Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.boot. autoconfigure.session.SessionAutoConfiguration$ServletSessionRepositoryValidator': Invocation of init method failed; nested exception is org.springframework.boot.autoconfigure.session.SessionRepositoryUnavailableException: No session repository could be auto-configured, check your configuration (session store type is 'redis' )
This is because the spring-session-data-redis dependency is missing.
About SpringBoot2. When spring-session-core is used, spring-session-data-redis is not loaded. Users need to add dependencies between spring-session and redis.
Currently, the mainstream in the IT industry is to separate the front-end and back-end, but there will definitely be cross-domain problems during the separation process.
means that when the browser requests resources from a webpage of one domain name to another domain name, if the domain name, port, or protocol are different, it is cross-domain.
When we use springboot shrio vue for background management projects, we cannot obtain the currently logged-in user of shiroSession,
<!--SpringSession依赖--> <dependency> <groupId>org.springframework.session</groupId> <artifactId>spring-session-core</artifactId> </dependency> <!--SpringSessionRedis依赖--> <dependency> <groupId>org.springframework.session</groupId> <artifactId>spring-session-data-redis</artifactId> </dependency>
Frontend
#使用使用Redis缓存session数据 spring.session.store-type=REDIS #Redis服务器地址 spring.redis.host=127.0.0.1 #Redis服务器端口号 spring.redis.port=6379
But it still remains the same after setting it NoAfter a day of Baidu and troubleshooting, I rolled back to springboot 1.x and there was no such problem, so I found out that the cause was caused by upgrading to springboot 2.x. Well, I have caught the murderer. Now I can take the right medicine. I went online to read about the issues related to upgrading springboot to 2.x spring session.
Finally discovered the new world. In spring-session 2.x, SameSite was actually introduced in Cookie. Its default value is Lax. Okay, let’s take a look at what this is?
SameSite Cookie is used to prevent CSRF attacks. It has two values: Strict and Lax
SameSite = Strict: means strict mode , indicating that this cookie cannot be used as a third-party cookie under any circumstances;
means relaxed mode, which can be used as the first in a GET request Third-party cookies, but cannot carry cookies for cross-domain post access (this is very painful, our verification interface is POST request) Summary: The front-end requests to the backend, and each session is different. Each time is a new session, resulting in no user information being obtained
Set SameSite to empty@Configuration
public class CorsConfig {
private CorsConfiguration buildConfig() {
CorsConfiguration corsConfiguration = new CorsConfiguration();
corsConfiguration.setAllowCredentials(true);
// 允许任何域名使用
corsConfiguration.addAllowedOrigin("*");
// 允许任何头
corsConfiguration.addAllowedHeader("*");
// 允许任何方法(post、get等)
corsConfiguration.addAllowedMethod("*");
corsConfiguration.setMaxAge(3600L);
return corsConfiguration;
}
@Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
// 对接口配置跨域设置
source.registerCorsConfiguration("/**", buildConfig());
return new CorsFilter(source);
}
}
The above is the detailed content of How to solve common problems using SpringSession in SpringBoot2.x version. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
