Server Session
- Servlet container (e.g. Tomcat, Jetty) managed sessions
Configuration
- timeout : 기본값 30분(15m)
server:
servlet:
session:
timeout: 1800s # 초단위
cookie: # 세션 쿠키
max-age: 15m # 15 minutes
http-only: true
secure: true Spring Session
- Spring Session provides an API and implementations for managing a user’s session information.
- Provides the ability to persist session information in external session stores
- redis, jdbc 같은 저장소 이용가능
configuration
spring:
session:
timeout: 1m
redis:
namespace: spring:session
data:
redis:
host: 192.168.0.16
port: 6379gradle
dependencies{
implementation 'org.springframework.boot:spring-boot-starter-data-redis'
implementation 'org.springframework.session:spring-session-data-redis'
}application.yaml
spring:
redis:
host: localhost
port: 6379
session:
store-type: redisSessionConfig
@Configuration
@EnableRedisHttpSession
public class SessionConfig {
}Stateless
- session 사용하지 않기
application.yaml
server:
servlet:
session:
enabled: false
persistence: nonespring security 를 사용하는 경우
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
// ... other security configurations ...
}
}
java 정리