Add rich session cookie config property for WebFlux
No Session Repository
-
[x] Provide
spring.webflux.session.cookie.*properties.Provide configuration items to configure cookies instead of programmatically.
-
[x] Provide
spring.webflux.session.timeoutproperties.Conveniently set session expiration time.
Integrated spring-session
- [x] Make the current spring.webflux.session.cookie.same-site configuration items meaningful.
-
[x]
spring.webflux.session.cookie.*properties adaptation spring-session -
[x]
spring.webflux.session.timeoutandspring.session.timeoutare equivalent
However, spring.session.timeout has a higher priority.
Comment From: snicoll
@weixsun thanks for the PR. I am curious, what lead you to submit this? Are you using this in your own project?
Comment From: weixsun
@snicoll Thank you for your attention.
what lead you to submit this?
- You should have noticed that this pr is closely related to #26437. It is not necessary to set the session separately and repeatedly in the code of each project every time (Of course, if you like, you can also set the session in an encoding way, which is the reason for the existence of #26437)
- If you don't integrate spring-session and want to set the session expiration time, it is currently not supported and can only endure the default value of 30m, unless the developer does work similar to this pr.
Are you using this in your own project?
Yes, this pr is derived from the needs of a microservice module in our actual project. This microservice module does not need to integrate spring-session in its architectural design, so when you want to set the session expiration time and cookie-related attributes , That the way of providing configuration is better than the way of encoding.
The advantages of adding these configurations must outweigh the disadvantages. I am not good at words and can only describe the general meaning, but the final result is still determined by experienced spring-boot members.
Comment From: snicoll
I've rebased and squashed all the commits into one so @weixsun please do not push further update for now.
I was looking at the current arrangement where we have server.servlet.session.cookie.* for MVC. This PR adds a number of items that can be honored using webflux under spring.webflux.session.cookie.*, including a spring.webflux.session.timeout that aligns with server.servlet.session.timeout.
Before we start duplicating these properties, I'd like to reach out to the team again and verify this is what we want to do.
Comment From: philwebb
Thanks very much for your work on this @weixsun, this is now merged this into main. I've made a made a few refinements, the main one being relocating spring.webflux.session to server.reactive.session. This help align the properties with the servlet versions in server.servlet.session.
Thanks again for driving this!
Comment From: DidierLoiseau
Am I right that the new properties are not documented? I can see that server.reactive.session.timeout is documented but not any of the server.reactive.session.cookie ones.
I could only find a small mention of the new properties in the SB 2.6 Release notes.
Comment From: wilkinsona
You are right, @DidierLoiseau. Thanks for spotting this. I've opened #31896.