How to expire user sessions properly? #44

AlexeyPotopakhin · 2018-10-11T11:11:55Z

Hello, I'm using

Spring Boot 2.1.0.M4
Spring Session Data Mongodb 2.1.0.BUILD-SNAPSHOT

I'm trying to expire sessions for current user:

@GetMapping("kill_my_sessions")
    public ResponseEntity<?> killMySessions() {
        final var currentUserId = currentUserService.getId().toString();

        // All user sessions
        var sessions = mongoOperationsSessionRepository
                .findByIndexNameAndIndexValue(
                        FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME,
                        currentUserId);

        // Expiring all user sessions
        sessions.forEach((id, session) -> {
            session.isExpired(); // false
            session.setExpireAt(new Date());
            session.isExpired(); // true
            mongoOperationsSessionRepository.save(session); // ok
        });

        return ResponseEntity.ok().build();
    }

BUT some other thread executes save() method with old not-expired session and overwrites expired session in DB after all sessions were expired.

spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/MongoOperationsSessionRepository.java

Line 97 in e4f85bc

public void save(MongoSession session) {

So, should save() do check for the session expiration in DB before save? Thank you.

The text was updated successfully, but these errors were encountered:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

How to expire user sessions properly? #44

How to expire user sessions properly? #44

AlexeyPotopakhin commented Oct 11, 2018

How to expire user sessions properly? #44

How to expire user sessions properly? #44

Comments

AlexeyPotopakhin commented Oct 11, 2018