Description
Description:
Hello :)
After upgrading from Spring Boot 3.3.3 to 3.4.3, my application encounters an issue where certain sessions stored in Redis no longer include the creationTime attribute. This results in a persistent exception being thrown during request handling:
Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception
java.lang.IllegalStateException: creationTime key must not be null
at org.springframework.session.data.redis.RedisSessionMapper.handleMissingKey(RedisSessionMapper.java:62)
at org.springframework.session.data.redis.RedisSessionMapper.apply(RedisSessionMapper.java:72)
at org.springframework.session.data.redis.RedisSessionMapper.apply(RedisSessionMapper.java:37)
at org.springframework.session.data.redis.RedisIndexedSessionRepository.getSession(RedisIndexedSessionRepository.java:535)
at org.springframework.session.data.redis.RedisIndexedSessionRepository.findById(RedisIndexedSessionRepository.java:500)
at org.springframework.session.data.redis.RedisIndexedSessionRepository.findById(RedisIndexedSessionRepository.java:267)
at org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper.getRequestedSession(SessionRepositoryFilter.java:352)
at org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper.getSession(SessionRepositoryFilter.java:286)
at org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper.getSession(SessionRepositoryFilter.java:193)
at jakarta.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:221)
at org.springframework.security.web.context.HttpSessionSecurityContextRepository.lambda$loadDeferredContext$0(HttpSessionSecurityContextRepository.java:143)
at org.springframework.security.web.context.SupplierDeferredSecurityContext.init(SupplierDeferredSecurityContext.java:67)
at org.springframework.security.web.context.SupplierDeferredSecurityContext.get(SupplierDeferredSecurityContext.java:52)
Steps to Reproduce:
Use Spring Boot 3.4.3 with Spring Session Data Redis.
Upgrade from Spring Boot 3.3.3 to 3.4.3.
Start the application and attempt to retrieve a session from Redis.
Observe the IllegalStateException: creationTime key must not be null error.
Expected Behavior:
The session should be deserialized correctly, retaining all required attributes, including creationTime.
Actual Behavior:
Some sessions retrieved from Redis do not contain creationTime, leading to an IllegalStateException.
Workaround:
No known workaround at this time. Clearing Redis storage does not resolve the issue permanently.
Environment:
Spring Boot Version: 3.4.3
Spring Data Session Version: 3.4.2
Java Version: 17
Any additional dependencies or configurations that might be relevant.
Additional Context:
This issue was not present in Spring Boot 3.3.3.
The problem appears to be related to session serialization/deserialization changes in Redis.
Would appreciate any guidance on resolving this issue. Thanks!