-3

My team has been using springboot + redis for securing microservices, by storing the spring-security session in Redis instance allowing single session per user(means a user can login only once at a time, if the user login two times simultaneously, the former session will be invalidated). Everything works perfect most of the time but always.

In some times it has been noted that if a user login two times within a span of 1 mins without logging-out the previous session, the jsessionid - or X-auth-token is duplicated, which means the second session-id is same as the previous one, which is weird, ideally it should invalidates the old one and create a new session, also this does not happens always, only in some cases.

Also note that there are 3 instance of the microservice is running in parallel and points to the same Redis server.

Any one has any idea how to fix this?

Subin Chalil
  • 3,531
  • 2
  • 24
  • 38
  • how could anyone fix this? we have no idea what your code looks like, for all that we know you can have written a bad implementation. Please read up on how to ask a good question https://stackoverflow.com/help/how-to-ask before you ask. Voted to close – Toerktumlare Dec 15 '20 at 10:41

1 Answers1

0

You can delete existing login in your JWT Token class first, and then add another token to redis like this:

TokenRedisDto dto = (TokenRedisDto) myRedisService.loadById(users.getUsername());
 if (Objects.nonNull(dto)){
     // remove previous logged-in user
     myRedisService.deleteItem(dto.getId());
 }
// add another token here..
myRedisService.addItem(new TokenRedisDto(users.getUsername(), token));

I tested it too many times on a load test and operational, in enterprise and individual. Works properly in microservices!

aha
  • 98
  • 5