Using Redis to implement Session sharing, there are many examples on the web, this is the most typical Redis usage scenario to ensure a cluster deployment. In the SpringBoot project, you can run a line of code without writing it, simply adding dependencies and a line of annotations (configuration information is required, of course).


Then simply deploy the project to A different Tomcat, such as A different port (A, B), but with the same project access path. Use set (A) and get (B) to retrieve the contents set in A.

But it would be a mistake to say that single sign-on is implemented for such a project deployed across multiple Tomcats.

Single sign-on means that in different projects, only one project is required to log in, and other projects do not need to log in.

In the same example, we put the set and get methods into two projects (set and GET), and cluster both projects to servers A and B. Then access the SET of SERVER A and get of server B, and you will find that you do not get the results you want.

Set/GET in the same project

Forget dependency addition and go straight to the simplest way

@SpringBootApplication@EnableRedisHttpSession@RestControllerpublic class SessionShareApplication { public static void main(String[] args) { SpringApplication.run(SessionShareApplication.class, args); } @Autowired HttpSession session; @Autowired HttpServletRequest req; @GetMapping(“/set”) public Object set() { session.setAttribute(“state”, “state was setted.”); Map<String, Object> map = new TreeMap<>(); map.put(“msg”, session.getAttribute(“state”)); map.put(“serverPort”, req.getLocalPort()); return map; } @GetMapping(“/get”) public Object get() { Map<String, Object> map = new TreeMap<>(); map.put(“msg”, session.getAttribute(“state”)); map.put(“serverPort”, req.getLocalPort()); return map; }}

Deploy the project as a WAR package on tomcatA(port 8080) and tomcatB(port 8081). Then use tomcatA/ SET to set the session. Then use tomcatB/ GET to obtain the session value. But this only implements the sharing of the same project session. It’s not single sign-on.

For verification purposes, we do not split the set/get method into two items.

Split set/get into two projects

  • Get the project




@SpringBootApplication@EnableRedisHttpSession@RestControllerpublic class SetApplication { public static void main(String[] args) { SpringApplication.run(SetApplication.class, args); } @Autowired HttpSession session; @Autowired HttpServletRequest req; @GetMapping(“/”) public Object set() { session.setAttribute(“state”, “state was setted.”); Map<String, Object> map = new TreeMap<>(); map.put(“msg”, session.getAttribute(“state”)); map.put(“serverPort”, req.getLocalPort()); return map; }}

Package this project as set.war

  • Set the project




@SpringBootApplication@EnableRedisHttpSession@RestControllerpublic class GetApplication { public static void main(String[] args) { SpringApplication.run(GetApplication.class, args); } @Autowired HttpSession session; @Autowired HttpServletRequest req; @GetMapping(“/”) public Object get() { Map<String, Object> map = new TreeMap<>(); map.put(“msg”, session.getAttribute(“state”)); map.put(“serverPort”, req.getLocalPort()); return map; }}

Package the project as get.war


TomcatA /set/get.war/get.war/get.war/get.war/get.war/get.war/get.war/get.war/get.war/get.war/get.war/get.war

Problem analysis

The problem is that session and cookie are related to the project path by default. In the case of the same project, the cookies required by the two methods depend on the same project path. So there is no problem getting the session value, but in the latter case, the cookie path belongs to different projects, so the second project can’t get the session content set in the first project.

The solution

The solution is actually quite simple in the SpringBoot project. Since the cookie path has changed, let’s configure it to the same path.


Add a configuration class in each subproject or directly set the path of cookie. If there is a domain name, you can also set the domain name limit, such as set.xxx.com and get.xxx.com. In this case, we need to set the domain name of cookie to xxx.com. To ensure that the cookie value under the domain name xxx.com cannot be obtained under any project. This ensures that the shared session value is properly obtained.

@Configurationpublic class CookieConfig { @Bean public static DefaultCookieSerializer defaultCookieSerializer() { DefaultCookieSerializer serializer = new DefaultCookieSerializer(); serializer.setCookiePath(“/”); //serializer.setDomainName(“xxx.com”); // If you use a domain name, you are advised to set return serializer for this sentence. }}

This is the correct way for honest Redis to enable single sign-on.