Determine whether or not nested changes occurred using MD5 hash of attributes.

Author: jcoleman

spec/requests/session_updating_spec.rb

@@ -76,6 +76,14 @@
     json['value'].should == '6'
   end
 
+  it 'should detect nested changes and persist them' do
+    post(SESSION_PATH, body: {param1: {subparam: '5'}})
+    json['attributes']['param1']['subparam'].should == '5'
+    post(SESSION_PATH, body: {param1: {subparam: '6'}})
+    get(SESSION_PATH)
+    json['attributes']['param1']['subparam'].should == '6'
+  end
+
   it 'should default to last-write-wins behavior for simultaneous updates' do
     post(SESSION_PATH, body: {param1: '5'})
 

src/main/java/com/orangefunction/tomcat/redissessions/JavaSerializer.java

@@ -3,39 +3,67 @@
 import org.apache.catalina.util.CustomObjectInputStream;
 
 import javax.servlet.http.HttpSession;
+
+import java.util.Enumeration;
+import java.util.HashMap;
 import java.io.*;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
 
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
 
 public class JavaSerializer implements Serializer {
   private ClassLoader loader;
 
+  private final Log log = LogFactory.getLog(JavaSerializer.class);
+
   @Override
   public void setClassLoader(ClassLoader loader) {
     this.loader = loader;
   }
 
-  @Override
-  public byte[] serializeFrom(HttpSession session) throws IOException {
+  public byte[] attributesHashFrom(RedisSession session) throws IOException {
+    HashMap<String,Object> attributes = new HashMap<String,Object>();
+    for (Enumeration<String> enumerator = session.getAttributeNames(); enumerator.hasMoreElements();) {
+      String key = enumerator.nextElement();
+      attributes.put(key, session.getAttribute(key));
+    }
 
-    RedisSession redisSession = (RedisSession) session;
     ByteArrayOutputStream bos = new ByteArrayOutputStream();
     try (ObjectOutputStream oos = new ObjectOutputStream(new BufferedOutputStream(bos))) {
-      redisSession.writeObjectData(oos);
+      oos.writeUnshared(attributes);
     }
 
-    return bos.toByteArray();
+    MessageDigest digester = null;
+    try {
+      digester = MessageDigest.getInstance("MD5");
+    } catch (NoSuchAlgorithmException e) {
+      log.error("Unable to get MessageDigest instance for MD5");
+    }
+    return digester.digest(bos.toByteArray());
   }
 
   @Override
-  public HttpSession deserializeInto(byte[] data, HttpSession session) throws IOException, ClassNotFoundException {
+  public byte[] serializeFrom(RedisSession session, SessionSerializationMetadata metadata) throws IOException {
+    ByteArrayOutputStream bos = new ByteArrayOutputStream();
+    try (ObjectOutputStream oos = new ObjectOutputStream(new BufferedOutputStream(bos))) {
+      oos.writeObject(metadata);
+      session.writeObjectData(oos);
+    }
+
+    return bos.toByteArray();
+  }
 
-    RedisSession redisSession = (RedisSession) session;
+  @Override
+  public void deserializeInto(byte[] data, RedisSession session, SessionSerializationMetadata metadata) throws IOException, ClassNotFoundException {
     try(
         BufferedInputStream bis = new BufferedInputStream(new ByteArrayInputStream(data));
         ObjectInputStream ois = new CustomObjectInputStream(bis, loader);
     ) {
-        redisSession.readObjectData(ois);
-        return session;
+      SessionSerializationMetadata serializedMetadata = (SessionSerializationMetadata)ois.readObject();
+      metadata.copyFieldsFrom(serializedMetadata);
+      session.readObjectData(ois);
     }
   }
 }

src/main/java/com/orangefunction/tomcat/redissessions/RedisSessionManager.java

@@ -67,6 +67,7 @@ static SessionPersistPolicy fromName(String name) {
 
   protected RedisSessionHandlerValve handlerValve;
   protected ThreadLocal<RedisSession> currentSession = new ThreadLocal<>();
+  protected ThreadLocal<SessionSerializationMetadata> currentSessionSerializationMetadata = new ThreadLocal<>();
   protected ThreadLocal<String> currentSessionId = new ThreadLocal<>();
   protected ThreadLocal<Boolean> currentSessionIsPersisted = new ThreadLocal<>();
   protected Serializer serializer;
@@ -380,6 +381,7 @@ This ensures that the save(session) at the end of the request
       currentSession.set(session);
       currentSessionId.set(sessionId);
       currentSessionIsPersisted.set(false);
+      currentSessionSerializationMetadata.set(new SessionSerializationMetadata());
 
       if (null != session) {
         try {
@@ -417,27 +419,32 @@ public void add(Session session) {
 
   @Override
   public Session findSession(String id) throws IOException {
-    RedisSession session;
+    RedisSession session = null;
 
-    if (id == null) {
-      session = null;
+    if (null == id) {
       currentSessionIsPersisted.set(false);
+      currentSession.set(null);
+      currentSessionSerializationMetadata.set(null);
+      currentSessionId.set(null);
     } else if (id.equals(currentSessionId.get())) {
       session = currentSession.get();
     } else {
-      session = loadSessionFromRedis(id);
-
-      if (session != null) {
+      byte[] data = loadSessionDataFromRedis(id);
+      if (data != null) {
+        DeserializedSessionContainer container = sessionFromSerializedData(id, data);
+        session = container.session;
+        currentSession.set(session);
+        currentSessionSerializationMetadata.set(container.metadata);
         currentSessionIsPersisted.set(true);
+        currentSessionId.set(id);
       } else {
         currentSessionIsPersisted.set(false);
-        id = null;
+        currentSession.set(null);
+        currentSessionSerializationMetadata.set(null);
+        currentSessionId.set(null);
       }
     }
 
-    currentSession.set(session);
-    currentSessionId.set(id);
-
     return session;
   }
 
@@ -485,9 +492,7 @@ public String[] keys() throws IOException {
     }
   }
 
-  public RedisSession loadSessionFromRedis(String id) throws IOException {
-    RedisSession session;
-
+  public byte[] loadSessionDataFromRedis(String id) throws IOException {
     Jedis jedis = null;
     Boolean error = true;
 
@@ -500,41 +505,54 @@ public RedisSession loadSessionFromRedis(String id) throws IOException {
 
       if (data == null) {
         log.trace("Session " + id + " not found in Redis");
-        session = null;
-      } else {
-        log.trace("Deserializing session " + id + " from Redis");
-        session = (RedisSession)createEmptySession();
-        serializer.deserializeInto(data, session);
-        session.setId(id);
-        session.setNew(false);
-        session.setMaxInactiveInterval(getMaxInactiveInterval() * 1000);
-        session.access();
-        session.setValid(true);
-        session.resetDirtyTracking();
-
-        if (log.isTraceEnabled()) {
-          log.trace("Session Contents [" + id + "]:");
-          Enumeration en = session.getAttributeNames();
-          while(en.hasMoreElements()) {
-            log.trace("  " + en.nextElement());
-          }
-        }
       }
 
-      return session;
-    } catch (IOException e) {
-      log.fatal(e.getMessage());
-      throw e;
-    } catch (ClassNotFoundException ex) {
-      log.fatal("Unable to deserialize into session", ex);
-      throw new IOException("Unable to deserialize into session", ex);
+      return data;
     } finally {
       if (jedis != null) {
         returnConnection(jedis, error);
       }
     }
   }
 
+  public DeserializedSessionContainer sessionFromSerializedData(String id, byte[] data) throws IOException {
+    log.trace("Deserializing session " + id + " from Redis");
+
+    if (Arrays.equals(NULL_SESSION, data)) {
+      log.error("Encountered serialized session " + id + " with data equal to NULL_SESSION. This is a bug.");
+      throw new IOException("Serialized session data was equal to NULL_SESSION");
+    }
+
+    RedisSession session = null;
+    SessionSerializationMetadata metadata = new SessionSerializationMetadata();
+
+    try {
+      session = (RedisSession)createEmptySession();
+
+      serializer.deserializeInto(data, session, metadata);
+
+      session.setId(id);
+      session.setNew(false);
+      session.setMaxInactiveInterval(getMaxInactiveInterval() * 1000);
+      session.access();
+      session.setValid(true);
+      session.resetDirtyTracking();
+
+      if (log.isTraceEnabled()) {
+        log.trace("Session Contents [" + id + "]:");
+        Enumeration en = session.getAttributeNames();
+        while(en.hasMoreElements()) {
+          log.trace("  " + en.nextElement());
+        }
+      }
+    } catch (ClassNotFoundException ex) {
+      log.fatal("Unable to deserialize into session", ex);
+      throw new IOException("Unable to deserialize into session", ex);
+    }
+
+    return new DeserializedSessionContainer(session, metadata);
+  }
+
   public void save(Session session) throws IOException {
     save(session, false);
   }
@@ -571,17 +589,49 @@ protected boolean saveInternal(Jedis jedis, Session session, boolean forceSave)
         }
       }
 
-      Boolean sessionIsDirty = redisSession.isDirty();
-
-      redisSession.resetDirtyTracking();
       byte[] binaryId = redisSession.getId().getBytes();
 
-      Boolean isCurrentSessionPersisted = this.currentSessionIsPersisted.get();
-      if (forceSave || sessionIsDirty || (isCurrentSessionPersisted == null || !isCurrentSessionPersisted)) {
-        jedis.set(binaryId, serializer.serializeFrom(redisSession));
-      }
+      Boolean isCurrentSessionPersisted;
+      SessionSerializationMetadata sessionSerializationMetadata = currentSessionSerializationMetadata.get();
+      byte[] originalSessionAttributesHash = sessionSerializationMetadata.getSessionAttributesHash();
+      byte[] sessionAttributesHash = null;
+      if (
+           forceSave
+           || redisSession.isDirty()
+           || null == (isCurrentSessionPersisted = this.currentSessionIsPersisted.get())
+            || !isCurrentSessionPersisted
+           || !Arrays.equals(originalSessionAttributesHash, (sessionAttributesHash = serializer.attributesHashFrom(redisSession)))
+         ) {
+
+        log.trace("Save was determined to be necessary");
+
+        /*if (forceSave) {
+          log.info("save was necessary: forceSave=true");
+        } else if (redisSession.isDirty()) {
+          log.info("save was necessary: isDirty()=true");
+        } else if (null == (isCurrentSessionPersisted = this.currentSessionIsPersisted.get())) {
+          log.info("save was necessary: isCurrentSessionPersisted=null");
+        } else if (!isCurrentSessionPersisted) {
+          log.info("save was necessary: isCurrentSessionPersisted=false");
+        } else if (!Arrays.equals(originalSessionAttributesHash, (sessionAttributesHash = serializer.attributesHashFrom(redisSession)))) {
+          log.info("save was necessary: sessionsAttributeHashChanged: orig=" + new String(Base64.encodeBase64(originalSessionAttributesHash)) + " new=" + new String(Base64.encodeBase64(sessionAttributesHash)));
+        }*/
+
+        if (null == sessionAttributesHash) {
+          sessionAttributesHash = serializer.attributesHashFrom(redisSession);
+        }
 
-      currentSessionIsPersisted.set(true);
+        SessionSerializationMetadata updatedSerializationMetadata = new SessionSerializationMetadata();
+        updatedSerializationMetadata.setSessionAttributesHash(sessionAttributesHash);
+
+        jedis.set(binaryId, serializer.serializeFrom(redisSession, updatedSerializationMetadata));
+
+        redisSession.resetDirtyTracking();
+        currentSessionSerializationMetadata.set(updatedSerializationMetadata);
+        currentSessionIsPersisted.set(true);
+      } else {
+        log.trace("Save was determined to be unnecessary");
+      }
 
       log.trace("Setting expire timeout on session [" + redisSession.getId() + "] to " + getMaxInactiveInterval());
       jedis.expire(binaryId, getMaxInactiveInterval());
@@ -834,3 +884,12 @@ public void setJmxNamePrefix(String jmxNamePrefix) {
     this.connectionPoolConfig.setJmxNamePrefix(jmxNamePrefix);
   }
 }
+
+class DeserializedSessionContainer {
+  public final RedisSession session;
+  public final SessionSerializationMetadata metadata;
+  public DeserializedSessionContainer(RedisSession session, SessionSerializationMetadata metadata) {
+    this.session = session;
+    this.metadata = metadata;
+  }
+}

src/main/java/com/orangefunction/tomcat/redissessions/Serializer.java

@@ -6,7 +6,7 @@
 public interface Serializer {
   void setClassLoader(ClassLoader loader);
 
-  byte[] serializeFrom(HttpSession session) throws IOException;
-
-  HttpSession deserializeInto(byte[] data, HttpSession session) throws IOException, ClassNotFoundException;
+  byte[] attributesHashFrom(RedisSession session) throws IOException;
+  byte[] serializeFrom(RedisSession session, SessionSerializationMetadata metadata) throws IOException;
+  void deserializeInto(byte[] data, RedisSession session, SessionSerializationMetadata metadata) throws IOException, ClassNotFoundException;
 }

src/main/java/com/orangefunction/tomcat/redissessions/SessionSerializationMetadata.java

@@ -0,0 +1,42 @@
+package com.orangefunction.tomcat.redissessions;
+
+import java.io.*;
+
+
+public class SessionSerializationMetadata implements Serializable {
+
+  private byte[] sessionAttributesHash;
+
+  public SessionSerializationMetadata() {
+    this.sessionAttributesHash = new byte[0];
+  }
+
+  public byte[] getSessionAttributesHash() {
+    return sessionAttributesHash;
+  }
+
+  public void setSessionAttributesHash(byte[] sessionAttributesHash) {
+    this.sessionAttributesHash = sessionAttributesHash;
+  }
+
+  public void copyFieldsFrom(SessionSerializationMetadata metadata) {
+    this.setSessionAttributesHash(metadata.getSessionAttributesHash());
+  }
+
+  private void writeObject(java.io.ObjectOutputStream out) throws IOException {
+    out.writeInt(sessionAttributesHash.length);
+    out.write(this.sessionAttributesHash);
+  }
+
+  private void readObject(java.io.ObjectInputStream in) throws IOException, ClassNotFoundException {
+    int hashLength = in.readInt();
+    byte[] sessionAttributesHash = new byte[hashLength];
+    in.read(sessionAttributesHash, 0, hashLength);
+    this.sessionAttributesHash = sessionAttributesHash;
+  }
+
+  private void readObjectNoData() throws ObjectStreamException {
+    this.sessionAttributesHash = new byte[0];
+  }
+
+}