Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to solve common problems of using SpringSession in SpringBoot2.x version". Interested friends may wish to take a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn how to solve the common problems of using SpringSession in the SpringBoot2.x version.

SpringBoot2.x SpringSession stepped on the pit

Exception encountered during context initialization-cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.boot.autoconfigure.session.SessionAutoConfiguration$ServletSessionRepositoryValidator': Invocation of init method failed; nested exception is org.springframework.boot.autoconfigure.session.SessionRepositoryUnavailableException: No session repository could be auto-configured, check your configuration (session store type is' redis')

This is due to the lack of spring-session-data-redis dependencies.

In SpringBoot2.X, referencing SpringSession and using Redis to store cached data need to be configured as follows:

Org.springframework.session spring-session-core org.springframework.session spring-session-data-redis # use Redis to cache session data spring.session.store-type=REDIS#Redis server address spring.redis.host=127.0.0.1#Redis server port number spring.redis.port=6379 summary:

In the version of SpringBoot2.x, when referencing spring-session-core, instead of loading spring-session-data-redis, users need to add their own associated dependencies on spring-session and redis.

Springboot 2.x tread pit-cross-domain causes session problem

At present, the mainstream of IT industry is separated from the front and rear ends, but there must be cross-domain problems in the process of separation.

What is cross-domain?

It means that when a browser requests the resources of another domain name from the web page of one domain name, the domain name, port and protocol are cross-domain.

The scene encountered

When we use springboot + shrio + vue to manage the project in the background, we cannot get the currently logged-in users of shiroSession

So we investigated and said on the Internet that it was OK to let session pass when crossing domains.

Back end

@ Configurationpublic class CorsConfig {private CorsConfiguration buildConfig () {CorsConfiguration corsConfiguration = new CorsConfiguration (); corsConfiguration.setAllowCredentials (true); / allow any domain name to use corsConfiguration.addAllowedOrigin ("*"); / / allow any header corsConfiguration.addAllowedHeader ("*"); / / allow any method (post, get, etc.) corsConfiguration.addAllowedMethod ("*") CorsConfiguration.setMaxAge (3600L); return corsConfiguration;} @ Bean public CorsFilter corsFilter () {UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource (); / / Cross-domain configuration of a pair of interfaces source.registerCorsConfiguration ("/ * *", buildConfig ()); return new CorsFilter (source);}}

Front end

Axios.defaults.withCredentials=true

But it still doesn't work after setting it up.

After a day of Baidu and investigation, I rolled back to springboot 1.x without this problem, and located to be the cause of upgrading to springboot 2.x. Well, we have caught the killer, and this is a good time to prescribe the right remedy to the case. I went online to see the problems related to the upgrade from springboot to 2.x spring session.

Finally found a new world, spring-session 2.x in Cookie unexpectedly introduced SameSite this hair, his default value is Lax, all right, let's see what this is?

SameSite Cookie is used to prevent CSRF attacks. It has two values: Strict and Lax.

SameSite = Strict:

Means strict mode, indicating that this cookie cannot be used as a third-party cookie under any circumstances

SameSite = Lax:

It means loose mode. In GET request, it can be used as a third-party cookie, but it cannot carry cookie for cross-domain post access (this is very painful. Our verification API is POST request).

Summary: the frontend request goes to the background, and each time the session is different, and each time it is a new session, resulting in no access to user information.

Solution:

Set SameSite to empty

@ Configurationpublic class SpringSessionConfig {@ Bean public CookieSerializer httpSessionIdResolver () {DefaultCookieSerializer cookieSerializer = new DefaultCookieSerializer (); / / cancel setting cookieSerializer.setSameSite (null) on the same site only; return cookieSerializer;}} so far, I believe you have a better understanding of "how to solve common problems in using SpringSession in SpringBoot2.x version". You might as well do it in practice! Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.