Skip to content

Issue in Redis Session Serialization after Upgrading from Spring Boot 3.3.3 to 3.4.3 #3347

Open
@luc-greg

Description

@luc-greg

Description:
Hello :)
After upgrading from Spring Boot 3.3.3 to 3.4.3, my application encounters an issue where certain sessions stored in Redis no longer include the creationTime attribute. This results in a persistent exception being thrown during request handling:

Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception
java.lang.IllegalStateException: creationTime key must not be null
	at org.springframework.session.data.redis.RedisSessionMapper.handleMissingKey(RedisSessionMapper.java:62)
	at org.springframework.session.data.redis.RedisSessionMapper.apply(RedisSessionMapper.java:72)
	at org.springframework.session.data.redis.RedisSessionMapper.apply(RedisSessionMapper.java:37)
	at org.springframework.session.data.redis.RedisIndexedSessionRepository.getSession(RedisIndexedSessionRepository.java:535)
	at org.springframework.session.data.redis.RedisIndexedSessionRepository.findById(RedisIndexedSessionRepository.java:500)
	at org.springframework.session.data.redis.RedisIndexedSessionRepository.findById(RedisIndexedSessionRepository.java:267)
	at org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper.getRequestedSession(SessionRepositoryFilter.java:352)
	at org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper.getSession(SessionRepositoryFilter.java:286)
	at org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper.getSession(SessionRepositoryFilter.java:193)
	at jakarta.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:221)
	at org.springframework.security.web.context.HttpSessionSecurityContextRepository.lambda$loadDeferredContext$0(HttpSessionSecurityContextRepository.java:143)
	at org.springframework.security.web.context.SupplierDeferredSecurityContext.init(SupplierDeferredSecurityContext.java:67)
	at org.springframework.security.web.context.SupplierDeferredSecurityContext.get(SupplierDeferredSecurityContext.java:52)

Steps to Reproduce:

Use Spring Boot 3.4.3 with Spring Session Data Redis.

Upgrade from Spring Boot 3.3.3 to 3.4.3.

Start the application and attempt to retrieve a session from Redis.

Observe the IllegalStateException: creationTime key must not be null error.

Expected Behavior:

The session should be deserialized correctly, retaining all required attributes, including creationTime.

Actual Behavior:

Some sessions retrieved from Redis do not contain creationTime, leading to an IllegalStateException.

Workaround:

No known workaround at this time. Clearing Redis storage does not resolve the issue permanently.

Environment:

Spring Boot Version: 3.4.3

Spring Data Session Version: 3.4.2

Java Version: 17

Any additional dependencies or configurations that might be relevant.

Additional Context:

This issue was not present in Spring Boot 3.3.3.

The problem appears to be related to session serialization/deserialization changes in Redis.

Would appreciate any guidance on resolving this issue. Thanks!

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions