Home how to make sure my Session same with Servlet has created httpservletrequest 's session
Reply: 0

how to make sure my Session same with Servlet has created httpservletrequest 's session

Wei Chun
1#
Wei Chun Published in 2018-02-14 06:14:11Z

I new to Spring Session with Jdbc, I confusing that I have created session and save in database, how can I make sure each HttpServletRequest created in servlet container is same with my server side session? How can I filter each request comming from servlet with valid session?

package sessioncontrol.page;

import java.io.IOException;
import java.time.Duration;
import java.util.Map;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.session.FindByIndexNameSessionRepository;
import org.springframework.session.Session;
import org.springframework.session.jdbc.config.annotation.web.http.EnableJdbcHttpSession;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.SessionAttributes;

import lombok.extern.log4j.Log4j2;

@Log4j2
@Controller
@EnableJdbcHttpSession
@SessionAttributes("trans")
public class SessionControl <S extends Session> implements Filter {
    @Autowired private FindByIndexNameSessionRepository<S> sessionRepository;
    @Autowired SessionService service;

@ModelAttribute("trans")
public TransactionModel setupSessionModel(){
    return new TransactionModel();
}

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    HttpServletResponse httpresp = (HttpServletResponse) response;
    httpresp.setHeader("Cache-Control", "no-cache, no-store, must-revalidate");
    httpresp.setHeader("Pragma", "no-cache");
    httpresp.setDateHeader("Expires", 0);
    chain.doFilter(request, response);
}

@RequestMapping(value="flpage", method=RequestMethod.GET)
public String showPage(HttpServletRequest request, HttpServletResponse response,
        Model model, @ModelAttribute("mid") String mid, @ModelAttribute("oid") String oid, @ModelAttribute("trans") TransactionModel tm) {
    log.info("flpage GET :: " + mid);
    log.info("flpage GET :: " + oid);

    String principalName = null;
    if(mid != "" && oid != ""){
        principalName = mid + oid;
        tm.setMid(mid);
        tm.setOid(oid);
    }else{
        model.addAttribute("msg", "***Empty paramters!");
        return "invalidsession";
    }

    Map<String, S> sessioncheck = sessionRepository.findByIndexNameAndIndexValue(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME, principalName);
    log.info("Session > 0 :: " + sessioncheck.size());
    if(sessioncheck.size() > 0){
        model.addAttribute("msg", "***Duplicate session found!");
        return "invalidsession";
    }else{
        HttpSession clientSession = request.getSession();
        clientSession.setAttribute("sessiondetail", principalName);

        S session = sessionRepository.createSession();
        session.setAttribute(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME, principalName);
        session.setMaxInactiveInterval(Duration.ofSeconds(12000));
        sessionRepository.save(session);
        tm.setSid(session.getId());


        log.info("***Session Created!");
        log.info("Session ID :: " + session.getId());
        log.info("Creation Time :: " + session.getCreationTime());
        log.info("Principal Name :: " + session.getAttribute(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME));
    }

    return "flpage";
}

@RequestMapping(value="flpage", method=RequestMethod.POST)
public String finishedProcess(HttpServletRequest request, HttpServletResponse response,
        Model model, @ModelAttribute("trans") TransactionModel _tm){
    log.info("flpage POST :: " + _tm.getMid());
    log.info("flpage POST :: " + _tm.getOid());
    log.info("flpage POST :: " + _tm.getSid());

    return "redirect:http://localhost:8088/thirdmerchant/thirdpage";
}

Currently if user click back button, I only can control the page that I created session, if user spam clicking back button, it will return until the beginning. Thanks in advance for any comment or replies.

You need to login account before you can post.

About| Privacy statement| Terms of Service| Advertising| Contact us| Help| Sitemap|
Processed in 0.295129 second(s) , Gzip On .

© 2016 Powered by mzan.com design MATCHINFO