Spring Session core provides an API along with several provider implementations to manage user sessions. It also simplifies the support for clustered session state management without being tied to an application container specific solution.
2023-January-17:
At the end of 2022, VMware announced the general availability of the Spring for VMware GemFire portfolio of projects.
While these Spring based projects for VMware GemFire are open source and a succession to the Spring for Apache Geode projects, they are not a replacement. VMware GemFire forked from the Apache Geode project and is not open source. Additionally, newer Apache Geode and VMware GemFire clients are not backwards compatible with older Apache Geode and VMware GemFire servers. You can begin the transition by starting here.
Alternatively, the Spring portfolio provides first-class integration with other comparable session caching providers. Also, see here.
Finally, keep in mind, the Spring for Apache Geode projects will still be maintained until OSS and commercial support ends. Maintenance will only include CVE and critical fixes. No new features or major enhancements will be made. The Spring Session for Apache Geode support timelines can be viewed here.
2022-October-24:
See the October 24th NOTICE on the Spring Data for Apache Geode GitHub project page for complete details.
Out of the box Spring Session provides integration with:
-
HttpSession
- replaces theHttpSession
supplied by the application container (e.g. Apache Tomcat) in a neutral way along with providing HTTP Session IDs in the HTTP Header to work with REST APIs. -
WebSocket
- keeps theHttpSession
active when receiving WebSocket messages.
On top of the core Spring Session features, Spring Session for Apache Geode and VMware Tanzu GemFire (SSDG) positions either Apache Geode or VMware Tanzu GemFire as a session repository provider and adds additional capabilities required by enterprise class solutions:
-
Custom
Expiration Policies
- in addition to the default, 30 minute session idle expiration timeout (TTI), which is configurable, SSDG also supports fixed-duration expiration timeout (e.g. expire the session after 1 hour regardless of whether the session is active or inactive). Users may also define custom expiration policies using theSessionExpirationPolicy
interface. See the documentation for more details. -
Custom
Data Serialization
- in addition to the default Apache Geode PDX Serialization format, users may configure Apache Geode Data Serialization with full support for Delta Propagation. While race conditions between competing HTTP requests (accessing the same HTTP Session) cannot be completely avoided with any session provider, sending only the delta (or changes) minimizes the chance of lost updates, especially in a highly clustered Web environment. By using PDX Serialization, your HTTP Session state is immediately transferable across environments, from non-managed, standalone environments to managed environments, like Pivotal Cloud Foundry (PCF) using Pivotal Cloud Cache (PCC). -
Custom
Change Detection
- while most session implementations consider the session to be dirty anytime anything is written to the session, even when your application domain objects stored in the session have not changed, SSDG will intelligently determine whether there is anything to send before writing it to the wire. OOTB, SSDG will look at any application domain objects that implement Apache Geode’s Delta interface and use that to determine if your application domain objects are indeed dirty before sending the delta. If your objects do not implement theDelta
interface, or the object is not the same, then it functions like all other Spring Session providers. If you prefer, you may specify your own rules composed with theIsDirtyPredicate
strategy interface. -
Powerful
Pub/Sub
- Apache Geode and VMware Tanzu GemFire both provide a very powerful and robust client/server event distribution and handling sub-system leveraged by SSDG in order to reliably manage session state, especially in a distributed/clustered environment.
These and many more Apache Geode or VMware Tanzu GemFire features may be leveraged in your application environment to achieve resilient, highly available (HA), durable, consistent, and even multi-clustered (WAN), persistent session statement management.
The best part, SSDG allows you to use either Apache Geode or VMware Tanzu GemFire interchangeably without having to change
a single line of code. Simply change your dependency from org.springframework.session:spring-session-data-geode
to org.springframework.session:spring-session-data-gemfire
, or vice versa, and you can seemlessly move between
either Apache Geode or VMware Tanzu GemFire, or even PCC.
No other Spring Session provider offers you the same type of flexibility and power in 1 solution, especially as your requirements and UC change (e.g. from simple session caching to a full on System of Record with distributed compute and streaming capabilities).
You can find the documentation, issue management, support, samples, and guides for using Spring Session at https://projects.spring.io/spring-session/.
Additionally, you can find documentation, issue management, support, samples and guides using Spring Session for Apache Geode & VMware Tanzu GemFire at https://spring.io/projects/spring-session-data-geode.
Please see our code of conduct
Please see our Security policy.
Spring Session is Open Source Software released under the Apache 2.0 license.