Plugins You can find out about all the publicly available Grails plugins.

Database Session Plugin

  • Tags: /
  • Latest: 1.2.1
  • Last Updated: 02 May 2013
  • Grails version: 1.3.3 > *
2 votes
Dependency:
compile "org.grails.plugins:database-session:1.2.1"

 Documentation  Source  Issues

Summary

Stores HTTP sessions in a database

Installation

grails install-plugin database-session

Description

This plugin lets you store HTTP session data in a datastore. By default it works with a traditional relational database but other storage systems such as NoSQL datastores or Memcached would be simple to integrate. It's a general-purpose plugin but it was created to work with Heroku since they don't (as of this writing) support session affinity, sticky sessions, etc. So request are spread among all of the running instances (if you're running more than one) and you end up with one session on each server. This affects security implementations such as Spring Security that keep your authentication information in the session; after successfully authenticating you're likely to end up on an instance that doesn't have the authentication information in its session and you'll appear to not be logged in.

This is a new plugin and it hasn't been extensively tested. Be sure to test it throroughly for your use cases before using it in an important live application. If you find any issues please report them in JIRA

Customization

The plugin was designed to be easily customized. There is a servlet filter - grails.plugin.databasesession.SessionProxyFilter - that manages accessing sessions and working with the session cookie, but it's registered as a Spring bean and added to web.xml as a DelegatingFilterProxy , so you could subclass it or completely reimplement the logic and use yours instead by registering yours as the sessionProxyFilter bean in resources.groovy:

beans = {
   sessionProxyFilter(com.foo.MySessionProxyFilter) {
      persister = ref('gormPersisterService')
   }
}

Persistence

The persistence is also overrideable. SessionProxyFilter uses a grails.plugin.databasesession.Persister but this is an interface that you can implement yourself. The default implementation uses a regular transactional Grails service - grails.plugin.databasesession.GormPersisterService - and it's dependency-injected into the SessionProxyFilter . It uses domain classes to manage the persistence, but this doesn't limit you to using Hibernate or a relational database.

Since Grails compiles domain classes from plugins before the containing application code, you can create a domain class in your project with the same name and package and yours will take precendence. This would make it easy to use MongoDB or Redis with their associated GORM plugins since the service only uses standard GORM methods and a few static helper query methods that you would need to reimplement (e.g. PersistentSession.deleteByIds() , etc.) You could also replace the service completely as described above and ignore the domain classes, and handle persistence directly in your Persister implementation.

Database cleanup

By default when a session is invalidated (either explicitly or due to timeout) it is marked as invalidated in the database and all attributes are deleted, but the database record for the session isn't deleted. You can configure the plugin to delete the sessions by adding

grails.plugin.databasesession.deleteInvalidSessions = true

to Config.groovy. The plugin also comes with a Quartz job - grails.plugin.databasesession.DatabaseCleanupJob - that will periodically delete old sessions. The plugin has no dependency on the Quartz plugin so this will only run if you have the Quartz plugin installed. If you do use Quartz but don't want to use the cleanup job, you can disable it by adding

grails.plugin.databasesession.cleanup.enabled = false

to Config.groovy. You can also change the maximum allowed age of a session with the grails.plugin.databasesession.cleanup.maxAge option, e.g.

grails.plugin.databasesession.cleanup.maxAge = 15

There's no reliable way to know what the current session timeout default is, so if you change it from the default of 30 minutes you should set this attribute to keep things in sync.

Enabling and disabling the plugin

By default the plugin is disabled in development mode but enabled otherwise. To change this set the grails.plugin.databasesession.enabled to true or false for whichever environment(s) you need.