Contents of articles

Scenario description session container add session remove session logout session failure

Supplement: listen to the change of session property. Session is independent of other session sharing schemes

Scene description

In the spring boot project, in order to simplify the message module, if there is a new message, write it to the database first. If the user is online, set newmessage flag = true in the session of the user receiving the message. The front end only needs to poll the session each time, and does not need to visit the database each time
the session needs to be obtained according to the user ID, so if the user logs in successfully, call the put method, log out or if the session fails, call remove.

Session container

Stores the session of the logged in user

public class LoggedUserSessionContext{
	//The default capacity is 16, you can set a reasonable initial value according to the number of visits to your site to avoid frequent expansion at the beginning.
    private static Map<Integer, HttpSession> sessionMap = new ConcurrentHashMap<>(128);

    public static HttpSession putIfAbsent(Integer userId, HttpSession session) {
    	// previously logged in a client, then return that session, to achieve multi-party login session sharing
	    return sessionMap.putIfAbsent(userId, session);        
    }

    public static void remove(Integer userId) {
        sessionMap.remove(userId);
    }
 
    public static HttpSession getSession(Integer userId) {
        return sessionMap.get(userId);
    }

}

Add session

After the user logs in successfully, execute the following code snippet

HttpSession session = LoggedUserSessionContext.getSession(user.getId());
            if(session != null){
                //Use the previously logged in id
                SpringUtil.setCookie("JSESSIONID", session.getId(), 60 * 30);
			}else{
				session = SpringUtil.getRequest().getSession();
				session.setAttribute(SessionKey.USER, user);
				LoggedUserSessionContext.putIfAbsent(user.getId(), session);
			}

After successful registration, execute the following code snippet

HttpSession session = SpringUtil.getRequest().getSession();
			session.setAttribute(SessionKey.USER, user);
			LoggedUserSessionContext.putIfAbsent(user.getId(), session);

Remove session

On cancellation

User user = (User)session.getAttribute(SessionKey.USER);
LoggedUserSessionContext.remove(user.getId());
session.invalidate();

When session fails

Use the listener to monitor the implementation of session and implement the HttpSessionListener interface

import javax.servlet.annotation.WebListener;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;

@WebListener
public class SessionListener implements HttpSessionListener {

    //Note: HttpServletRequest's getSession() method, if the current request does not correspond to the session will automatically create a session.
    //Using getSession(false) will not create session, if there is no session corresponding to the current request, it will return null.

   
    //New session created if unknown user browsing
    @Override
    public void sessionCreated(HttpSessionEvent event) {

    }

    //session Destroy User offline, logout login
    @Override
    public void sessionDestroyed(HttpSessionEvent event) throws ClassCastException {
        HttpSession session = event.getSession();
        Object userObj = session.getAttribute(SessionKey.USER);
        if(userObj != null){
        	User user = (User)userObj;
        	LoggedUserSessionContext.remove(user.getId());
        }
        
    }

}

Supplement:

Listen for the change of session property

---

With HttpSessionAttributeListener * * it is not recommended to listen to HttpSessionAttributeListener * * because it is too frequent

import java.util.HashSet;

import javax.servlet.ServletContext;
import javax.servlet.annotation.WebListener;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionAttributeListener;
import javax.servlet.http.HttpSessionBindingEvent;
import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;

@WebListener
public class SessionListener implements HttpSessionListener, HttpSessionAttributeListener {

    //注Meaning: HttpServletRequest's getSession() method, if the current request does not correspond to the session will automatically create a session.
    //use getSession(false) will not create session, if there is no session corresponding to the current request, it will return null.

    //add property user login 
    @Override
    public void attributeAdded(HttpSessionBindingEvent httpSessionBindingEvent) {
        HttpSession session = httpSessionBindingEvent.getSession();
    }

    //Delete Properties User Logout
    @Override
    public void attributeRemoved(HttpSessionBindingEvent httpSessionBindingEvent) {
        logger.info("--attributeRemoved--");
    }

    //Property substitution Information change
    @Override
    public void attributeReplaced(HttpSessionBindingEvent httpSessionBindingEvent) {
        
    }

    //New session creation If unknown user browsing
    @Override
    public void sessionCreated(HttpSessionEvent event) {
        HttpSession session = event.getSession();
        MySessionContext.AddSession(event.getSession());
    }

    //session Destroy User offline, logout login
    @Override
    public void sessionDestroyed(HttpSessionEvent event) throws ClassCastException {
        HttpSession session = event.getSession();
        MySessionContext.DelSession(session);
    }

}

Session independence

Instead of sharing sessions, you can use code logic to set pseudo sharing and change the container and data structure where sessions are stored

 private static Map<Integer, List<HttpSession>> sessionMap  = new ConcurrentHashMap<>(128);

In this way, each terminal can use session without affecting each other.