Implementing a custom SessionRepository
API should be a fairly straightforward task.
Coupling the custom implementation with @EnableSpringHttpSession
support lets you reuse existing Spring Session configuration facilities and infrastructure.
There are, however, a couple of aspects that deserve closer consideration.
During the lifecycle of an HTTP request, the HttpSession
is typically persisted to SessionRepository
twice.
The first persist operation is to ensure that the session is available to the client as soon as the client has access to the session ID, and it is also necessary to write after the session is committed because further modifications to the session might be made.
Having this in mind, we generally recommend that a SessionRepository
implementation keep track of changes to ensure that only deltas are saved.
This is particularly important in highly concurrent environments, where multiple requests operate on the same HttpSession
and, therefore, cause race conditions, with requests overriding each other’s changes to session attributes.
All of the SessionRepository
implementations provided by Spring Session use the described approach to persist session changes and can be used for guidance when you implement custom SessionRepository
.
Note that the same recommendations apply for implementing a custom ReactiveSessionRepository
as well.
In this case, you should use the @EnableSpringWebSession
.