Session session sharing in single project
For our web project, we can configure the following content in the ss configuration.
It includes the jump path of traditional web projects and the processing strategy after the user session of the front-end and back-end separation projects is pushed offline.
At the same time, we can also specify that the user cannot log in again after logging in on other devices, so as to avoid the situation where the user is pushed offline.
.csrf().disable()
.sessionManagement()
.maximumSessions(2)
// .expiredUrl("")//传统项目的用户被挤下线之后的跳转路径
//下面这个是前后端分离web项目的用户被挤下线之后的返回操作
.expiredSessionStrategy(event -> {
HttpServletResponse response = event.getResponse();
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write("并发登录");
response.flushBuffer();
})
.maxSessionsPreventsLogin(true)//登录了之后禁止登录,这样,一旦登录就会禁止其他用户登录,不会发送被挤下线的情况了
underlying implementation
The related classes in ss are SessionManagementFilterand SessionAuthenticationStrategy, and SessionManagementFilterthe related operations are entrusted to the latter for processing.
The underlying implementation principle is simply to maintain a map, which records users and corresponding sessions. If re-login is allowed, the corresponding session will be updated when the user logs in on a new device, and the original user's session will become invalid. Not allowed to log in again means that when the user logs in again, it is found that the user's session already exists in the map, and an error message will be returned directly. This method is relatively easy to implement for traditional single projects, but how do we implement it in microservice projects?
Session sharing in distributed projects
We can store the session in redis
First introduce the dependency
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
<version>2.1.9.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-data-redis</artifactId>
</dependency>
Injected in the construction method FindByIndexNameSessionRepository , this is a tool used to serialize the session to redis
@Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
private final MyUserDetailService myUserDetailService;
private final DataSource dataSource;
private final FindByIndexNameSessionRepository findByIndexNameSessionRepository;
@Autowired
public WebSecurityConfiguration(MyUserDetailService myUserDetailService,DataSource dataSource
,FindByIndexNameSessionRepository findByIndexNameSessionRepository) {
this.myUserDetailService = myUserDetailService;
this.dataSource = dataSource;
this.findByIndexNameSessionRepository = findByIndexNameSessionRepository;
}
/**
* 创建用来将session共享到redis中的bean
* @return
*/
@Bean
SpringSessionBackedSessionRegistry springSessionBackedSessionRegistry(){
return new SpringSessionBackedSessionRegistry(findByIndexNameSessionRepository);
}
Finally, you need to configureconfigure in the method
.sessionRegistry(springSessionBackedSessionRegistry());
We can check redis before and after login, and we can see that the session information is stored in redis here.
