HST Spring Session with Redis

Hi all,

We have a Bloomreach project deployed in Kubernetes with multiple replicas and a frontend SPA with multiple replicas as well. Communication works fine between SPA/frontend even in Experience manager using sticky session.

We’ve configured Spring Security and Spring Session for the /site application. In addition, Spring Session is configured to store the session in Redis, so any /site replica has access to the user session.

The site application frontend SPA works fine with this setup. However, when we try to load the SPA within Experience Manager in the CMS the following request fails:


Backend logs shows nothing. However, debugging in local I found the following exception:

DefaultSerializer requires a Serializable payload but received an object of type [org.onehippo.cms7.services.cmscontext.CmsContextServiceImpl$CmsSessionContextImpl]

Which sounds like Redis is trying to store an object that is not Serializable.

I tried different options, like excluding _cmsXXX internal requests from being processed by Spring SessionRepositoryFilter. But nothing worked so far.

I also saw there’s a section in this project about Spring Session: HST - Spring Framework Support Documentation – Spring Session integration, that even mentions Redis.

Could anyone confirm if Bloomreach support Redis in combination with Spring Session for HST?


HST on itself doesn’t need any session management, so whatever is in your sessions is added by you. Having said that, adding any HST related object into a HTTP session is pretty much creating a memory leak.
In short: check what are you storing into HTTP sessions

Hi @machak ,

Thanks for your reply. Although HST doesn’t need session management by default, we have implemented authentication/authorization using Spring Security. Now we’re trying to store the Spring Security session in Redis using Spring Session.


We managed to solve the issue by configuring a custom serializer for Spring Session to bypass the classes causing troubles.

In our Config, for our current Spring Data Redis version 2.4.2, we had to define a this bean. Creating a RedisTemplate bean was not working:

public class RedisConfig {

    public RedisSerializer springSessionDefaultRedisSerializer() {
        return new CustomRedisSerializer();


And then, make CustomRedisSerializer extend the default one, and skip the following classes during serialization:


I’m marking this answer as solution.