Spring Session

Rob Winch;Vedran Pavić;Jay Bryant;Eleftheria Stein-Kousathana

Rob Winch; Vedran Pavić; Jay Bryant; Eleftheria Stein-Kousathana

Spring Session 为管理用户会话信息提供了一个 API 和实现。

Spring Session provides an API and implementations for managing a user’s session information.

Spring Session 为管理用户会话信息提供了一个 API 和实现,同时还可轻松支持群集会话,而无需受制于特定于应用程序容器的解决方案。它还提供与以下内容的透明集成:

Spring Session provides an API and implementations for managing a user’s session information while also making it trivial to support clustered sessions without being tied to an application container-specific solution. It also provides transparent integration with:

  • HttpSession: Allows replacing the HttpSession in an application container-neutral way, with support for providing session IDs in headers to work with RESTful APIs.

  • WebSocket: Provides the ability to keep the HttpSession alive when receiving WebSocket messages

  • WebSession: Allows replacing the Spring WebFlux’s WebSession in an application container-neutral way.

Understanding the Problem That Spring Session Solves

当用户与 Web 应用程序交互时,服务器创建会话来跟踪他们的活动。此会话可能存储用户信息(如用户首选项、登录状态和购物车内容)。但是,由于会话通常存储在服务器的内存中,因此在分布式环境中可能会出现问题。

When a user interacts with a web application, the server creates a session to keep track of their activity. This session may store information such as user preferences, login status, and shopping cart contents. However, sessions can be problematic in a distributed environment, as they are typically stored on the server’s memory.

为了更好地理解 Spring Session 解决的问题,我们首先可视化以下图表:

To better understand the problem that Spring Session solves, let’s first visualize the following diagram:

inmemory sessions
Figure 1. In-Memory Sessions

在上图中,每个 Spring 应用程序都将会话存储在仅他们自己可访问的地方,通常在服务器的内存中,但这在分布式环境中可能存在问题。想象一下 Spring App #2 收到具有会话 #3 的请求的情况,该应用程序将无法读取会话数据,因为它存储在 Spring App #1 的内存中。要解决此问题,我们需要实现某种共享会话存储,如我们在下图中看到的:

In the diagram above, each Spring application is storing its sessions in a place where only themselves can access them, usually in the server’s memory, but this can be a problem in a distributed environment. Imagine a situation where Spring App #2 receives a request with Session #3, the application will not be able to read the session data because it is stored in Spring App #1’s memory. To solve this problem we need to implement some kind of Shared Session Storage as we can see in the diagram below:

shared session storage
Figure 2. Shared Session Storage

通过上述设置,会话对可访问会话存储的每个应用程序均可用。

With the above setup, the sessions become available for every application that has access to the session storage.

Spring Session 在应用程序和会话管理之间提供了一层抽象。它允许将会话数据存储在各种永久化存储中,例如关系数据库、NoSQL 数据库等。

Spring Session provides a layer of abstraction between the application and the session management. It allows the session data to be stored in various persistent stores, such as relational databases, NoSQL databases, and others.

使用 Spring Session,您可以使用相同的 API 来管理会话,而无需考虑使用的永久化存储。这样,无需更改应用程序代码即可在存储之间轻松切换。Spring Session 还提供诸如会话过期和不同 Web 应用程序之间的跨上下文通信等功能。

With Spring Session, you can use the same API to manage sessions, regardless of the persistent store used. This makes it easier to switch between stores without changing the application code. Spring Session also provides features such as session expiry and cross-context communication between different web applications.

总体而言,Spring Session 简化了 Web 应用程序中的用户会话管理,让您能更轻松地专注于构建应用程序的核心功能。

Overall, Spring Session simplifies the management of user sessions in web applications, making it easier for you to focus on building the core features of their applications.

以下是 Spring Session 的一些常见用例:

Here are some common use cases for Spring Session:

  • Distributed web applications: If you have a web application distributed across multiple servers, managing user sessions can be challenging. Spring Session can help by storing the session data in a shared database or Redis, allowing all servers to access and update session data.

  • Session scalability: In a large web application with many concurrent users, storing sessions in memory on the server can lead to scalability issues. Spring Session allows you to store session data in a persistent store, improving scalability and reducing the risk of out-of-memory errors.

  • Session backup and recovery: Storing session data in a persistent store can also provide a mechanism for backing up and recovering session data in case of server failure or downtime.

Spring Session Community

我们很高兴您成为我们社区的一员。以下部分提供了有关如何与 Spring 会话社区互动的一些附加信息。

We are glad to consider you a part of our community. The following sections provide additional about how to interact with the Spring Session community.

Support

您可以标记请求 link:https://stackoverflow.com/questions/tagged/spring-session[Stack Overflow with the spring-session 部分来获得帮助。同样,我们鼓励在 Stack Overflow 上回答问题来帮助他人。

You can get help by asking questions on Stack Overflow with the spring-session tag. Similarly, we encourage helping others by answering questions on Stack Overflow.

Source Code

你可以在 [role="bare"][role="bare"]https://github.com/spring-projects/spring-session/ 上的 GitHub 中找到源代码。

You can find the source code on GitHub at [role="bare"]https://github.com/spring-projects/spring-session/

Issue Tracking

我们在 [role="bare"][role="bare"]https://github.com/spring-projects/spring-session/issues 上的 GitHub 中跟踪问题。

We track issues in GitHub issues at [role="bare"]https://github.com/spring-projects/spring-session/issues

Contributing

我们感谢 pull requests

We appreciate pull requests.

License

Spring Session 是在 Apache 2.0 license 下发布的开源软件。

Spring Session is Open Source software released under the Apache 2.0 license.

Community Extensions

Name Location

Spring Session Infinispan

[role="bare"]https://infinispan.org/docs/stable/titles/spring/spring.html

Spring Session Caffeine

[role="bare"]https://github.com/gotson/spring-session-caffeine

Minimum Requirements

Spring 会话的最低要求是:

The minimum requirements for Spring Session are:

  • Java 17+.

  • If you run in a Servlet Container (not required), Servlet 3.1+.

  • If you use other Spring libraries (not required), the minimum required version is Spring 6.0.x.

  • @EnableRedisHttpSession requires Redis 2.8+. This is necessary to support Session Expiration

  • @EnableHazelcastHttpSession requires Hazelcast 3.6+. This is necessary to support FindByIndexNameSessionRepository

Spring Session 的核心部分仅必需依赖于 spring-jcl。有关在没有任何其他 Spring 依赖项的情况下使用 Spring Session 的示例,请参见 hazelcast sample 应用程序。

At its core, Spring Session has a required dependency only on spring-jcl. For an example of using Spring Session without any other Spring dependencies, see the hazelcast sample application.