Comments (2)
Hi @marcusdacoregio, thank you for looking into this issue.
What is the reason that you are updating the last access time for the web session manually?
The reason is that the session is only touched conditionally i.e. some requests must not prolong the session lifetime. My given example above did not showed that as I simplified the code.
Have you tried to place your filter before the OidcSessionRegistryWebFilter?
Thank you for that hint, didn't thought about this yet. OidcSessionRegistryWebFilter
is part of the SecurityWebFilterChain which has the default order of -100 (c.f. here. So annotating my web filter with @Ordered(-101)
worked.
I'm fine with that and from my end the ticket can be closed.
from spring-session.
Hi, @MatthiasZerau. Thanks for the report.
What is the reason that you are updating the last access time for the web session manually? I wonder why you didn't let the WebSessionManager
deal with that.
Have you tried to place your filter before the OidcSessionRegistryWebFilter
? Something like http.addFilterBefore(myFilter, SecurityWebFiltersOrder.HTTP_HEADERS_WRITER);
. Note that your WebFilter
is annotated with @Component
, therefore Spring Boot will register it automatically in the filter chain, I do not recall correctly the ordering that it will apply.
from spring-session.
Related Issues (20)
- Update to Spring Security 6.3.0-M3
- An "IllegalStateException: Session was invalidated" - exception is thrown after session was already invalidated
- spring security + form login + redis session storage -> keep coming out anonymous User HOT 3
- Consider Sorted Set Expiration Policy in RedisIndexedHttpSession HOT 1
- maxInactiveInterval from JdkMongoSessionConverter is always from MongoSession HOT 3
- Upgrade to Spring Data Bom 2024.0.0-RC1
- Upgrade to MongoDB 5.0.1
- Possibility to apply the `SessionRepositoryFilter` conditionally. HOT 2
- Update to Spring Security 6.3.0-RC1
- Support for NATS JetStream Key/Value store as an alternative for Redis HOT 2
- Spring Session JDBC JSON format storing is not working HOT 9
- Migrate to com.gradle.develocity plugin
- Migrate to com.gradle.develocity plugin
- Migrate to com.gradle.develocity plugin
- Update reference site link HOT 1
- Update to Spring Security 6.3.0
- Spring Session Redis Index Key not deleted when session expired
- Does spring-session support spring-authorization-server? HOT 1
- Migration of active sessions from one datasource to another HOT 1
- Spring Session returning default Spring Security User object instead of custom UserDetails object HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spring-session.