
      session - the session to update
      Returns:
      the session with the updated last access time

    • removeExpiredSessions

      public void removeExpiredSessions()
      Check for expired sessions and remove them.

      Typically such checks are kicked off lazily during calls to createWebSession() or retrieveSession(java.lang.String), no less than 60 seconds apart.

      This method can be called to force a check at a specific time.

      Since:
      5.0.8