Sachin
Reputation: 527
Session Control with Redis
How do I implement Session Control, when I use @EnableRedisWebSession on my security chain? Spring Session automatically creates beans that implement @websession and @WebsessionStore But the function below, in order to autowire WebSessionStore, needs to see a manual implementation of WebsessionStore, so what do I do?
@Component
internal class SessionControl(
private val reactiveSessionRegistry: SpringSessionBackedReactiveSessionRegistry<ReactiveRedisIndexedSessionRepository.RedisSession>,
private val webSessionStore: WebSessionStore
) {
fun invalidateSessions(username: String): Mono<Void> {
return reactiveSessionRegistry.getAllSessions(username)
.flatMap { session ->
session.invalidate() // invalidate the session
.then(webSessionStore.removeSession(session.sessionId)) // remove from WebSessionStore
.then(Mono.just(session)) // ensure the session object is returned for logging or further processing if needed
}
.then() // complete the Mono after processing all sessions
}
}
Upvotes: 0
Views: 43
Answers (0)
Related Questions
- Security Context with HttpSessionSecurityContextRepository always returns 403 after successful authentication, Spring Boot 3.3
- Invalidate the session of a user (not the current) in Spring Security
- Spring Session Management with Redis
- How to logout User in Spring Security with external call
- Session isn't destroyed just after being expired (invalidated) manually in Spring Security
- Spring session with redis - how to mock it in integration tests?
- Using SpringSessionBackedSessionRegistry with Redis Session Repository
- Spring Security with Openid and Database Integration
- Request scope being initialised multiple times
- Clear Spring Session on Login?