Spring Session Data Redis - Get Valid Sessions, Current User from Redis Store
Asked Answered
U

2

11

My question is, in distributed web application is it possible to get the valid sessions from Redis Store using RedisOperationSessionRepository. (I mean I don't want to write explicit code for putting it into Redis store and then later read it, I want to understand if framework or spring-data-redis library provides that).

I am aware that Spring Redis is able to restore sessions and server restarts also preserve the login if the session is still valid (as it is backed by Redis)

One of the functionality I am looking for is to get all the possible log in users currently in the application. I am aware of SessionRegistryImpl, and this method. but what I noticed that this method is not backed by Redis and after server restarts, log in users are not returned.

 public List<Object> getAllPrincipals() {
    return new ArrayList<Object>(principals.keySet());
}

One of the functionality I can try is from Spring Session 1.1.0, Spring session find by username.

  1. http://docs.spring.io/spring-session/docs/1.1.0.M1/reference/html5/guides/findbyusername.html
  2. https://spring.io/blog/2015/11/17/spring-session-1-1-0-m1-released

I tried and it indeed returns me valid session result, but the problem is I still need to know all the current valid user names that are using this application. (I don't know how to get them using Redis Store, again I can store in Redis and get them, but I want to know if there is better approach).

This is the piece of code, this is the way I can get current user from one of the many users that are currently using the system, if I know the session id.

    final Session session = redisOperationsSessionRepository.getSession(sessionid);

    final Object obj = session.getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY);
    if (obj instanceof SecurityContext) {
        final SecurityContext context = (SecurityContext) obj;
        final Authentication authentication = context.getAuthentication();
        if (authentication != null) {
            final Object principal = authentication.getPrincipal();
            if (principal != null && principal instanceof CurrentUser) {
                return (CurrentUser) principal;
            }
        }
    }

Now I can use above logic to get all the current user, but again I should all the valid session ids, which I don't know how to get from Redis store.

New Update : https://github.com/spring-projects/spring-session/issues/255 Here in this link, I can probably get all the session ids and look for active sessions in RedisOperationSessionRepository, but might result in performance issues.

I am not sure if I made myself clear, but can't we tell something to Redis using spring session api, just give me all the valid sessions and their current user that are currently log in. (based on last accessed time or something like that).

Thank you

Uyekawa answered 10/3, 2016 at 16:23 Comment(0)
S
0

Redis is basically a key-value store and does not provide such querying features.

However, you should be able to list all session using a KEYS request, then filter them on a last-activity basis, but with drawbacks mentioned in the github issue you have mentioned.

You should probably consider logging users activities in a datastore that supports relational querying, keeping Redis as a fast session store.

Selfimmolating answered 19/4, 2016 at 8:41 Comment(2)
yeah currently I am listing all session using KEYS, and it is expensive operation. probably one option is to have a flag against user in database to store if he is log in or not and then based on this flag and username, FindByUsernameSessionRepository can be used.Uyekawa
KEYS * is the request I was looking for, in case it helps anyoneDemasculinize
T
0

If your keys have a common prefix or suffix using redis-scan command is a good non-blocking way of accessing the data. KEYS command is very expensive, especially if the data that it iterates/fetches is huge. And is not recommended to use in the production systems.

Note - my answer is just a simple work-around with only a minimal change to your code and not the exact answer for your question.

Triptych answered 11/11, 2021 at 14:35 Comment(0)

© 2022 - 2025 — McMap. All rights reserved.