JarCasting
JarCasting JarCasting

Onepiece.x Session-Share

session share 通常的做法 放入redis/memcached/jdbc/hazelcast等 我的做法是 把session的所有数据通过AES对称加密 放入cookie中 我使用cookie来存放session的所有数据 思想来源于ninjaframework 的 session实现

License

License
GroupId

GroupId

com.github.onepiecex
ArtifactId

ArtifactId

onepiecex-session-share
Last Version

Last Version

1.65
Release Date

Release Date
Type

Type

pom
Description

Description

Onepiece.x Session-Share
session share 通常的做法 放入redis/memcached/jdbc/hazelcast等 我的做法是 把session的所有数据通过AES对称加密 放入cookie中 我使用cookie来存放session的所有数据 思想来源于ninjaframework 的 session实现
Project URL

Project URL

https://github.com/onepiecex/session-share
Source Code Management

Source Code Management

https://github.com/onepiecex/session-share

Download onepiecex-session-share

Filename Size
onepiecex-session-share-1.65.pom 8 KB
Browse

How to add to project

<!-- https://jarcasting.com/artifacts/com.github.onepiecex/onepiecex-session-share/ -->
<dependency>
    <groupId>com.github.onepiecex</groupId>
    <artifactId>onepiecex-session-share</artifactId>
    <version>1.65</version>
    <type>pom</type>
</dependency>
// https://jarcasting.com/artifacts/com.github.onepiecex/onepiecex-session-share/
implementation 'com.github.onepiecex:onepiecex-session-share:1.65'
// https://jarcasting.com/artifacts/com.github.onepiecex/onepiecex-session-share/
implementation ("com.github.onepiecex:onepiecex-session-share:1.65")
'com.github.onepiecex:onepiecex-session-share:pom:1.65'
<dependency org="com.github.onepiecex" name="onepiecex-session-share" rev="1.65">
  <artifact name="onepiecex-session-share" type="pom" />
</dependency>
@Grapes(
@Grab(group='com.github.onepiecex', module='onepiecex-session-share', version='1.65')
)
libraryDependencies += "com.github.onepiecex" % "onepiecex-session-share" % "1.65"
[com.github.onepiecex/onepiecex-session-share "1.65"]

Dependencies

There are no dependencies for this project. It is a standalone project that does not depend on any other jars.

Project Modules

  • session-share-core
  • session-share-spring-boot-starter

session-share

session 共享 通常的做法 放入redis/memcached/jdbc/hazelcast等

我的做法是 把session的所有数据通过AES对称加密 放入cookie中 我使用cookie来存放session的所有数据

session里不应该存放大数据, 建议只存放一些简单的ID

思想来源于ninjaframework 的 session实现

基于servlet-3.1

参考 spring-session的设计思路

  • 加入一个filter

  • 利用HttpServletRequestWrapper, 实现自己的 getSession()方法 接管创建和管理Session数据的工作

  • 利用HttpServletResponseWrapper 进行session数据的 save操作

  • client request -> filter -> decrypt cookie to session

  • response close(send or flush) -> encrypt session data to cookie

使用

spring-boot

<dependency>
    <groupId>com.github.onepiecex</groupId>
    <artifactId>onepiecex-session-share-spring-boot-starter</artifactId>
    <version>1.65</version>
</dependency>

配置(application.yaml)

session :
  # session cookie 的名称前缀
  prefix : prefix_cookie
  #设置为true 之后 js脚本将无法读取到cookie信息
  http_only : false
  #设置为true 之后 cookie 只能在 HTTPS 连接中被浏览器传递到服务器端进行会话验证
  transferred_over_https_only : false
  # 过期时间
  expire_time_in_seconds : 86400
  # domain
  domain : localhost
  # 加密密钥
  secret : eti8KrqgL2VYtizjeti8KrqgL2VYtizj
@GetMapping
public Map<String,String> login(Session session){
    session.setAttribute("uid", RandomUtils.nextInt());
    Integer uid = session.getAttribute("uid",Integer.class);
    return session.getData();
}

Session Interface

public interface Session extends HttpSession {
    String getString(String name);
    
    <T> T getAttribute(String name,Class<T> cls);
    
    <T> T getValue(String name,Class<T> cls);
    
    Map<String,String> getData();
}

解密

String data = CookieEncryption.getInstance(secret).decrypt(data)
Map<String, String> sessionData = new HashMap();
CookieDataCodec.decode(sessionData,data);

其他框架

<dependency>
  <groupId>com.github.onepiecex</groupId>
  <artifactId>onepiecex-session-share-core</artifactId>
  <version>1.65</version>
</dependency>

自行加入Filter

SessionShareRequestWrapper requestWrapper = new SessionShareRequestWrapper(request,springSessionConfig);
SessionShareResponseWrapper responseWrapper = new SessionShareResponseWrapper(response,requestWrapper);
chain.doFilter(requestWrapper,responseWrapper);

License

Copyright (C) 2017 onepiece.x, Inc.

This work is licensed under the Apache License, Version 2.0. See LICENSE for details.

com.github.onepiecex

Versions

Version
1.65
1.64
1.63
1.61
1.6
1.5