Geek Answers Handbook

Spring Redis Session Data - Get Valid Sessions, Current User from Redis Store

My question is that in a distributed web application, you can get valid sessions from the Redis Store using RedisOperationSessionRepository . (I mean, I donโ€™t want to write explicit code to put it in the Redis repository, and then read later, I want to understand if the library provides a framework or spring-data-redis ).

I know that Spring Redis can restore sessions, and restarting the server also retains the login if the session is still valid (as it is supported by Redis)

One of the functionality I'm looking for is to get all the possible logon capabilities currently in the application. I know SessionRegistryImpl and this method. but what I noticed is that this method is not supported by Redis, and after restarting the server, users do not return.

  public List<Object> getAllPrincipals() { return new ArrayList<Object>(principals.keySet()); }

One of the possibilities I can try is from Spring Session 1.1.0, Spring to find a session by username.

I tried and it really returns me the actual result of the session, but the problem is that I still need to know all the current valid usernames that use this application. (I donโ€™t know how to use them using the Redis Store, again I can save them to Redis and get them, but I want to know if there is a better approach).

This is a piece of code, so I can get the current user from one of the many users who are currently using the system if I know the session ID.

  final Session session = redisOperationsSessionRepository.getSession(sessionid); final Object obj = session.getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY); if (obj instanceof SecurityContext) { final SecurityContext context = (SecurityContext) obj; final Authentication authentication = context.getAuthentication(); if (authentication != null) { final Object principal = authentication.getPrincipal(); if (principal != null && principal instanceof CurrentUser) { return (CurrentUser) principal; } } }

Now I can use the above logic to get the whole current user, but again I have to use all valid session identifiers that I donโ€™t know how to get from the Redis store.

New update: https://github.com/spring-projects/spring-session/issues/255 Here, in this link, I can probably get all session identifiers and look for active sessions in RedisOperationSessionRepository , but it can lead to problems with performance.

I'm not sure I made it clear, but we canโ€™t say something to Redis using the Spring session api session, just give me all the valid sessions and their current user that are currently logged in. (based on the last available time or something like that).

thanks

+7
java spring-data spring-data-redis redis spring-session
source share
1 answer

Redis is basically a keystore and does not provide such requests.

However, you should be able to list the entire session with a KEYS request and then filter them based on the last action, but with the flaws mentioned in the github issue mentioned.

You should probably consider logging users in a data warehouse that supports relational queries, keeping Redis as a quick session repository.

0
source share

More articles:


All Articles