SessionRepositoryFilter (spring-session-core 2.1.5.RELEASE API)

java.lang.Object
- org.springframework.session.web.http.SessionRepositoryFilter<S>

Type Parameters:

S - the Session type.

All Implemented Interfaces:

javax.servlet.Filter
```
@Order(value=-2147483598)
public class SessionRepositoryFilter<S extends Session>
extends java.lang.Object
```
Switches the HttpSession implementation to be backed by a Session. The SessionRepositoryFilter wraps the HttpServletRequest and overrides the methods to get an HttpSession to be backed by a Session returned by the SessionRepository. The SessionRepositoryFilter uses a HttpSessionIdResolver (default CookieHttpSessionIdResolver) to bridge logic between an HttpSession and the Session abstraction. Specifically:
- The session id is looked up using HttpSessionIdResolver.resolveSessionIds(javax.servlet.http.HttpServletRequest) . The default is to look in a cookie named SESSION.
- The session id of newly created Session is sent to the client using
- The client is notified that the session id is no longer valid with HttpSessionIdResolver.expireSession(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
The SessionRepositoryFilter must be placed before any Filter that access the HttpSession or that might commit the response to ensure the session is overridden and persisted properly.
Since:

1.0

Field Summary

Fields
Modifier and Type	Field and Description
`static java.lang.String`	`ALREADY_FILTERED_SUFFIX` Suffix that gets appended to the filter name for the "already filtered" request attribute.
`static int`	`DEFAULT_ORDER` The default filter order.
`static java.lang.String`	`INVALID_SESSION_ID_ATTR` Invalid session id (not backed by the session repository) request attribute name.
`static java.lang.String`	`SESSION_REPOSITORY_ATTR` The session repository request attribute name.

Constructor Summary

Constructors
Constructor and Description

SessionRepositoryFilter(SessionRepository<S> sessionRepository)
Creates a new instance.

Constructors
Constructor and Description
`SessionRepositoryFilter(SessionRepository<S> sessionRepository)` Creates a new instance.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`destroy()`
`void`	`doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain filterChain)` This `doFilter` implementation stores a request attribute for "already filtered", proceeding without filtering again if the attribute is already there.
`protected void`	`doFilterInternal(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain)` Same contract as for `doFilter`, but guaranteed to be just invoked once per request within a single request thread.
`void`	`init(javax.servlet.FilterConfig config)`
`void`	`setHttpSessionIdResolver(HttpSessionIdResolver httpSessionIdResolver)` Sets the `HttpSessionIdResolver` to be used.
`void`	`setServletContext(javax.servlet.ServletContext servletContext)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - SESSION_REPOSITORY_ATTR
```
public static final java.lang.String SESSION_REPOSITORY_ATTR
```
    The session repository request attribute name.
  - INVALID_SESSION_ID_ATTR
```
public static final java.lang.String INVALID_SESSION_ID_ATTR
```
    Invalid session id (not backed by the session repository) request attribute name.
  - DEFAULT_ORDER
```
public static final int DEFAULT_ORDER
```
    The default filter order.
    
    See Also:
    
    Constant Field Values
  - ALREADY_FILTERED_SUFFIX
```
public static final java.lang.String ALREADY_FILTERED_SUFFIX
```
    Suffix that gets appended to the filter name for the "already filtered" request attribute.
    
    See Also:
    
    Constant Field Values
- Constructor Detail
  - SessionRepositoryFilter
```
public SessionRepositoryFilter(SessionRepository<S> sessionRepository)
```
    Creates a new instance.
    
    Parameters:
    
    sessionRepository - the SessionRepository to use. Cannot be null.
- Method Detail
  - setHttpSessionIdResolver
```
public void setHttpSessionIdResolver(HttpSessionIdResolver httpSessionIdResolver)
```
    Sets the HttpSessionIdResolver to be used. The default is a CookieHttpSessionIdResolver.
    
    Parameters:
    
    httpSessionIdResolver - the HttpSessionIdResolver to use. Cannot be null.
  - doFilterInternal
```
protected void doFilterInternal(javax.servlet.http.HttpServletRequest request,
                                javax.servlet.http.HttpServletResponse response,
                                javax.servlet.FilterChain filterChain)
                         throws javax.servlet.ServletException,
                                java.io.IOException
```
    Same contract as for doFilter, but guaranteed to be just invoked once per request within a single request thread.
    Provides HttpServletRequest and HttpServletResponse arguments instead of the default ServletRequest and ServletResponse ones.
    
    Parameters:
    
    request - the request
    
    response - the response
    
    filterChain - the FilterChain
    
    Throws:
    
    javax.servlet.ServletException - thrown when a non-I/O exception has occurred
    
    java.io.IOException - thrown when an I/O exception of some sort has occurred
    
    See Also:
    
    Filter.doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
  - setServletContext
```
public void setServletContext(javax.servlet.ServletContext servletContext)
```
  - doFilter
```
public final void doFilter(javax.servlet.ServletRequest request,
                           javax.servlet.ServletResponse response,
                           javax.servlet.FilterChain filterChain)
                    throws javax.servlet.ServletException,
                           java.io.IOException
```
    This doFilter implementation stores a request attribute for "already filtered", proceeding without filtering again if the attribute is already there.
    
    Specified by:
    
    doFilter in interface javax.servlet.Filter
    
    Parameters:
    
    request - the request
    
    response - the response
    
    filterChain - the filter chain
    
    Throws:
    
    javax.servlet.ServletException - if request is not HTTP request
    
    java.io.IOException - in case of I/O operation exception
  - init
```
public void init(javax.servlet.FilterConfig config)
```
    Specified by:
    
    init in interface javax.servlet.Filter
  - destroy
```
public void destroy()
```
    Specified by:
    
    destroy in interface javax.servlet.Filter

Class SessionRepositoryFilter<S extends Session>

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

SESSION_REPOSITORY_ATTR

INVALID_SESSION_ID_ATTR

DEFAULT_ORDER

ALREADY_FILTERED_SUFFIX

Constructor Detail

SessionRepositoryFilter

Method Detail

setHttpSessionIdResolver

doFilterInternal

setServletContext

doFilter

init

destroy