Implementing a custom SessionRepository API should be a fairly straightforward task. Coupling the custom implementation with @EnableSpringHttpSession support lets you reuse existing Spring Session configuration facilities and infrastructure. There are, however, a couple of aspects that deserve closer consideration.

During the lifecycle of an HTTP request, the HttpSession is typically persisted to SessionRepository twice. The first persist operation is to ensure that the session is available to the client as soon as the client has access to the session ID, and it is also necessary to write after the session is committed because further modifications to the session might be made. Having this in mind, we generally recommend that a SessionRepository implementation keep track of changes to ensure that only deltas are saved. This is particularly important in highly concurrent environments, where multiple requests operate on the same HttpSession and, therefore, cause race conditions, with requests overriding each other’s changes to session attributes. All of the SessionRepository implementations provided by Spring Session use the described approach to persist session changes and can be used for guidance when you implement custom SessionRepository.

Note that the same recommendations apply for implementing a custom ReactiveSessionRepository as well. In this case, you should use the @EnableSpringWebSession.