how to make sure my Session same with Servlet has created httpservletrequest 's session

Wei Chun Source

I new to Spring Session with Jdbc, I confusing that I have created session and save in database, how can I make sure each HttpServletRequest created in servlet container is same with my server side session? How can I filter each request comming from servlet with valid session?

package sessioncontrol.page;

import java.io.IOException;
import java.time.Duration;
import java.util.Map;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.session.FindByIndexNameSessionRepository;
import org.springframework.session.Session;
import org.springframework.session.jdbc.config.annotation.web.http.EnableJdbcHttpSession;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.SessionAttributes;

import lombok.extern.log4j.Log4j2;

@Log4j2
@Controller
@EnableJdbcHttpSession
@SessionAttributes("trans")
public class SessionControl <S extends Session> implements Filter {
    @Autowired private FindByIndexNameSessionRepository<S> sessionRepository;
    @Autowired SessionService service;

@ModelAttribute("trans")
public TransactionModel setupSessionModel(){
    return new TransactionModel();
}

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    HttpServletResponse httpresp = (HttpServletResponse) response;
    httpresp.setHeader("Cache-Control", "no-cache, no-store, must-revalidate");
    httpresp.setHeader("Pragma", "no-cache");
    httpresp.setDateHeader("Expires", 0);
    chain.doFilter(request, response);
}

@RequestMapping(value="flpage", method=RequestMethod.GET)
public String showPage(HttpServletRequest request, HttpServletResponse response,
        Model model, @ModelAttribute("mid") String mid, @ModelAttribute("oid") String oid, @ModelAttribute("trans") TransactionModel tm) {
    log.info("flpage GET :: " + mid);
    log.info("flpage GET :: " + oid);

    String principalName = null;
    if(mid != "" && oid != ""){
        principalName = mid + oid;
        tm.setMid(mid);
        tm.setOid(oid);
    }else{
        model.addAttribute("msg", "***Empty paramters!");
        return "invalidsession";
    }

    Map<String, S> sessioncheck = sessionRepository.findByIndexNameAndIndexValue(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME, principalName);
    log.info("Session > 0 :: " + sessioncheck.size());
    if(sessioncheck.size() > 0){
        model.addAttribute("msg", "***Duplicate session found!");
        return "invalidsession";
    }else{
        HttpSession clientSession = request.getSession();
        clientSession.setAttribute("sessiondetail", principalName);

        S session = sessionRepository.createSession();
        session.setAttribute(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME, principalName);
        session.setMaxInactiveInterval(Duration.ofSeconds(12000));
        sessionRepository.save(session);
        tm.setSid(session.getId());


        log.info("***Session Created!");
        log.info("Session ID :: " + session.getId());
        log.info("Creation Time :: " + session.getCreationTime());
        log.info("Principal Name :: " + session.getAttribute(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME));
    }

    return "flpage";
}

@RequestMapping(value="flpage", method=RequestMethod.POST)
public String finishedProcess(HttpServletRequest request, HttpServletResponse response,
        Model model, @ModelAttribute("trans") TransactionModel _tm){
    log.info("flpage POST :: " + _tm.getMid());
    log.info("flpage POST :: " + _tm.getOid());
    log.info("flpage POST :: " + _tm.getSid());

    return "redirect:http://localhost:8088/thirdmerchant/thirdpage";
}

Currently if user click back button, I only can control the page that I created session, if user spam clicking back button, it will return until the beginning. Thanks in advance for any comment or replies.

javaspringspring-mvcspring-session

Answers

comments powered by Disqus