存储在 Spring (HTTP) Session 中的数据在销毁期间不会从 Redis 中删除
Data stored in Spring (HTTP) Session is not removed from Redis during destroy
我正在使用新发布的 Spring 会话组件进行 PoC。这是由 Redis 存储库备份的,其中 Session 和存储在会话中的 objects/data 都被持久化到。
- 在应用程序中创建了会话
- 运行 Redis CLI 中的 "Keys *" 命令并看到一个新条目(如 "spring:session:sessions:6b55103a-baf5-4a05-a127-3a9cfa15c164")
- 从应用程序中,向会话添加了一个自定义 bean
- 运行 Redis CLI 中的 "Keys *" 命令,又看到了一个新条目
这个 bean(比如 "\xac\xed\x00\x05t\x00\tcustomer1" ,因为
bean 有一个值为 'customer1')
的字符串
- 我已将应用程序配置为 30 秒自动过期,并在这段时间内未使用该应用程序
- sessionDestroyEvent 被触发并在实现 ApplicationListener 的侦听器中被捕获
- 运行 Redis CLI 中的 "Keys *" 命令,现在第一个创建
会话条目已消失,但是自定义 bean 对象
(customer1) 仍然留在 Redis
问题:
Is it the user responsibility to clean-up the Redis Store ? If i had
many data elements stored in my session, should i have to manually
clean them up from the redis store during session destroy (logout and
timeout events).
更新:
While i posted this question and went back (probably after 3/4 mins)
to Redis-CLI to list the Keys, now i do not find the Customer1 object.
So does that mean the clean-up is performed by Redis on some regular
interval, like the Garbage collection ?
Session Expiration section Spring Session reference 详细描述了会话是如何清理的。
来自文档:
One problem with this approach is that Redis makes no guarantee of
when the expired event will be fired if they key has not been
accessed. Specifically the background task that Redis uses to clean up
expired keys is a low priority task and may not trigger the key
expiration. For additional details see Timing of expired events
section in the Redis documentation.
...
For this reason, each session expiration is also tracked to the
nearest minute. This allows a background task to access the
potentially expired sessions to ensure that Redis expired events are
fired in a more deterministic fashion.
我正在使用新发布的 Spring 会话组件进行 PoC。这是由 Redis 存储库备份的,其中 Session 和存储在会话中的 objects/data 都被持久化到。
- 在应用程序中创建了会话
- 运行 Redis CLI 中的 "Keys *" 命令并看到一个新条目(如 "spring:session:sessions:6b55103a-baf5-4a05-a127-3a9cfa15c164")
- 从应用程序中,向会话添加了一个自定义 bean
- 运行 Redis CLI 中的 "Keys *" 命令,又看到了一个新条目 这个 bean(比如 "\xac\xed\x00\x05t\x00\tcustomer1" ,因为 bean 有一个值为 'customer1') 的字符串
- 我已将应用程序配置为 30 秒自动过期,并在这段时间内未使用该应用程序
- sessionDestroyEvent 被触发并在实现 ApplicationListener 的侦听器中被捕获
- 运行 Redis CLI 中的 "Keys *" 命令,现在第一个创建 会话条目已消失,但是自定义 bean 对象 (customer1) 仍然留在 Redis
问题:
Is it the user responsibility to clean-up the Redis Store ? If i had many data elements stored in my session, should i have to manually clean them up from the redis store during session destroy (logout and timeout events).
更新:
While i posted this question and went back (probably after 3/4 mins) to Redis-CLI to list the Keys, now i do not find the Customer1 object. So does that mean the clean-up is performed by Redis on some regular interval, like the Garbage collection ?
Session Expiration section Spring Session reference 详细描述了会话是如何清理的。
来自文档:
One problem with this approach is that Redis makes no guarantee of when the expired event will be fired if they key has not been accessed. Specifically the background task that Redis uses to clean up expired keys is a low priority task and may not trigger the key expiration. For additional details see Timing of expired events section in the Redis documentation.
...
For this reason, each session expiration is also tracked to the nearest minute. This allows a background task to access the potentially expired sessions to ensure that Redis expired events are fired in a more deterministic fashion.