Reputation: 464
Spring boot jdbc session only for logged-in users
I am using Spring Session JDBC in my spring boot application and it's working fine. But it's resulting into lot of calls to database. I want to only invoke the jdbc session management for authenticated users and the anonymous users can keep using the default spring session management. Is there a way to do this?
Upvotes: 2
Views: 314
Answers (3)
Reputation: 14830
If possible you should avoid creating sessions for unauthenticated users. If no session is created, no database queries will be done.
The default session creation policy IF_REQUIRED already supports this behaviour.
Upvotes: 0
Reputation: 1
It's not so neglectable on ddos/penetration testing even you bruteforce the main domain of the app, with a postgres database behind has the side effect to fill the pg_wal and crash the database.
Upvotes: 0
Related Questions
- Use spring session JDBC with existing database (not springboot)
- Restrict creation of Sessions which do not have principal
- Spring session jdbc
- Spring Session with JDBC - How to Use a Separate DB as a Session Store
- Spring session jdbc fails to start
- Session in Spring Boot application
- Adding Jdbc sessions to spring boot
- Persist Spring Session without Spring Security
- Spring session with JDBC integration
- Configure JDBC Authentication in Spring Boot