From de0e0c8aa69a584f8fe823ee1f4237ec16cd7b07 Mon Sep 17 00:00:00 2001 From: Mohammad Saeed Nouri Date: Sun, 8 Jun 2025 15:44:06 +0330 Subject: [PATCH 1/2] Fix: Allow session update when session ID already exists even if max sessions limit is reached Signed-off-by: Mohammad Saeed Nouri --- .../web/server/session/InMemoryWebSessionStore.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spring-web/src/main/java/org/springframework/web/server/session/InMemoryWebSessionStore.java b/spring-web/src/main/java/org/springframework/web/server/session/InMemoryWebSessionStore.java index 449eb6651f2f..707d6f5e80ec 100644 --- a/spring-web/src/main/java/org/springframework/web/server/session/InMemoryWebSessionStore.java +++ b/spring-web/src/main/java/org/springframework/web/server/session/InMemoryWebSessionStore.java @@ -281,7 +281,7 @@ public Mono save() { private void checkMaxSessionsLimit() { if (sessions.size() >= maxSessions) { expiredSessionChecker.removeExpiredSessions(clock.instant()); - if (sessions.size() >= maxSessions) { + if (sessions.size() >= maxSessions && !sessions.containsKey(this.getId())) { throw new IllegalStateException("Max sessions limit reached: " + sessions.size()); } } From 25e664271b1bb6fbef31b722819531e3cc8440cc Mon Sep 17 00:00:00 2001 From: Mohammad Saeed Nouri Date: Mon, 9 Jun 2025 20:12:16 +0330 Subject: [PATCH 2/2] Test case for Allow session update for existing session ID even if max sessions limit is reached Signed-off-by: Mohammad Saeed Nouri --- .../session/InMemoryWebSessionStoreTests.java | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/spring-web/src/test/java/org/springframework/web/server/session/InMemoryWebSessionStoreTests.java b/spring-web/src/test/java/org/springframework/web/server/session/InMemoryWebSessionStoreTests.java index 0bf488eda75a..ee59f14abe9d 100644 --- a/spring-web/src/test/java/org/springframework/web/server/session/InMemoryWebSessionStoreTests.java +++ b/spring-web/src/test/java/org/springframework/web/server/session/InMemoryWebSessionStoreTests.java @@ -30,6 +30,7 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatIllegalStateException; +import reactor.test.StepVerifier; /** * Tests for {@link InMemoryWebSessionStore}. @@ -159,6 +160,25 @@ void maxSessions() { .withMessage("Max sessions limit reached: 10000"); } + @Test + void updateSession() { + WebSession oneWebSession = insertSession(); + + StepVerifier.create(oneWebSession.save()) + .expectComplete() + .verify(); + } + + @Test + void updateSession_whenMaxSessionsReached() { + WebSession onceWebSession = insertSession(); + IntStream.range(1, 10000).forEach(i -> insertSession()); + + StepVerifier.create(onceWebSession.save()) + .expectComplete() + .verify(); + } + private WebSession insertSession() { WebSession session = this.store.createWebSession().block(); assertThat(session).isNotNull();