GitHub-Spring
/
spring-framework
mirror of https://github.com/spring-projects/spring-framework.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Allow update of existing WebSession after max sessions limit is reached 

Previously, when saving a WebSession, the system did not check whether
the session ID already existed. As a result, even if the session being
saved was an update to an existing one, it was incorrectly treated as a
new session, and a "maximum sessions exceeded" error was triggered.

This fix ensures that if a WebSession with the same ID already exists,
it will be updated rather than counted as a new session, thereby
preventing unnecessary session limit violations.

Closes gh-35013

Signed-off-by: Mohammad Saeed Nouri <msnsaeed71@gmail.com>
pull/35405/head
Mohammad Saeed Nouri 6 months ago committed by Sam Brannen
parent
3c265e1044
commit
c04902fefb
2 changed files with 21 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      spring-web/src/main/java/org/springframework/web/server/session/InMemoryWebSessionStore.java
  2. 20
      spring-web/src/test/java/org/springframework/web/server/session/InMemoryWebSessionStoreTests.java

2
spring-web/src/main/java/org/springframework/web/server/session/InMemoryWebSessionStore.java
Unescape View File

@ -283,7 +283,7 @@ public class InMemoryWebSessionStore implements WebSessionStore { @@ -283,7 +283,7 @@ public class InMemoryWebSessionStore implements WebSessionStore {
private void checkMaxSessionsLimit() {
if (sessions.size() >= maxSessions) {
expiredSessionChecker.removeExpiredSessions(clock.instant());
if (sessions.size() >= maxSessions) {
if (sessions.size() >= maxSessions && !sessions.containsKey(this.getId())) {
throw new IllegalStateException("Max sessions limit reached: " + sessions.size());
}
}

20
spring-web/src/test/java/org/springframework/web/server/session/InMemoryWebSessionStoreTests.java
Unescape View File

@ -23,6 +23,7 @@ import java.util.stream.IntStream; @@ -23,6 +23,7 @@ import java.util.stream.IntStream;
import org.junit.jupiter.api.Test;
import reactor.core.scheduler.Schedulers;
import reactor.test.StepVerifier;
import org.springframework.beans.DirectFieldAccessor;
import org.springframework.web.server.WebSession;
@ -157,6 +158,25 @@ class InMemoryWebSessionStoreTests { @@ -157,6 +158,25 @@ class InMemoryWebSessionStoreTests {
.withMessage("Max sessions limit reached: 10");
}
@Test
void updateSession() {
WebSession oneWebSession = insertSession();
StepVerifier.create(oneWebSession.save())
.expectComplete()
.verify();
}
@Test
void updateSession_whenMaxSessionsReached() {
WebSession onceWebSession = insertSession();
IntStream.range(1, 10000).forEach(i -> insertSession());
StepVerifier.create(onceWebSession.save())
.expectComplete()
.verify();
}
private WebSession insertSession() {
WebSession session = this.store.createWebSession().block();

Write Preview
Loading…
Cancel
Save