Package org.springframework.session.web.http

Interface HttpSessionIdResolver

All Known Implementing Classes:
CookieHttpSessionIdResolver, HeaderHttpSessionIdResolver
public interface HttpSessionIdResolver
Contract for session id resolution strategies. Allows for session id resolution through the request and for sending the session id or expiring the session through the response.
Since:
2.0.0

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    expireSession(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
    Instruct the client to end the current session.
    List<String>
    resolveSessionIds(jakarta.servlet.http.HttpServletRequest request)
    Resolve the session ids associated with the provided HttpServletRequest.
    void
    setSessionId(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, String sessionId)
    Send the given session id to the client.

  • Method Details

    • resolveSessionIds

      List<String> resolveSessionIds(jakarta.servlet.http.HttpServletRequest request)
      Resolve the session ids associated with the provided HttpServletRequest. For example, the session id might come from a cookie or a request header.
      Parameters:
      request - the current request
      Returns:
      the session ids

    • setSessionId

      void setSessionId(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, String sessionId)
      Send the given session id to the client. This method is invoked when a new session is created and should inform a client what the new session id is. For example, it might create a new cookie with the session id in it or set an HTTP response header with the value of the new session id.
      Parameters:
      request - the current request
      response - the current response
      sessionId - the session id

    • expireSession

      void expireSession(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
      Instruct the client to end the current session. This method is invoked when a session is invalidated and should inform a client that the session id is no longer valid. For example, it might remove a cookie with the session id in it or set an HTTP response header with an empty value indicating to the client to no longer submit that session id.
      Parameters:
      request - the current request
      response - the current response