How to solve common problems using SpringSession in SpringBoot2.x version

SpringBoot2.x SpringSession Traps

Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.boot. autoconfigure.session.SessionAutoConfiguration$ServletSessionRepositoryValidator': Invocation of init method failed; nested exception is org.springframework.boot.autoconfigure.session.SessionRepositoryUnavailableException: No session repository could be auto-configured, check your configuration (session store type is 'redis' )

This is because the spring-session-data-redis dependency is missing.

About SpringBoot2. When spring-session-core is used, spring-session-data-redis is not loaded. Users need to add dependencies between spring-session and redis.

Springboot 2.x Traps - Cross-domain leads to session problems

Currently, the mainstream in the IT industry is to separate the front-end and back-end, but there will definitely be cross-domain problems during the separation process.

What is cross-domain?

means that when the browser requests resources from a webpage of one domain name to another domain name, if the domain name, port, or protocol are different, it is cross-domain.

Scenarios encountered

When we use springboot shrio vue for background management projects, we cannot obtain the currently logged-in user of shiroSession,

So we checked, online It is said that it is enough to let the session pass when crossing domains

Backend

 <!--SpringSession依赖-->
 <dependency>
  <groupId>org.springframework.session</groupId>
  <artifactId>spring-session-core</artifactId>
 </dependency>
 <!--SpringSessionRedis依赖-->
 <dependency>
  <groupId>org.springframework.session</groupId>
  <artifactId>spring-session-data-redis</artifactId>
 </dependency>

Frontend

#使用使用Redis缓存session数据
spring.session.store-type=REDIS
#Redis服务器地址
spring.redis.host=127.0.0.1
#Redis服务器端口号
spring.redis.port=6379

But it still remains the same after setting it NoAfter a day of Baidu and troubleshooting, I rolled back to springboot 1.x and there was no such problem, so I found out that the cause was caused by upgrading to springboot 2.x. Well, I have caught the murderer. Now I can take the right medicine. I went online to read about the issues related to upgrading springboot to 2.x spring session.

Finally discovered the new world. In spring-session 2.x, SameSite was actually introduced in Cookie. Its default value is Lax. Okay, let’s take a look at what this is?

SameSite Cookie is used to prevent CSRF attacks. It has two values: Strict and Lax

SameSite = Strict:

means strict mode , indicating that this cookie cannot be used as a third-party cookie under any circumstances;

SameSite = Lax:

means relaxed mode, which can be used as the first in a GET request Third-party cookies, but cannot carry cookies for cross-domain post access (this is very painful, our verification interface is POST request) Summary: The front-end requests to the backend, and each session is different. Each time is a new session, resulting in no user information being obtained

Solution:

Set SameSite to empty

@Configuration
public class CorsConfig {
    private CorsConfiguration buildConfig() {
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        corsConfiguration.setAllowCredentials(true);
        // 允许任何域名使用
        corsConfiguration.addAllowedOrigin("*");
        // 允许任何头
        corsConfiguration.addAllowedHeader("*");
        // 允许任何方法（post、get等）
        corsConfiguration.addAllowedMethod("*");
        corsConfiguration.setMaxAge(3600L);
        return corsConfiguration;
    }
    @Bean
    public CorsFilter corsFilter() {
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        // 对接口配置跨域设置
        source.registerCorsConfiguration("/**", buildConfig());
        return new CorsFilter(source);
    }
}

The above is the detailed content of How to solve common problems using SpringSession in SpringBoot2.x version. For more information, please follow other related articles on the PHP Chinese website!