Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.

Teams

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

I have two controllers. I'm trying to put the logged user into the session in one method, and then get it in a other method. But the sessions are different, how to fix it?

@RestController
public class UserController {
    @Autowired
    private UserService userService;
    @RequestMapping(value = "/user/signIn", method = RequestMethod.POST)
    public ResponseEntity<DataUser> signIn(@RequestBody @Valid SignInUser signInUser,
                                           HttpSession session) {
        User user = userService.getUser(signInUser.getEmail(), signInUser.getPassword());
        session.setAttribute("user", user);
        DataUser dataUser = new DataUser((User) session.getAttribute("user"));
        return ResponseEntity.ok(dataUser);
@RestController
public class MessageController {
    @Autowired
    private MessageService messageService;
    @RequestMapping(value = "/data/message", method = RequestMethod.POST)
    public Message save(@RequestBody NewMessage newMessage,
                        HttpSession session) {
        System.out.println(session.getAttribute("user"));
        Message message = new Message(newMessage);
        LocalDateTime dateTime = LocalDateTime.now();
        message.setDateTime(dateTime.atZone(ZoneId.systemDefault()).toInstant().toEpochMilli());
        message.setNumberRating(0);
        return messageService.save(message);
session.getAttribute("user") is null
                How do you send requests to these endpoints? Do you send back the cookie tht is being set when the session is started? If not, how could the server know that the requests all belong to the same session?
– JB Nizet
                Aug 20, 2018 at 12:55
                I'm sending data using fetch in javascript. I'm using Springboot. If to use usual servlets all works, and in Spring I so understand somehow on another?
– Andrii Torzhkov
                Aug 20, 2018 at 13:10
The common behavior of sessions for WebApps is that your client is identified, commonly through a cookie called JSESSIONID, but for REST calls you do not have such possibility you probably don't even call from a browser, so you can not say that one request is coming from the same "machine/user" as this other request.
In order to do that you'll need to:
Properly configure and enable spring session
Have a way identify your requests, unique IDs of some sort.
And every new request have to inform you the same identificator, so you can ask for spring something like "give me the session for this user".
Here is a more detailed tutorial for Spring Session.
                Just a simple example: Every request needs a ID field. The first request will have ID null, so somewhere inside java you create an ID and a session for it, and return this ID in the response for REST, and every future request from this "session" need to pass this ID.
– res
                Nov 26, 2018 at 13:40
        
Thanks for contributing an answer to Stack Overflow!
Please be sure to answer the question. Provide details and share your research!
But avoid …
Asking for help, clarification, or responding to other answers.
Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.