private void updateSessionMaps(String originalSessionId, HazelcastHttpSession hazelcastSession) { sessions.put(hazelcastSession.getId(), hazelcastSession); String oldHazelcastSessionId = originalSessions.put(originalSessionId, hazelcastSession.getId()); if (LOGGER.isFinestEnabled()) { if (oldHazelcastSessionId != null) { LOGGER.finest("!!! Overwrote an existing hazelcastSessionId " + oldHazelcastSessionId); } LOGGER.finest("Created new session with id: " + hazelcastSession.getId()); LOGGER.finest(sessions.size() + " is sessions.size and originalSessions.size: " + originalSessions.size()); } }
private void updateSessionMaps(String sessionId, HttpSession originalSession, HazelcastHttpSession hazelcastSession) { sessions.put(hazelcastSession.getId(), hazelcastSession); String oldHazelcastSessionId = originalSessions.put(originalSession.getId(), hazelcastSession.getId()); if (LOGGER.isFinestEnabled()) { if (oldHazelcastSessionId != null) { LOGGER.finest("!!! Overwrote an existing hazelcastSessionId " + oldHazelcastSessionId); } LOGGER.finest("Created new session with id: " + sessionId); LOGGER.finest(sessions.size() + " is sessions.size and originalSessions.size: " + originalSessions.size()); } }
/** * Destroys a session, determining if it should be destroyed clusterwide automatically or via expiry. * * @param session the session to be destroyed <i>locally</i> * @param invalidate {@code true} if the session has been invalidated and should be destroyed on all nodes * in the cluster; otherwise, {@code false} to only remove the session globally if this * node was the final node referencing it */ protected void destroySession(HazelcastHttpSession session, boolean invalidate) { if (LOGGER.isFinestEnabled()) { LOGGER.finest("Destroying local session: " + session.getId()); } sessions.remove(session.getId()); originalSessions.remove(session.getOriginalSession().getId()); session.destroy(invalidate); }
/** * Destroys a session, determining if it should be destroyed clusterwide automatically or via expiry. * * @param session the session to be destroyed <i>locally</i> * @param invalidate {@code true} if the session has been invalidated and should be destroyed on all nodes * in the cluster; otherwise, {@code false} to only remove the session globally if this * node was the final node referencing it */ protected void destroySession(HazelcastHttpSession session, boolean invalidate) { if (LOGGER.isFinestEnabled()) { LOGGER.finest("Destroying local session: " + session.getId()); } sessions.remove(session.getId()); originalSessions.remove(session.getOriginalSession().getId()); session.destroy(invalidate); }
public String changeSessionId() { Method changeSessionIdMethod = getChangeSessionIdMethod(); if (changeSessionIdMethod == null) { return ""; } HttpServletRequest nonWrappedHttpServletRequest = getNonWrappedHttpServletRequest(); if (nonWrappedHttpServletRequest.getSession() == null) { throw new IllegalStateException("changeSessionId requested for request with no session"); } originalSessions.remove(nonWrappedHttpServletRequest.getSession().getId()); HazelcastHttpSession hazelcastHttpSession = getSession(false); sessions.remove(hazelcastHttpSession.getId()); hazelcastHttpSession.destroy(true); String newHazelcastSessionId = generateSessionId(); String newJSessionId = invokeChangeSessionId(nonWrappedHttpServletRequest, changeSessionIdMethod); HttpSession originalSession = nonWrappedHttpServletRequest.getSession(); HazelcastHttpSession hazelcastSession = createHazelcastHttpSession(newHazelcastSessionId, originalSession); hazelcastSession.setClusterWideNew(true); updateSessionMaps(newJSessionId, hazelcastSession); addSessionCookie(this, newHazelcastSessionId); return newJSessionId; }
@Override public final void doFilter(ServletRequest req, ServletResponse res, final FilterChain chain) throws IOException, ServletException { HazelcastRequestWrapper requestWrapper = new HazelcastRequestWrapper((HttpServletRequest) req, (HttpServletResponse) res); chain.doFilter(requestWrapper, res); HazelcastHttpSession session = requestWrapper.getSession(false); if (session != null && session.isValid() && config.isDeferredWrite()) { if (LOGGER.isFinestEnabled()) { LOGGER.finest("UPDATING SESSION " + session.getId()); } session.sessionDeferredWrite(); } }
@Override public final void doFilter(ServletRequest req, ServletResponse res, final FilterChain chain) throws IOException, ServletException { HazelcastRequestWrapper requestWrapper = new HazelcastRequestWrapper((HttpServletRequest) req, (HttpServletResponse) res); chain.doFilter(requestWrapper, res); HazelcastHttpSession session = requestWrapper.getSession(false); if (session != null && session.isValid() && config.isDeferredWrite()) { if (LOGGER.isFinestEnabled()) { LOGGER.finest("UPDATING SESSION " + session.getId()); } session.sessionDeferredWrite(); } }
@Override protected void destroySession(HazelcastHttpSession session, boolean invalidate) { super.destroySession(session, invalidate); if (invalidate) { ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(servletContext); if (appContext != null) { ensureSessionRegistryInitialized(appContext); if (sessionRegistry != null) { String originalSessionId = session.getOriginalSessionId(); // If original session id is registered already, we don't need it. // So, we should remove it also. sessionRegistry.removeSessionInformation(originalSessionId); /** * Publish an event to notify * {@link org.springframework.security.core.session.SessionRegistry} instance. * So Spring clears information about our Hazelcast session. */ appContext.publishEvent(new HttpSessionDestroyedEvent(session)); LOGGER.finest("Published destroy session event for Spring for session with id " + session.getId()); } } } }
@Override protected void destroySession(HazelcastHttpSession session, boolean invalidate) { super.destroySession(session, invalidate); if (invalidate) { ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(servletContext); if (appContext != null) { ensureSessionRegistryInitialized(appContext); if (sessionRegistry != null) { String originalSessionId = session.getOriginalSessionId(); // If original session id is registered already, we don't need it. // So, we should remove it also. sessionRegistry.removeSessionInformation(originalSessionId); /** * Publish an event to notify * {@link org.springframework.security.core.session.SessionRegistry} instance. * So Spring clears information about our Hazelcast session. */ appContext.publishEvent(new HttpSessionDestroyedEvent(session)); LOGGER.finest("Published destroy session event for Spring for session with id " + session.getId()); } } } }