Class CookieHttpSessionIdResolver
java.lang.Object
org.springframework.session.web.http.CookieHttpSessionIdResolver
- All Implemented Interfaces:
HttpSessionIdResolver
A
HttpSessionIdResolver
that uses a cookie to obtain the session from.
Specifically, this implementation will allow specifying a cookie serialization strategy
using setCookieSerializer(CookieSerializer)
. The
default is cookie name is "SESSION".
When a session is created, the HTTP response will have a cookie with the specified
cookie name and the value of the session id. The cookie will be marked as a session
cookie, use the context path for the path of the cookie, marked as HTTPOnly, and if
ServletRequest.isSecure()
returns true, the cookie
will be marked as secure. For example:
HTTP/1.1 200 OK Set-Cookie: SESSION=f81d4fae-7dec-11d0-a765-00a0c91e6bf6; Path=/context-root; Secure; HttpOnlyThe client should now include the session in each request by specifying the same cookie in their request. For example:
GET /messages/ HTTP/1.1 Host: example.com Cookie: SESSION=f81d4fae-7dec-11d0-a765-00a0c91e6bf6When the session is invalidated, the server will send an HTTP response that expires the cookie. For example:
HTTP/1.1 200 OK Set-Cookie: SESSION=f81d4fae-7dec-11d0-a765-00a0c91e6bf6; Expires=Thur, 1 Jan 1970 00:00:00 GMT; Secure; HttpOnly
- Since:
- 1.0
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
expireSession
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Instruct the client to end the current session.resolveSessionIds
(jakarta.servlet.http.HttpServletRequest request) Resolve the session ids associated with the providedHttpServletRequest
.void
setCookieSerializer
(CookieSerializer cookieSerializer) Sets theCookieSerializer
to be used.void
setSessionId
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, String sessionId) Send the given session id to the client.
-
Constructor Details
-
CookieHttpSessionIdResolver
public CookieHttpSessionIdResolver()
-
-
Method Details
-
resolveSessionIds
Description copied from interface:HttpSessionIdResolver
Resolve the session ids associated with the providedHttpServletRequest
. For example, the session id might come from a cookie or a request header.- Specified by:
resolveSessionIds
in interfaceHttpSessionIdResolver
- Parameters:
request
- the current request- Returns:
- the session ids
-
setSessionId
public void setSessionId(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, String sessionId) Description copied from interface:HttpSessionIdResolver
Send the given session id to the client. This method is invoked when a new session is created and should inform a client what the new session id is. For example, it might create a new cookie with the session id in it or set an HTTP response header with the value of the new session id.- Specified by:
setSessionId
in interfaceHttpSessionIdResolver
- Parameters:
request
- the current requestresponse
- the current responsesessionId
- the session id
-
expireSession
public void expireSession(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Description copied from interface:HttpSessionIdResolver
Instruct the client to end the current session. This method is invoked when a session is invalidated and should inform a client that the session id is no longer valid. For example, it might remove a cookie with the session id in it or set an HTTP response header with an empty value indicating to the client to no longer submit that session id.- Specified by:
expireSession
in interfaceHttpSessionIdResolver
- Parameters:
request
- the current requestresponse
- the current response
-
setCookieSerializer
Sets theCookieSerializer
to be used.- Parameters:
cookieSerializer
- the cookieSerializer to set. Cannot be null.
-