Related questions
2. Considering the capacity of Redis, since spring session relies on redis, should it be considered separate from business redis?
A Spring session access will generate 3 keys,
Consider whether it needs to be separated from business redis according to the amount of users and the amount of session.setAttribute in the program
3. Considering the high availability of Redis, since spring session relies on redis, if there is a single point of failure in redis, it will affect the spring session.
High availability at the redis level, keepalived or Sentinel or redis3.0 cluster
4. What if the browser does not support cookies?
Spring session will write the token into the cookie by default. If the browser does not support cookies, it will write the token into the header and bring it with each request. In addition, you need to add configuration in sdk-session.xml:
<beanname="headerHttpSessionStrategy" class="org.springframework.session.web.http.HeaderHttpSessionStrategy">
</bean>
When requesting, you only need to bring the token returned by the backend
如:x-auth-token:98cc9e5e-5fc6-4ba9-8d7a-d6677a101820
5. What is the problem of setting the expiration time of the session?
The default expiration time of Spring session is 1800 seconds, which is 30 minutes. The sdk-session.xml configuration parameters:
<bean class="org.springframework.session.data.redis.config.annotation.web.http.RedisHttpSessionConfiguration">
<property name="maxInactiveIntervalInSeconds" value="1800"></property>
</bean>
6. Session event listener configuration HttpSessionListener
SessionListenerDemo implements the HttpSessionListener interface, sdk-session.xml configuration parameters:
<bean id="listenerAdapter" class="org.springframework.session.web.http.SessionEventHttpSessionListenerAdapter">
<constructor-arg name="listeners">
<list>
<bean class="com.mogoroom.bs.listener.SessionListenerDemo" />
</list>
</constructor-arg>
</bean>
7. Cross-domain issues?
cookie method:
The cookies carried under different domains are different, and cookies do not support cross-domain
Header method:
When requesting, you only need to bring the token returned by the backend
如:x-auth-token:98cc9e5e-5fc6-4ba9-8d7a-d6677a101820
8. The problem of different project names in the same domain?
For example, the shared session between www.baidu.com/aaa and www.baidu.com/bbb needs to be configured in the heart of sdk-session.xml
<bean class="org.springframework.session.web.http.CookieHttpSessionStrategy">
<property name="cookieSerializer" ref="defaultCookieSerializer"></property>
</bean>
<bean id="defaultCookieSerializer" class="org.springframework.session.web.http.DefaultCookieSerializer">
<property name="cookiePath" value="/"></property>
</bean>