如何在Spring Boot中自定义Spring Session cookie里的sessionId名称
最编程
2024-07-25 16:52:53
...
为何要修改sessionId名称
如果多个应用系统,访问使用同一个域名或IP,不同端口时,在同一个浏览器登陆这些系统系统,它们之间会出现用户会话会出现覆盖问题,即登录到其中一个应用系统,其他应用系统出现重新登陆现象;
具体操作
经过分析SpringHttpSessionConfiguration的源码(这里不带大家对源码进行分析了),可归纳出以下两种方式可修改sessionId名称
1、定义相关的Bean,SpringHttpSessionConfiguration会自动将这些Bean注入到自身的配置中;
1 @Configuration 2 public class SpringSessionBeanConfiguration { 3 4 @Value("${spring.session.cookieName:'JSESSIONID'}") 5 private String cookieName; 6 7 8 9 //Cookie配置 10 @Bean 11 public CookieSerializer cookieSerializer(){ 12 DefaultCookieSerializer cookieSerializer = new DefaultCookieSerializer(); 13 cookieSerializer.setCookieName(cookieName);//sessionId名称 14 return cookieSerializer; 15 } 16 17 //HttpSessionId配置 18 @Bean 19 public HttpSessionIdResolver httpSessionIdResolver(){ 20 CookieHttpSessionIdResolver cookieHttpSessionIdResolver = new CookieHttpSessionIdResolver(); 21 cookieHttpSessionIdResolver.setCookieSerializer(cookieSerializer()); 22 return cookieHttpSessionIdResolver; 23 } 24 }
2、自定义配置类并继承SpringHttpSessionConfiguration,然后直接对配置类中的属性进行修改,由于这里我用的是redis存储session,此时我直接继承RedisHttpSessionConfiguration(SpringHttpSessionConfiguration的子类)
1 @Configuration 2 public class RedisSessionConfiguration extends RedisHttpSessionConfiguration { 3 4 @Value("${spring.session.cookieName:'JSESSIONID'}") 5 private String cookieName; 6 7 8 @PostConstruct 9 @Override 10 public void init() { 11 DefaultCookieSerializer cookieSerializer = new DefaultCookieSerializer(); 12 cookieSerializer.setCookieName(cookieName);//sessionId名称 13 CookieHttpSessionIdResolver cookieHttpSessionIdResolver = new CookieHttpSessionIdResolver(); 14 cookieHttpSessionIdResolver.setCookieSerializer(cookieSerializer); 15 super.setHttpSessionIdResolver(cookieHttpSessionIdResolver); 16 super.setCookieSerializer(cookieSerializer); 17 }
这里面我遇到有一个坑,要在这个地方特别说明下:在第二种方案中的配置类中,如果在该配置类中定义@Bean,则在@Bean的方法体中无法获取application.yml(properties)中的属性值,具体样例代码如下:
1 @Configuration 2 public class RedisSessionConfiguration extends RedisHttpSessionConfiguration { 3 4 @Value("${spring.session.cookieName:'JSESSIONID'}") 5 private String cookieName; 6 7 8 //Cookie配置 9 @Bean 10 public CookieSerializer cookieSerializer(){ 11 DefaultCookieSerializer cookieSerializer = new DefaultCookieSerializer(); 12 //此处无法获取到通过@Value注入的cookieName的值 13 cookieSerializer.setCookieName(cookieName);//sessionId名称 14 return cookieSerializer; 15 } 16 17 //HttpSessionId配置 18 @Bean 19 public HttpSessionIdResolver httpSessionIdResolver(){ 20 CookieHttpSessionIdResolver cookieHttpSessionIdResolver = new CookieHttpSessionIdResolver(); 21 cookieHttpSessionIdResolver.setCookieSerializer(cookieSerializer()); 22 return cookieHttpSessionIdResolver; 23 } 24 25 26 @PostConstruct 27 @Override 28 public void init() { 29 DefaultCookieSerializer cookieSerializer = new DefaultCookieSerializer(); 30 //此处可以获取到cookieName的值 31 cookieSerializer.setCookieName(cookieName);//sessionId名称 32 CookieHttpSessionIdResolver cookieHttpSessionIdResolver = new CookieHttpSessionIdResolver(); 33 cookieHttpSessionIdResolver.setCookieSerializer(cookieSerializer); 34 super.setHttpSessionIdResolver(cookieHttpSessionIdResolver); 35 super.setCookieSerializer(cookieSerializer); 36 } 37 }
原文地址:https://www.cnblogs.com/Mr-kevin/p/11835106.html