HST Spring Session with Redis

jaime · November 22, 2021, 5:23pm

Hi all,

We have a Bloomreach project deployed in Kubernetes with multiple replicas and a frontend SPA with multiple replicas as well. Communication works fine between SPA/frontend even in Experience manager using sticky session.

We’ve configured Spring Security and Spring Session for the /site application. In addition, Spring Session is configured to store the session in Redis, so any /site replica has access to the user session.

The site application frontend SPA works fine with this setup. However, when we try to load the SPA within Experience Manager in the CMS the following request fails:

/site/_cmssessioncontext?cmsCSID=0d2ffaa7-f59f-4a18-8d7c-77444e6dd00f&cmsSCID=c32c5fd0-3114-4a18-916e-c35e8a054b13

Backend logs shows nothing. However, debugging in local I found the following exception:

DefaultSerializer requires a Serializable payload but received an object of type [org.onehippo.cms7.services.cmscontext.CmsContextServiceImpl$CmsSessionContextImpl]

Which sounds like Redis is trying to store an object that is not Serializable.

I tried different options, like excluding _cmsXXX internal requests from being processed by Spring SessionRepositoryFilter. But nothing worked so far.

I also saw there’s a section in this project about Spring Session: HST - Spring Framework Support Documentation – Spring Session integration, that even mentions Redis.

Could anyone confirm if Bloomreach support Redis in combination with Spring Session for HST?

Thanks!

machak · November 23, 2021, 10:56am

HST on itself doesn’t need any session management, so whatever is in your sessions is added by you. Having said that, adding any HST related object into a HTTP session is pretty much creating a memory leak.
In short: check what are you storing into HTTP sessions

jaime · November 23, 2021, 11:24am

Hi @machak ,

Thanks for your reply. Although HST doesn’t need session management by default, we have implemented authentication/authorization using Spring Security. Now we’re trying to store the Spring Security session in Redis using Spring Session.

jaime · November 24, 2021, 8:23am

Hi,

We managed to solve the issue by configuring a custom serializer for Spring Session to bypass the classes causing troubles.

In our Config, for our current Spring Data Redis version 2.4.2, we had to define a this bean. Creating a RedisTemplate bean was not working:

@EnableRedisHttpSession
public class RedisConfig {
    ...

    @Bean
    public RedisSerializer springSessionDefaultRedisSerializer() {
        return new CustomRedisSerializer();
    }

    ...
}

And then, make CustomRedisSerializer extend the default one, and skip the following classes during serialization:

org.onehippo.cms7.services.cmscontext.CmsContextServiceImpl$CmsSessionContextImpl
org.hippoecm.hst.platform.security.TokenCmsSessionContextRegistry$TokenCmsSessionContextMapCleanupListener

I’m marking this answer as solution.

Thanks!
Jaime

Topic		Replies	Views
Problem accessing /site Experience Manager (PaaS/OnPrem)	1	355	July 14, 2021
Create a Spring Controller in a Bloomreach project Experience Manager (PaaS/OnPrem)	6	392	June 24, 2022
Unable to retrieve session in cms module via UserSession Experience Manager (PaaS/OnPrem)	1	445	October 25, 2019
Using JSON Web Token instead of sessions Experience Manager (PaaS/OnPrem)	1	536	February 4, 2019
Facing Issues while Upgrading to V13.4.2 from V12.6.9 Experience Manager (PaaS/OnPrem)	3	495	August 18, 2020

HST Spring Session with Redis

Related Topics