Package org.springframework.session.web.http

Class HeaderHttpSessionIdResolver

java.lang.Object
org.springframework.session.web.http.HeaderHttpSessionIdResolver
All Implemented Interfaces:
HttpSessionIdResolver
public class HeaderHttpSessionIdResolver extends Object implements HttpSessionIdResolver
A HttpSessionIdResolver that uses a header to resolve the session id. Specifically, this implementation will allow specifying a header name using HeaderHttpSessionIdResolver(String). Convenience factory methods for creating instances that use common header names, such as "X-Auth-Token" and "Authentication-Info", are available as well.

When a session is created, the HTTP response will have a response header of the specified name and the value of the session id. For example: 

 HTTP/1.1 200 OK
 X-Auth-Token: f81d4fae-7dec-11d0-a765-00a0c91e6bf6
The client should now include the session in each request by specifying the same header in their request. For example: 
 GET /messages/ HTTP/1.1
 Host: example.com
 X-Auth-Token: f81d4fae-7dec-11d0-a765-00a0c91e6bf6
When the session is invalidated, the server will send an HTTP response that has the header name and a blank value. For example: 
 HTTP/1.1 200 OK
 X-Auth-Token:
Since:
1.0

  • Constructor Details

    • HeaderHttpSessionIdResolver

      public HeaderHttpSessionIdResolver(String headerName)
      The name of the header to obtain the session id from.
      Parameters:
      headerName - the name of the header to obtain the session id from.

  • Method Details

    • xAuthToken

      public static HeaderHttpSessionIdResolver xAuthToken()
      Convenience factory to create HeaderHttpSessionIdResolver that uses "X-Auth-Token" header.
      Returns:
      the instance configured to use "X-Auth-Token" header

    • authenticationInfo

      public static HeaderHttpSessionIdResolver authenticationInfo()
      Convenience factory to create HeaderHttpSessionIdResolver that uses "Authentication-Info" header.
      Returns:
      the instance configured to use "Authentication-Info" header

    • resolveSessionIds

      public List<String> resolveSessionIds(jakarta.servlet.http.HttpServletRequest request)
      Description copied from interface: HttpSessionIdResolver
      Resolve the session ids associated with the provided HttpServletRequest. For example, the session id might come from a cookie or a request header.
      Specified by:
      resolveSessionIds in interface HttpSessionIdResolver
      Parameters:
      request - the current request
      Returns:
      the session ids

    • setSessionId

      public void setSessionId(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, String sessionId)
      Description copied from interface: HttpSessionIdResolver
      Send the given session id to the client. This method is invoked when a new session is created and should inform a client what the new session id is. For example, it might create a new cookie with the session id in it or set an HTTP response header with the value of the new session id.
      Specified by:
      setSessionId in interface HttpSessionIdResolver
      Parameters:
      request - the current request
      response - the current response
      sessionId - the session id

    • expireSession

      public void expireSession(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
      Description copied from interface: HttpSessionIdResolver
      Instruct the client to end the current session. This method is invoked when a session is invalidated and should inform a client that the session id is no longer valid. For example, it might remove a cookie with the session id in it or set an HTTP response header with an empty value indicating to the client to no longer submit that session id.
      Specified by:
      expireSession in interface HttpSessionIdResolver
      Parameters:
      request - the current request
      response - the current response