spring-projects · quaff · Aug 10, 2023
diff --git a/...sion-core/src/main/java/org/springframework/session/web/http/SessionRepositoryFilter.java b/...sion-core/src/main/java/org/springframework/session/web/http/SessionRepositoryFilter.java
@@ -106,6 +106,8 @@ public class SessionRepositoryFilter<S extends Session> extends OncePerRequestFi
 
 	private HttpSessionIdResolver httpSessionIdResolver = new CookieHttpSessionIdResolver();
 
+	private boolean commitSessionOncePerRequest = false;
+
 	/**
 	 * Creates a new instance.
 	 * @param sessionRepository the <code>SessionRepository</code> to use. Cannot be null.
@@ -130,6 +132,15 @@ public void setHttpSessionIdResolver(HttpSessionIdResolver httpSessionIdResolver
 		this.httpSessionIdResolver = httpSessionIdResolver;
 	}
 
+	/**
+	 * Sets the {@link #commitSessionOncePerRequest} to be used. The default is a
+	 * {@code false}.
+	 * @param commitSessionOncePerRequest the value to use.
+	 */
+	public void setCommitSessionOncePerRequest(boolean commitSessionOncePerRequest) {
+		this.commitSessionOncePerRequest = commitSessionOncePerRequest;
+	}
+
 	@Override
 	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
 			throws ServletException, IOException {
@@ -207,6 +218,8 @@ private final class SessionRepositoryRequestWrapper extends HttpServletRequestWr
 
 		private boolean hasCommittedInInclude;
 
+		private boolean committed;
+
 		private SessionRepositoryRequestWrapper(HttpServletRequest request, HttpServletResponse response) {
 			super(request);
 			this.response = response;
@@ -217,6 +230,10 @@ private SessionRepositoryRequestWrapper(HttpServletRequest request, HttpServletR
 		 * and persist the Session.
 		 */
 		private void commitSession() {
+			if (this.committed && SessionRepositoryFilter.this.commitSessionOncePerRequest) {
+				return;
+			}
+			this.committed = true;
 			HttpSessionWrapper wrappedSession = getCurrentSession();
 			if (wrappedSession == null) {
 				if (isInvalidateClientSession()) {

diff --git a/...core/src/test/java/org/springframework/session/web/http/SessionRepositoryFilterTests.java b/...core/src/test/java/org/springframework/session/web/http/SessionRepositoryFilterTests.java
@@ -44,6 +44,8 @@
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
 import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;
 
@@ -1346,6 +1348,34 @@ public void doFilter(HttpServletRequest wrappedRequest, HttpServletResponse wrap
 		});
 	}
 
+	@ParameterizedTest
+	@ValueSource(booleans = { false, true })
+	void commitSessionOncePerRequest(boolean commitSessionOncePerRequest) throws Exception {
+		MapSession session = this.sessionRepository.createSession();
+		this.sessionRepository.save(session);
+		SessionRepository<MapSession> sessionRepository = spy(this.sessionRepository);
+		setSessionCookie(session.getId());
+
+		given(sessionRepository.findById(session.getId())).willReturn(session);
+
+		this.filter = new SessionRepositoryFilter<>(sessionRepository);
+		this.filter.setCommitSessionOncePerRequest(commitSessionOncePerRequest);
+
+		doFilter(new DoInFilter() {
+			@Override
+			public void doFilter(HttpServletRequest wrappedRequest, HttpServletResponse wrappedResponse)
+					throws IOException, ServletException {
+				String id = wrappedRequest.getSession().getId();
+				wrappedResponse.getOutputStream().close(); // trigger commitSession()
+				assertThat(SessionRepositoryFilterTests.this.sessionRepository.findById(id)).isNotNull();
+			}
+		});
+		int times = commitSessionOncePerRequest ? 1 : 2;
+		verify(sessionRepository, times(times)).findById(session.getId());
+		verify(sessionRepository, times(times)).save(session);
+		verifyNoMoreInteractions(sessionRepository);
+	}
+
 	// --- helper methods
 
 	private void assertNewSession() {