Skip to content

ServerRequestCacheWebFilter causes WebSession to be read every request #7157

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Tracked by #6125
rwinch opened this issue Jul 26, 2019 · 5 comments
Closed
Tracked by #6125

ServerRequestCacheWebFilter causes WebSession to be read every request #7157

rwinch opened this issue Jul 26, 2019 · 5 comments
Assignees
@rwinch
Labels
in: web An issue in web modules (web, webmvc) type: bug A general bug
Milestone
5.8.0-M1

Comments

@rwinch
Copy link
Member

rwinch commented Jul 26, 2019

Summary

Currently the ServerRequestCacheWebFilter causes the WebSession to be read on every request. We should be able to limit this to only happening after authentication success happens.
@rwinch rwinch added in: web An issue in web modules (web, webmvc) type: bug A general bug labels Jul 26, 2019
@rwinch rwinch added this to the 5.2.x milestone Jul 26, 2019
@rwinch rwinch mentioned this issue Jul 26, 2019
Closed
@eleftherias eleftherias self-assigned this Jul 29, 2019
@eleftherias eleftherias mentioned this issue Aug 1, 2019
Closed
@rwinch
Copy link
Member Author

rwinch commented Aug 5, 2019

One way we can do this is to cache the request in a cookie rather than the session

@jzheaux
Copy link
Contributor

jzheaux commented Aug 8, 2019

While this is a nice feature to be able to cache the request in a cookie, is it still the case that if an application wants to cache the request in a session, the WebSession will be hit on every request? Is this something that we should address in a separate ticket?

@rwinch
Copy link
Member Author

rwinch commented Aug 9, 2019
edited
Loading

The only place WebFlux support requires reading the session on every request is the request cache. This means that moving this to use a cookie will solve the problem. Another thing to point out is that we could solve this by adding a query parameter to the URL that signals a lookup should be performed.

eleftherias added a commit to eleftherias/spring-security that referenced this issue Nov 22, 2019
@eleftherias
Cache request URI in cookie instead of session
a6e36d5 
Fixes: spring-projectsgh-7157
@rwinch rwinch removed this from the 5.2.x milestone May 31, 2022
@rwinch rwinch added this to the 6.0.x milestone Jun 7, 2022
@rwinch
Copy link
Member Author

rwinch commented Jun 7, 2022

This is important for the improvements to session management improvements

@rwinch rwinch self-assigned this Jun 14, 2022
@rwinch rwinch mentioned this issue Jul 1, 2022
Closed
7 tasks
@rwinch rwinch modified the milestones: 6.0.x, 5.8.0-M1 Jul 1, 2022
@rwinch rwinch mentioned this issue Jul 1, 2022
Closed
@rwinch
Copy link
Member Author

rwinch commented Jul 1, 2022

Closed via 28c0d14

@rwinch rwinch closed this as completed Jul 1, 2022
@rwinch rwinch moved this to Done in Spring Security Team Jul 1, 2022
rwinch added a commit that referenced this issue Jul 1, 2022
@rwinch
Request Cache supports matchingRequestParameterName
6510274 
Closes gh-7157 gh-11453
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rwinch rwinch

Labels
in: web An issue in web modules (web, webmvc) type: bug A general bug
Projects
Spring Security Team
Status: Done
Milestone
5.8.0-M1
Development

Successfully merging a pull request may close this issue.

Cache request URI in cookie instead of session eleftherias/spring-security
3 participants
@rwinch @jzheaux @eleftherias