JavaEE:分布式session

发布于:2025-06-27 ⋅ 阅读:(14) ⋅ 点赞:(0)

一、使用Redis存储分布式session:

1.SpringBoot整合Redis,见如下地址:

JavaEE:SpringBoot整合Redis_a526001650a-CSDN博客

2.代码实现分布式session存储(此处以token为例):

@Autowired
private RedisTemplate<String, String> redisTemplate; //Redis数据操作类

//登录接口,存储token到redis中
@PostMapping("/login")
public Response login(String phone, String code, HttpServletRequest request, HttpServletResponse response) {
    //...省略验证手机号/验证码逻辑
    //1.根据手机号从库中查出用户信息
    User user = ...;
    //2.生成token
    String token = jwtUtil.genToken(String userNo, String phone);
    user.setToken(token);
    //3.1.缓存token到redis中
    redisTemplate.opsForValue().set("USER_TOKEN" + ":" + user.getId(), token);
    //3.2.缓存用户信息到cookie中
    Cookie c = new Cookie("USER", gson.toJson(user));
    c.setMaxAge(时间); //设置最大有效期
    c.setDomain("yyh.com");
    c.setPath("/");
    response.addCookie(c);
    return Response.ok(user); //返回登录成功
}

//退出登录接口,移除redis中的token
@PostMapping("/logout")
public Response logout(@RequestParam String userId, HttpServletRequest request, HttpServletResponse response) {
    //...省略获取/验证token逻辑
    //1.清除redis中的token
    redisTemplate.delete("USER_TOKEN" + ":" + userId);
    //2.清除cookie中token
    Cookie c = new Cookie("USER", null);
    c.setDomain("yyh.com");
    c.setPath("/");
    c.setMaxAge(0); //设置过期时间为0(设为已过期)
    response.addCookie(c);
    return Response.ok(); //返回退出登录成功
}

二、使用Spring Session存储分布式session:

1.导入spring session与spring安全框架依赖:

<!-- 导入spring session -->
<dependency>
    <groupId>org.springframework.session</groupId>
    <artifactId>spring-session-data-redis</artifactId>
    <version>3.5.1</version>
</dependency>
<!-- 导入spring安全框架 -->
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
    <version>3.5.3</version>
</dependency>

2.配置spring-session使用redis存储,在application.yml中:

spring:
  session: #配置spring-session使用redis存储
    store-type: redis

3.代码实现分布式session存储(此处以token为例):

(1)在Application中开启基于redis的httpsesion:

@SpringBootApplication(exclude = {SecurityAutoConfiguration.class}) //免除spring-session存储key时要求登录
@EnableRedisHttpSession  //开启基于redis的httpsesion
public class Application { //启动类
    public static void main(String[] args) {
        SpringApplication.run(Application.class, args);
    }
}

(2)使用spring-session存储分布式token:

//登录接口,保存token到SpringSession中
@PostMapping("/login")
public Response login(String phone, String code, HttpServletRequest request, HttpServletResponse response) {
    //...省略验证手机号/验证码逻辑
    //1.根据手机号查出用户信息
    User user = ...;
    //2.生成token
    String token = jwtUtil.genToken(String userNo, String phone);
    user.setToken(token);
    //3.保存token到SpringSession中
    HttpSession hs = request.getSession();
    hs.setAttribute("USER_TOKEN" + ":" + user.getId(), token);
    hs.setMaxInactiveInterval(30 * 24* 60 * 60); //超时时间
    //...省略缓存用户信息到cookie中
    return Response.ok(user); //返回登录成功
}

//登出接口,移除SpringSession中token
@PostMapping("/logout")
public Response logout(@RequestParam String userId, HttpServletRequest request, HttpServletResponse response) {
    //...省略获取/验证token逻辑
    //1.清除Spring Session中的token
    HttpSession hs = request.getSession();
    hs.removeAttribute("USER_TOKEN" + ":" + userId); //删除指定用户token
    //...省略清除cookie中token
    return Response.ok(); //返回退出登录成功
}

网站公告

今日签到

点亮在社区的每一天
去签到

热门文章

最新发布