Demystifying Spring Session: A Comprehensive Introduction for Java Developers!
Vložit
- čas přidán 2. 05. 2023
- Welcome to 'Demystifying Spring Session: A Comprehensive Introduction for Java Developers!' In this tutorial, we'll explore the powerful features of Spring Session and learn how to effectively manage user sessions in your Java web applications. Whether you're a seasoned developer or just starting out with Spring, this tutorial will provide you with a solid understanding of session management using Spring Session. We'll cover key concepts such as session creation, session persistence, and session expiration, along with practical examples and best practices. By the end of this tutorial, you'll be equipped with the knowledge and skills to leverage Spring Session in your own projects and create seamless user experiences. So, let's dive in and demystify Spring Session together!
🔗Resources & Links mentioned in this video:
GitHub Repo: github.com/danvega/session
Spring Boot Docker Compose: • 🔥 New in Spring Boot 3...
👋🏻Connect with me:
Website: www.danvega.dev
Twitter: / therealdanvega
Github: github.com/danvega
LinkedIn: / danvega
Newsletter: www.danvega.dev/newsletter
🎙️ Spring Office Hours Podcast
Podcast Home: www.springofficehours.io
SUBSCRIBE TO MY CHANNEL: bit.ly/2re4GH0 ❤️ - Věda a technologie
Every time I think I can skip one of your videos but wind up watching it instead, I realize how much I would have missed out had I skipped it.
Keep up the good work and please keep these coming!
Nice! Thank you for sharing this Dan.
Thanks, Dan! Awesome tutorial! Looking forward to learn more tricks and dive deep onto Spring Security! Keep up the good work :D
Dan you are doing tremendous work in Java world.
This is siiick! Thanks for the knowledge, my friend.
I am moving from JWT to session, this certainly help me a lot remiding back the old session style identity management
what an awesome tutorial and explanation, thank you infinitely ☺️
great content, and great way to explain it. keep up the good work !
Well explained. Well done! Thank you.
Great guide, thanks
Thank you so much man! you're really good at this
Nice Dan! I am working right now in a project that will replace servlet to spring redis session in an openshift cluster. I had to debug entire app to identify bottlenecks that might cause some troubles. First step was to build a POC in a container. After fixed a few flows that could show the value of using of spring session, I started to debug entire app. Now in a stage of performance test and improvements about resources usage like database pool.
Spring redis session is amazing to leverage app performance. Jmeter was a good enough tool that helped me improve a scenario that before performed in 5 minutes with 16% errors(memory and pool) to only 50 seconds and 0% errors.
The next stage is to start replace some servlets by Spring boot components! Of course, using spring session + redis.
can u share source code
Each new video is like holiday!🥳
ty
🤩 Thank you so much for the support.
@@DanVega You're welcome🤝
Thank you so much
Awesome, Keep up the good work.
I integrated Spring Session with Redis, OAuth2 Login, Google reCapthca v3 and Docker for PostgreSQL and Redis into my project thanks to you!
That sounds pretty awesome! If it's a side project, could I get a link to the repo?
Thank you
This is Good, I think you can do the same thing with Hazelcast which I find it alot better than Redis; it's scalable
Thank you Dan !!! Can you make video on logout and ending session on redis?
Hi Dan! Thank you for this video, but I have one question. Why we can't see our attribute in session storage?
thanks
will you do a follow-up tutorial for database usage with session? Or does anyone have a good tutorial/documentation for it? Everything I found is pretty vague
Dan, what are the security considerations for using default configurations for redis? I imagine that redis username and password should be set somewhere.
Maybe this would be a place to integrate with the Spring Cloud Config server.
Hi Dan, I just wanted to find out if running multiple instances with spring session, are csrf tokens stored on spring session as that request can go to any of the instances?
Can you please make a video on providing cosnistent error body for all type of Security error( eg. DisabledException etc) using global rest controller advice?
What's the differnce between a session attribute and a session scoped bean? When should I use what?
Hi Dan,
Very helpful video. However I had a question. At around 18:10 into your video, I noticed that the SESSION cookie value didn't match the session id in redis. I have also noticed this in my own code. Do you know how/where the mapping occurs between the SESSION cookie value and the Spring session repository?
Does it make sense to use JWT tokens along with sessions? If so, can you make video on that?
👍👍good question
what plugin do you use for the .properties file support?
Hi! Do somebody know how to save session to database since spring security 6?
Why the session id stored in redis and in the browser cookie are different?
Can i store otp using redis session store?
pls correct me if i'm wrong here...redis stores the session. but after restart how are we retrieving that session? browser is storing it right? it sends back that session ID and spring checks within redis if that session exists or not. correct?
Hey Dan, unable to find your podcast in Pocket casts. Also tried adding the rss feed. Clicking the Pocket Casts link in your embedded player returns 404.
Thanks Nathan, will look into it.
Can you try this? play.pocketcasts.com/podcasts/c456d520-cc2d-013b-f446-0acc26574db2
Hi Dan, the Github link does not work.
here u used the default login of Springboot.... imagine im using React and i created login page there... so how can i implement sessions?
Hi Dan. Firstly It's a great tutorial beginners can easily learn spring security. Secondly I'm working on my project where I'm facing an issue that "user are able to access the data of other users".
In simple words no user should have the authority to read or manipulate data of other users except theirs.
There's no scope of admin and user-based authorization. because there's no such content that users should not see. Every user has their own data, and it should not be visible to others except the current authorized user.
Please suggest me how to do customized authorization on each user.
Thanks in advance
Dan
If I understand what you are asking, the solution is to persist and retrieve the user data in the DB using the where clause in SQL.
To do this, you get the current logged in user using the security context or by injecting the authentication object and search the repository with the username of the logged in user. ( FindDataByUser_Username) this will return only data associated with the current user. What this means, is that you will need to create relationship in (one to one or many to many etc)
I hope this helps.
If you have already solved this issue,
Kindly tell how you solved this of it is different from what I posted. thanks
I dont get any session Id when I send a request to my web server springboot project, why?
How to send Spring session redis to frontend? Ex API is in the port 8080 and frontend in 4200. I can login through the front end, but the cookie is never sent from the backend to the frontend.
I am getting login page and when I enter user/generated spring password, I get 404?
Hey Dan! This works just fine but wht about sharing sessions between mocroservices in spring cloud architecture. This is also works fine but with autogenerated user and password. When I'm trying to implement somw security logis (UserDeatils and UserDetailsService) this goes just bad. Any thougts about it?
In a Microservice architecture you would want to try and avoid repeating something as critical as security. Can you implement security at the gateway and have all of the microservices behind that?
@@DanVega I dont think it's a good idea. Gateway is always a bottle-neck and I think it's a bad practice in case of load balancing. And user can access data from endpoints without authentication at all. Actually I've implemented session sharing in Spring Cloud but without customizing UserDetails and UserDetailsService. There is the issue I didn't solve yet.
But what if I'm using OAuth2, how to deal with cached data such shopping cart in online shop API? Can i just store this data in redis?
Are there any reasons to manage Session along with JWT tokens?
The whole idea of jwts is to enable stateless authentication, for session management opaque tokens, these ones do not contain any user related data.
@@glaze4629if the use case is just to get user's authorities, would JWT be better?
Does next person, who downloaded this project, need to install and setup docker?
you need docker engine on your pc
I think your repo is private on github
Comment for the algo
I think it only counts creative/useful comments :p
@@damjandjordjevic1994Leetcode Medium bro
Why var and not int? czcams.com/video/k62bO-W6Sb0/video.html
czcams.com/video/cDESqPBaNCY/video.html
What is OAUTH 2.0 Explained in detail - Session 2 - || Interview related discussions.