'How to change spring session (redis) cookie name?

We have two projects behind same domain ( zuul proxy in front of them ), both uses spring session project with sessions kept in redis.

Those two sessions should be different, but seems they are overwriting each other id in cookie named 'SESSION'. How to change that name? Is there any easy way to do that through configuration?



Solution 1:[1]

ok, I did not find any property in configuration to change that. I dig in a bit in spring-session source code, and finally do:

@Bean
public <S extends ExpiringSession> SessionRepositoryFilter<? extends ExpiringSession> springSessionRepositoryFilter(SessionRepository<S> sessionRepository, ServletContext servletContext) {
    SessionRepositoryFilter<S> sessionRepositoryFilter = new SessionRepositoryFilter<S>(sessionRepository);
    sessionRepositoryFilter.setServletContext(servletContext);
    CookieHttpSessionStrategy httpSessionStrategy = new CookieHttpSessionStrategy();
    httpSessionStrategy.setCookieName("MY_SESSION_NAME");
    sessionRepositoryFilter.setHttpSessionStrategy(httpSessionStrategy);
    return sessionRepositoryFilter;
}

"SESSION" name is a default set in source of CookieHttpSessionStrategy.

Solution 2:[2]

I know that this is an old question, but I just want to put that this option also works.

You can add server.servlet.session.cookie.name in your application.yml. Take a look at this spring docs link, it has other cookie properties that you can change as well.

Spring Common Application Properties

Solution 3:[3]

I found a blog post about this, spring-session??
This post explains how to change session id name with Spring XML.

like following:

<bean class="org.springframework.session.web.http.DefaultCookieSerializer">
        <property name="cookieName" value="SYSTEM_SESSION_ID" />
</bean>

And, I actually tested it and it worked.

Solution 4:[4]

@Bean
public CookieSerializer cookieSerializer() {
    DefaultCookieSerializer serializer = new DefaultCookieSerializer();
    serializer.setCookieName("YOUR_COOKIE");
    serializer.setCookiePath("/");
    serializer.setDomainNamePattern("^.+?\\.(\\w+\\.[a-z]+)$");
    return serializer;
}

Solution 5:[5]

In Spring Boot Web (spring-boot-starter-web) you have property named server.servlet.session.cookie.name which work fine, however for me turns out that the server.servlet.session.cookie.name property is not working by default for Spring Boot WebFlux (spring-boot-starter-webflux Spring Boot v2.5.2, Spring v5.3.8). I've created a WebSessionManager bean which use it:

  @Bean
  public WebSessionManager webSessionManager(
      final ServerProperties serverProperties, final WebFluxProperties webFluxProperties) {
    final DefaultWebSessionManager webSessionManager = new DefaultWebSessionManager();
    final CookieWebSessionIdResolver webSessionIdResolver = new CookieWebSessionIdResolver();
    webSessionIdResolver.setCookieName(
        serverProperties.getServlet().getSession().getCookie().getName());
    webSessionIdResolver.addCookieInitializer(
        (cookie) -> {
          cookie.sameSite(webFluxProperties.getSession().getCookie().getSameSite().attribute());
        });
    webSessionManager.setSessionIdResolver(webSessionIdResolver);
    return webSessionManager;
  }

Solution 6:[6]

seems like that Spring now supports some yaml properties to set fine-grained properties of cookies and session on webflux / reactive servers (eg. Spring Gateway based applications).

Referring to this request they implemented a dual set of properties:

  • spring.webflux.session (to be deprecated in favour to the next one)
  • server.reactive.session

I was able to set the cookie name writing this line in the application.yaml:

server.reactive.session.cookie.name: "MYSESSIONID"

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 hi_my_name_is
Solution 2 theprogrammer
Solution 3 hiropon
Solution 4 Stephen Rauch
Solution 5
Solution 6 Francesco Poli