Spring Framework
  1. Spring Framework
  2. SPR-8997

Make flash attributes use cookie to enable stateless webapp

    Details

    • Type: Improvement Improvement
    • Status: Open
    • Priority: Minor Minor
    • Resolution: Unresolved
    • Affects Version/s: 3.1 GA
    • Fix Version/s: 4.1 RC1
    • Component/s: Web
    • Labels:
      None
    • Last commented by a User:
      true

      Description

      I was waiting the flash attributes feature in spring 3.1 but I was surprised that the attributes were stored in the HTTP session instead of cookie. My webapp is required to not have session because the infrastructure we use does not handle sticky session. I have done my own flash scope inspired from the one in playframework. It would be cool to be able to choose between http session or cookie.

        Activity

        Hide
        Benedek Fazekas added a comment -

        hi Guys,

        really nice feature! agree with Ludovic preferring json over java serialization, however don't agree with him on ruling out the encoding of the cookie. I do think that only using base64 raises some security issues namely using this feature the developer would definitely disclose the innards of the server side for the client even if it is for only a short time. so at least the option to strongly encode (before base64) the cookie should be added i think.

        Show
        Benedek Fazekas added a comment - hi Guys, really nice feature! agree with Ludovic preferring json over java serialization, however don't agree with him on ruling out the encoding of the cookie. I do think that only using base64 raises some security issues namely using this feature the developer would definitely disclose the innards of the server side for the client even if it is for only a short time. so at least the option to strongly encode (before base64) the cookie should be added i think.
        Hide
        Thomas Recloux added a comment -

        I also agree on the strong encoding
        It is in my TODO list.

        Show
        Thomas Recloux added a comment - I also agree on the strong encoding It is in my TODO list.
        Hide
        Thomas Recloux added a comment -

        Hi Guys,
        One year later, I published a first version on the cookie based flash map manager.
        Encryption is now mandatory.

        To enable this component :

        • add dependency : (available in maven central)
          <dependency>
          <groupId>com.github.trecloux</groupId>
          <artifactId>spring-flash-cookie</artifactId>
          <version>0.2</version>
          </dependency>
        • Register the component in your spring configuration :
          <beans:bean id="flashMapManager" class="com.github.trecloux.flashcookie.CookieFlashMapManager">
          <beans:constructor-arg value="myPassword" />
          </beans:bean>

        Please give a try and send me your feedback

        Show
        Thomas Recloux added a comment - Hi Guys, One year later, I published a first version on the cookie based flash map manager. Encryption is now mandatory. To enable this component : add dependency : (available in maven central) <dependency> <groupId>com.github.trecloux</groupId> <artifactId>spring-flash-cookie</artifactId> <version>0.2</version> </dependency> Register the component in your spring configuration : <beans:bean id="flashMapManager" class="com.github.trecloux.flashcookie.CookieFlashMapManager"> <beans:constructor-arg value="myPassword" /> </beans:bean> Please give a try and send me your feedback
        Hide
        Rossen Stoyanchev added a comment -

        Thanks Thomas, I'll have a look! Just wondering if your intent is to submit a pull request or keep it as a separate project?

        Show
        Rossen Stoyanchev added a comment - Thanks Thomas, I'll have a look! Just wondering if your intent is to submit a pull request or keep it as a separate project?
        Hide
        Thomas Recloux added a comment -

        Hi Rossen, I'll be happy to submit a pull request if it can be integrated.

        Show
        Thomas Recloux added a comment - Hi Rossen, I'll be happy to submit a pull request if it can be integrated.

          People

          • Assignee:
            Rossen Stoyanchev
            Reporter:
            Ludovic Praud
            Last updater:
            Rossen Stoyanchev
          • Votes:
            4 Vote for this issue
            Watchers:
            9 Start watching this issue

            Dates

            • Created:
              Updated:
              Days since last comment:
              1 year, 5 weeks, 3 days ago