Sessions (sessions)

The sessions endpoint provides information about the application’s HTTP sessions that are managed by Spring Session.

Retrieving Sessions

To retrieve the sessions, make a GET request to /actuator/sessions, as shown in the following curl-based example:

$ curl 'http://localhost:8080/actuator/sessions?username=alice' -i -X GET

The preceding examples retrieves all of the sessions for the user whose username is alice. The resulting response is similar to the following:

HTTP/1.1 200 OK
Content-Type: application/vnd.spring-boot.actuator.v3+json
Content-Length: 789

{
  "sessions" : [ {
    "id" : "66e720d2-bff3-4b45-98ef-4f766ed4a90b",
    "attributeNames" : [ ],
    "creationTime" : "2024-12-19T09:43:43.884006451Z",
    "lastAccessedTime" : "2024-12-19T11:43:31.884007213Z",
    "maxInactiveInterval" : 1800,
    "expired" : false
  }, {
    "id" : "1469b4fa-f96e-4566-93e3-5a096e5d2bb6",
    "attributeNames" : [ ],
    "creationTime" : "2024-12-18T23:43:43.883127566Z",
    "lastAccessedTime" : "2024-12-19T11:42:58.883133707Z",
    "maxInactiveInterval" : 1800,
    "expired" : false
  }, {
    "id" : "4db5efcc-99cb-4d05-a52c-b49acfbb7ea9",
    "attributeNames" : [ ],
    "creationTime" : "2024-12-19T06:43:43.884001743Z",
    "lastAccessedTime" : "2024-12-19T11:43:06.884003897Z",
    "maxInactiveInterval" : 1800,
    "expired" : false
  } ]
}

Query Parameters

The endpoint uses query parameters to limit the sessions that it returns. The following table shows the single required query parameter:

Parameter Description

username

Name of the user.

Response Structure

The response contains details of the matching sessions. The following table describes the structure of the response:

Path Type Description

sessions

Array

Sessions for the given username.

sessions.[].id

String

ID of the session.

sessions.[].attributeNames

Array

Names of the attributes stored in the session.

sessions.[].creationTime

String

Timestamp of when the session was created.

sessions.[].lastAccessedTime

String

Timestamp of when the session was last accessed.

sessions.[].maxInactiveInterval

Number

Maximum permitted period of inactivity, in seconds, before the session will expire.

sessions.[].expired

Boolean

Whether the session has expired.

Retrieving a Single Session

To retrieve a single session, make a GET request to /actuator/sessions/{id}, as shown in the following curl-based example:

$ curl 'http://localhost:8080/actuator/sessions/4db5efcc-99cb-4d05-a52c-b49acfbb7ea9' -i -X GET

The preceding example retrieves the session with the id of 4db5efcc-99cb-4d05-a52c-b49acfbb7ea9. The resulting response is similar to the following:

HTTP/1.1 200 OK
Content-Type: application/vnd.spring-boot.actuator.v3+json
Content-Length: 208

{"id":"4db5efcc-99cb-4d05-a52c-b49acfbb7ea9","attributeNames":[],"creationTime":"2024-12-19T06:43:43.884001743Z","lastAccessedTime":"2024-12-19T11:43:06.884003897Z","maxInactiveInterval":1800,"expired":false}

Response Structure

The response contains details of the requested session. The following table describes the structure of the response:

Path Type Description

id

String

ID of the session.

attributeNames

Array

Names of the attributes stored in the session.

creationTime

String

Timestamp of when the session was created.

lastAccessedTime

String

Timestamp of when the session was last accessed.

maxInactiveInterval

Number

Maximum permitted period of inactivity, in seconds, before the session will expire.

expired

Boolean

Whether the session has expired.

Deleting a Session

To delete a session, make a DELETE request to /actuator/sessions/{id}, as shown in the following curl-based example:

$ curl 'http://localhost:8080/actuator/sessions/4db5efcc-99cb-4d05-a52c-b49acfbb7ea9' -i -X DELETE

The preceding example deletes the session with the id of 4db5efcc-99cb-4d05-a52c-b49acfbb7ea9.