3

Can someone give me insight of how do I implement session management in Dropwizard 0.8.x or above. I was using Dropwizard 0.7.0 till now and working perfectly in it. But I really confused by change docs provided when I migrated to 0.8.x.

In Dropwizard 0.7.0 (which I was using previously) it was done like the following

/*MainApplication.class session handler */
environment.jersey().register(HttpSessionProvider.class);
environment.servlets().setSessionHandler(new SessionHandler());


/*Resource.class session check*/
HttpSession session = httpServletRequest.getSession(true);

But it does not seems working anymore, precisely saying HttpSessionProvider.class is not there and replaced by some other implementations.

It would be really helpful someone show to what this is changed to. Thanks.

Henrik Aasted Sørensen
  • 6,966
  • 11
  • 51
  • 60
Yash Krishnan
  • 2,653
  • 1
  • 18
  • 22
  • Hey, have you tried injecting the session into your resource method? E.g. in my application I do: @Context HttpServletRequest in the method signature. That works for sure, and you can then get the HttpSession from your request object. You will likely be able to inject the session directly into your resource method. – pandaadb Dec 11 '15 at 14:31
  • @pandaadb : I used '@Context' here, but the session is not maintained in between requests. Something is odd. Also do we need to register any session providers like in older versions anymore ? – Yash Krishnan Dec 11 '15 at 14:46
  • I didn't have to register one and I never looked into detail at what is in the session. But maintaining the session, wouldn't that happen on the client side? E.g. the server just gets what it gets. The code in HttpSessionProvider does nothing else but calling get on the request itself. In later version of dropwizard, the provider is replaced I think with SessionFactoryProvider – pandaadb Dec 11 '15 at 14:49

2 Answers2

0

The reason this isn't working for you is because you need to set the cookie in the response. I noticed this while looking into enabling session state for a dropwizard application where the underlying cookie gets created on the Jetty Response object but it never makes it's way onto the Jersey Response object and therefor gets dropped.

What I've done to work around this issue is to implement a Filter that extracts the "Set-Cookie" information from Jetty and puts it onto the outbound response object.

                String cookie = HttpConnection.
                    getCurrentConnection()
                    .getHttpChannel()
                    .getResponse()
                    .getHttpFields().get(HttpHeader.SET_COOKIE.asString());

            if (LOG.isDebugEnabled()) {
                LOG.debug("Adding session cookie to response for subsequent requests {}", cookie);
            }

            httpServletResponse.addHeader(HttpHeader.SET_COOKIE.asString(), cookie);
user1316072
  • 39
  • 3
0

@Yashwanth Krishnan

I know this is old but I noticed that the session was not maintained from one URL to another, simply add this code when you init the application, session handling is mostly a container thing and not specific to DropWizard.

SessionHandler sessionHandler = new SessionHandler();
sessionHandler.getSessionManager().setMaxInactiveInterval(SOME_NUMBER);

    /**
     * By default the session manager tracks sessions by URL and Cookies, we 
     * want to track by cookies only since
     * we are doing a validation on all the app not URL by URL.
     */
    sessionHandler.getSessionManager().setSessionTrackingModes(EnumSet.of(SessionTrackingMode.COOKIE));

    environment.servlets().setSessionHandler(sessionHandler);
Bambara
  • 608
  • 5
  • 11