Spring Boot: Sessions
How to make the stateless HTTP protocol stateful
Sessions, in General
The HTTP protocol is, by design, a stateless protocol.
- Recall that HTTP is the protocol by which web clients (e.g. browsers) communicate with web servers (e.g. a Spring Boot application).
- HTTP consists of requests and responses.
- To say that HTTP is stateless means is that the HTTP protocol is designed so that every request, and response, in principle, is independent of every other request and response.
- The server is not supposed to have to “keep track” of anything.
But in reality, many web applications actually need some state, typically in the form of a User Session
- That is, series of requests and responses that are all connected
- The session starts when the user starts interacting with the application (typically, though not always, by authenticating with a username/password)
- During the session, some state is associated with the session, typically in the form of key/value pairs
- When the session is complete, this state is discarded, and the session is done, either when:
- The user logs out, or otherwise indicates that they session is over
- The server determines that the session has been inactive and so it cancels it because it has “expired” or “timed out”
Most web frameworks have some way of maintaining user sessions, and Spring Boot is no exception.
Sessions in Spring Boot
Sessions in Spring Boot can be “backed” by some kind of persistent storage. Some options include:
- an SQL database
- a service such as Redis
Why we prefer JDBC/SQL for Spring Sessions in CS56
We don’t want CS56 student to have to have a credit card to do their homework.
Accordingly, we restrict ourselves to the parts of Heroku that do not require entering a credit card.
That includes Heroku Postgres, but leaves our Heroku Redis.
So, while Redis may have some advantages over SQL databases for this purpose, for our purposes in CS56, we will use an SQL database.
References
- https://www.baeldung.com/spring-session-jdbc
- https://www.javainuse.com/spring/springboot_session
- https://docs.spring.io/spring-session/docs/current/reference/html5/guides/boot-redis.html
Related topics:
- Spring Boot: —A Java web application framework
- Spring Boot: Actuator—Checking the endpoint mappings, health or other info about your Spring Boot app
- Spring Boot: Application Properties—Defining the application.properties
- Spring Boot: ControllerAdvice—A place to factor out common ExceptionHandler, ModelAttribute and InitBinder code across multiple controllers
- Spring Boot: CSV—Downloading and Uploading CSV files with Spring Boot
- Spring Boot: Database Migrations—When you need to make a change to your database schema for an app in progress
- Spring Boot: Heroku—Tips for running with Spring Boot applications on Heroku
- Spring Boot: Logging—How to write information to the log in Spring Boot
- Spring Boot: OAuth—How to implement OAuth for authentication in Spring Boot
- Spring Boot: POST and CSRF—If you get 403 forbidden messages when using POST
- Spring Boot: Postgres—Using Spring Boot with Postgres
- Spring Boot: RestTemplate—When you need to access other APIs from the backend of your Spring Boot Application
- Spring Boot: Secrets—Ways of keepings database credentials and OAuth client secrets out of Github
- Spring Boot: Security—Authentication, Authorization and other Security issues
- Spring Boot: Sessions—How to make the stateless HTTP protocol stateful
- Spring Boot: SQL—Working with SQL and Databases in Spring Boot
- Spring Boot: VS Code—Suggested VS Code extensions for working with Spring Boot