spring-boot redis : How to invalidate all sessions of a user?

Question

I\'m new to redis. I\'ve followed this tutorial to use HttpSession with redis.

https://docs.spring.io/spring-session/docs/current/reference/html5/guides/boot.html

<

Answer 1

Try this

usersSessions.forEach((session) -> {        
        sessionRegistry.delete(session.getId());
  });

Answer 2

I would like to know you that you are following the correct path for invalidating the user sessions

    usersSessions.forEach((session) -> {        
        sessionRegistry.getSessionInformation(session.getId()).expireNow();
    });

Somethings to note

SessionInformation.expireNow()

is not mean to remove entries from the redis database, it just appends the expired attribute to session as you rightly mentioned.

But how this invalidates the session of the user?

Here comes the ConcurrentSessionFilter into play where .doFilter() method does the trick of automatically logging out

Here is the snippet for ConcurrentSessionFilter

public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
        throws IOException, ServletException {
    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) res;

    HttpSession session = request.getSession(false);

    if (session != null) {
        SessionInformation info = sessionRegistry.getSessionInformation(session
                .getId());

        if (info != null) {
            if (info.isExpired()) {
                // Expired - abort processing
                doLogout(request, response);

                String targetUrl = determineExpiredUrl(request, info);

                if (targetUrl != null) {
                    redirectStrategy.sendRedirect(request, response, targetUrl);

                    return;
                }
                else {
                    response.getWriter().print(
                            "This session has been expired (possibly due to multiple concurrent "
                                    + "logins being attempted as the same user).");
                    response.flushBuffer();
                }

                return;
            }
            else {
                // Non-expired - update last request date/time
                sessionRegistry.refreshLastRequest(info.getSessionId());
            }
        }
    }

    chain.doFilter(request, response);
}

Cheers to that!

Answer 3

If you just want to do one time thing in debugging process, you can just log into redis_cli and flush all Redis keys.

$ redis-cli
127.0.0.1:6379> KEYS *
1) "spring:session:index:org.springframework.session.FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME:bbb"
2) "spring:session:expirations:1558782600000"
3) "spring:session:expirations:1558783140000"
4) "spring:session:sessions:expires:953146bf-7300-4394-bbf0-bf606ff6b326"
5) "spring:session:expirations:1558782540000"
6) "spring:session:sessions:953146bf-7300-4394-bbf0-bf606ff6b326"
127.0.0.1:6379> FLUSHALL
OK
127.0.0.1:6379> KEYS *
(empty list or set)
127.0.0.1:6379>

Answer 4

Try this for delete key "redisTemplate.opsForValue().getOperations().delete(KEY);"