如何在Spring Boot中自定义Spring Session cookie里的sessionId名称

最编程 2024-07-25 16:52:53

...

为何要修改sessionId名称
如果多个应用系统，访问使用同一个域名或IP,不同端口时，在同一个浏览器登陆这些系统系统，它们之间会出现用户会话会出现覆盖问题，即登录到其中一个应用系统，其他应用系统出现重新登陆现象；

具体操作
经过分析SpringHttpSessionConfiguration的源码（这里不带大家对源码进行分析了），可归纳出以下两种方式可修改sessionId名称

1、定义相关的Bean，SpringHttpSessionConfiguration会自动将这些Bean注入到自身的配置中；

 1 @Configuration
 2 public class SpringSessionBeanConfiguration {
 3  
 4     @Value("${spring.session.cookieName:'JSESSIONID'}")
 5     private String cookieName;
 6  
 7  
 8  
 9     //Cookie配置
10     @Bean
11     public CookieSerializer cookieSerializer(){
12         DefaultCookieSerializer cookieSerializer = new DefaultCookieSerializer();
13         cookieSerializer.setCookieName(cookieName);//sessionId名称
14         return  cookieSerializer;
15     }
16  
17     //HttpSessionId配置
18     @Bean
19     public HttpSessionIdResolver httpSessionIdResolver(){
20         CookieHttpSessionIdResolver cookieHttpSessionIdResolver = new CookieHttpSessionIdResolver();
21         cookieHttpSessionIdResolver.setCookieSerializer(cookieSerializer());
22         return cookieHttpSessionIdResolver;
23     }
24 }

2、自定义配置类并继承SpringHttpSessionConfiguration，然后直接对配置类中的属性进行修改，由于这里我用的是redis存储session,此时我直接继承RedisHttpSessionConfiguration（SpringHttpSessionConfiguration的子类）

 1 @Configuration
 2 public class RedisSessionConfiguration extends RedisHttpSessionConfiguration  {
 3  
 4     @Value("${spring.session.cookieName:'JSESSIONID'}")
 5     private String cookieName;
 6  
 7  
 8     @PostConstruct
 9     @Override
10     public void init() {
11         DefaultCookieSerializer cookieSerializer = new DefaultCookieSerializer();
12         cookieSerializer.setCookieName(cookieName);//sessionId名称
13         CookieHttpSessionIdResolver cookieHttpSessionIdResolver = new CookieHttpSessionIdResolver();
14         cookieHttpSessionIdResolver.setCookieSerializer(cookieSerializer);
15         super.setHttpSessionIdResolver(cookieHttpSessionIdResolver);
16         super.setCookieSerializer(cookieSerializer);
17     }

这里面我遇到有一个坑，要在这个地方特别说明下：在第二种方案中的配置类中，如果在该配置类中定义@Bean,则在@Bean的方法体中无法获取application.yml(properties)中的属性值，具体样例代码如下：

 1 @Configuration
 2 public class RedisSessionConfiguration extends RedisHttpSessionConfiguration  {
 3  
 4     @Value("${spring.session.cookieName:'JSESSIONID'}")
 5     private String cookieName;
 6  
 7  
 8     //Cookie配置
 9     @Bean
10     public CookieSerializer cookieSerializer(){
11         DefaultCookieSerializer cookieSerializer = new DefaultCookieSerializer();
12         //此处无法获取到通过@Value注入的cookieName的值
13         cookieSerializer.setCookieName(cookieName);//sessionId名称
14         return  cookieSerializer;
15     }
16  
17     //HttpSessionId配置
18     @Bean
19     public HttpSessionIdResolver httpSessionIdResolver(){
20         CookieHttpSessionIdResolver cookieHttpSessionIdResolver = new CookieHttpSessionIdResolver();
21         cookieHttpSessionIdResolver.setCookieSerializer(cookieSerializer());
22         return cookieHttpSessionIdResolver;
23     }
24  
25  
26     @PostConstruct
27     @Override
28     public void init() {
29         DefaultCookieSerializer cookieSerializer = new DefaultCookieSerializer();
30         //此处可以获取到cookieName的值
31         cookieSerializer.setCookieName(cookieName);//sessionId名称
32         CookieHttpSessionIdResolver cookieHttpSessionIdResolver = new CookieHttpSessionIdResolver();
33         cookieHttpSessionIdResolver.setCookieSerializer(cookieSerializer);
34         super.setHttpSessionIdResolver(cookieHttpSessionIdResolver);
35         super.setCookieSerializer(cookieSerializer);
36     }
37 }

原文地址：https://www.cnblogs.com/Mr-kevin/p/11835106.html

上一篇：打造针对Android平台的课堂评估系统的设计与实现

下一篇：【轻松驾驭Lighthouse】构建Hydro信息化在线评估平台