Skip to content

Provide the Session ID in requested session failure exceptions #3436

New issue
New issue
Open
Open
Provide the Session ID in requested session failure exceptions#3436
Labels
status: waiting-for-triageAn issue we've not yet triagedtype: enhancementA general enhancement
@BenDol

Description

@BenDol
BenDol
opened on Jul 10, 2025

Spring Session: 3.5.0

Expected Behavior

Right now SessionRepositoryFilter#getRequestedSession doesn't give us an easy way to know which session had a session deserialization issue as far as I can tell (please correct me if there's a better way to handle this, I haven't been able to find it as of yet) What would be helpful for our exception handling is if we caught the exception and loaded the exception with the session ID that had the issue.

I achieved this in my own SessionRepositoryFilter implementation (unfortunately the getRequestedSession is private for some reason so its messy to implement this as an extension to the SessionRepositoryFilter):

        private S getRequestedSession() {
            if (!this.requestedSessionCached) {
                List<String> sessionIds = httpSessionIdResolver.resolveSessionIds(this);
                for (String sessionId : sessionIds) {
                    if (this.requestedSessionId == null) {
                        this.requestedSessionId = sessionId;
                    }
                    // HACK: Make sure we can get access to the session ID
                    try {
                        S session = sessionRepository.findById(sessionId);
                        if (session != null) {
                            this.requestedSession = session;
                            this.requestedSessionId = sessionId;
                            break;
                        }
                    } catch (SerializationException | SerializationFailedException se) {
                        handleException(new SessionSerializationException("Problem serializing session", sessionId, se));
                    } catch (Exception ex) {
                        handleException(new SessionSerializationException("Problem finding session", sessionId, ex));
                    }
                }
                this.requestedSessionCached = true;
            }
            return this.requestedSession;
        }

Current Behavior

Currently its like so and will just throw the exception with no context of the session:

        private S getRequestedSession() {
            if (!this.requestedSessionCached) {
                List<String> sessionIds = httpSessionIdResolver.resolveSessionIds(this);
                for (String sessionId : sessionIds) {
                    if (this.requestedSessionId == null) {
                        this.requestedSessionId = sessionId;
                    }
                    S session = sessionRepository.findById(sessionId);
                    if (session != null) {
                        this.requestedSession = session;
                        this.requestedSessionId = sessionId;
                        break;
                    }
                }
                this.requestedSessionCached = true;
            }
            return this.requestedSession;
        }

Metadata

Metadata

Assignees

No one assigned

    Labels

    status: waiting-for-triageAn issue we've not yet triagedtype: enhancementA general enhancement

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions