JdbcOperationsSessionRepository

[mschallar]

Hello,

we are using spring-session-1.3.1.RELEASE and have multiple issues/recommendations:

1. Modify the visibility for some classes to make them easier extendable. Composition doesn't work all the time (I'm speaking about those private static parameters and private final inner classes).

2. Fire events whenever a session gets created/deleted, or just provide the possibility for adding listeners.

3. It would be nice to have a strategy for setting the Spring SESSION_ID (e.g., for org.springframework.session.jdbc.JdbcOperationsSessionRepository). Right now you have to derive from JdbcOperationsSessionRepository and override createSession(). This way you can access your resources for determining the SESSION_ID, but:

To create a new org.springframework.session.jdbc.JdbcOperationsSessionRepository.JdbcSession, you have to provide an e.g., org.springframework.session.MapSession.MapSession(String). Unfortunately the isNew flag will be set to false, hence the newly generated session will not be persisted within the repository.

Regards,
Manuel

[vpavic]

Hi @mschallar,

1. Everything private to JdbcOperationsSessionRepository is consider an implementation specific detail. Changing visibility of some internal component, for example org.springframework.session.jdbc.JdbcOperationsSessionRepository.JdbcSession, would make it a part of the API and therefore could prevent us from evolving JdbcOperationsSessionRepository as we'd have to consider backwards compatibility. Can you provide an example of what you're trying to do?
2. With a relational database alone, there's no way to publish cluster-wide session events - the published event would be visible only on the node it originated from. This is in contrast to Redis and Hazelcast implementations, which have native publish-subscribe mechanism that make cluster-wide session events possible.
3. There's an existing, though dated, PR to add session id generation strategy - see Allow for configuration of session id generation and format. #204 to track the development of this topic.

[mschallar]

Hi @vpavic,

1. A better example would be org.springframework.session.jdbc.JdbcOperationsSessionRepository.ExpiringSessionResultSetExtractor and therefore org.springframework.session.jdbc.JdbcOperationsSessionRepository.extractor. org.springframework.session.jdbc.JdbcOperationsSessionRepository.tableName, org.springframework.session.jdbc.JdbcOperationsSessionRepository.conversionService, and org.springframework.session.jdbc.JdbcOperationsSessionRepository.lobHandler.
   All in all, we had to (c&p) some of the classes and parameters as we had to override org.springframework.session.jdbc.PublishableJdbcOperationsSessionRepository.cleanUpExpiredSessions() (which leads to 2.).

2. I know that only one within a cluster would get the org.springframework.session.events.SessionDeletedEvent. But that could be left to the application developer to handle those events. In our case it would be enough if just one node would receive such a event.

3. I stumbled over the pull request once, but it was never merged.

[vpavic]

@mschallar Can you provide an example of what you're trying to do, i.e. which exact JdbcOperationsSessionRepository customizations would you like to do? We really don't want to expose our internals for the reasons explained above, so understanding your use case is important so that we can see if there are other ways to support it.

Regarding the events, I don't believe having a single node based solution would be a good thing. We can eventually consider something similar to what was proposed in #590 a while ago.

[mschallar]

We wanted to assign a HttpServletRequest dependend SESSION_ID to the current Spring Session.
We had to overwrite the org.springframework.session.jdbc.PublishableJdbcOperationsSessionRepository.createSession() method:

String sessionId = getSessionId(httpServletRequest);
JdbcSession session = new JdbcSession(new MapSession(sessionId));
// This session will not be persisted, as the Constructor of org.springframework.session.jdbc.JdbcOperationsSessionRepository.JdbcSession sets the 'isNew' flag to 'false'
updateJdbcSessionIsNewFieldViaReflection(session);
if (this.defaultMaxInactiveInterval != null) {
session.setMaxInactiveIntervalInSeconds(this.defaultMaxInactiveInterval); //super.defaultMaxInactiveInterval is private ...
}
return session;

Do you see any other solution?

[vpavic]

Thanks for the feedback. So if I'm understanding correctly this is basically all about the custom session id strategy, i.e. the same topic #204 is about?

[mschallar]

Exactly like that. That would make perfect sense.

If some hooks for a session deleted/created event would be implemented, it would help us developer out as well. We can define our own strategy regarding session creation/deletion, even cluster wide if even necessary.

Thanks for the responses @vpavic!

[vpavic]

Thanks for following up @mschallar.

Since your requests effectively duplicate #204 and #590 both of which are still open, I'd suggest you to track those issues, and if necessary provide more info or simply vote on each topic.

I'm going to close this one for now, due to reasons in previous paragraph.

[wjun20314]

I using spring-session-2.0.1.RELEASE but I have error the type org.springframework.session.jdbc.JdbcOperationsSessionRepository.JdbcSession is not visible, may I know how can I create session by using JdbcOperationsSessionRepository and assign to JdbcSession?

Then I will use JdbcOperationsSessionRepository will save the JdbcSession to database.

[vpavic]

@wjun20314 You might find this comment useful.

Also note that since your question is unrelated to this ticket it's preferable to open a new one or ask on our Gitter channel or Stack Overflow using spring-session tag.

Update: Now I see you've posted on SO (if this is you), I've provided an answer.