Description
Is your feature request related to a problem? Please describe.
Yes. Spring Session 1.x offered a mechanism to manage multiple HttpSession instances within a single browser using a URL parameter (_s), as described in the Spring Session 1.3.x Reference Manual. However, this specific support for managing multiple independent sessions in a single browser was removed in Spring Session 2.0 due to changes in HttpSessionStrategy and alignment with reactive paradigms, as confirmed in the Spring Session 2.x Upgrading Guide (and discussed in GitHub issue #1056).
While the previous implementation allowed for truly distinct sessions, modern web applications often face a related but distinct challenge: managing session attributes effectively across multiple browser tabs or windows that belong to the same logical user session. As detailed in spring-framework#34780: "Enhance Multitab Session Attribute Management and Data Protection" (spring-projects/spring-framework#34780), current Spring mechanisms (@SessionAttributes, @ModelAttribute) can lead to data loss or inconsistency when the same model attribute is accessed or modified from different tabs, as updates in one tab might unintentionally overwrite data relevant to another tab within the same session.
The lack of explicit multi-tab session attribute management, combined with the earlier removal of multi-session support, presents a gap for applications requiring robust state management across complex user workflows involving multiple browser windows or tabs.
Describe the solution you'd like
Spring Session project to consider reintroducing or providing an enhanced mechanism for multi-tab session management. This could manifest in a few ways:
1. Reconsideration of true "multiple HttpSessions in a single browser": While removed, the use case for genuinely distinct user contexts within the same browser (e.g., managing multiple authenticated accounts, as Google does) still exists. If feasible and aligned with current architectural principles, a modern re-implementation could be valuable.
2. Integration or Alignment with spring-framework#34780: Even if full multi-session support isn't reintroduced, tightly integrating with or providing foundational support for the proposed multitab flag within @ModelAttribute (or a similar mechanism) from spring-framework#34780 would be highly beneficial. Spring Session is responsible for session persistence and management, so it's a logical place for enhancements that allow session attributes to be stored and retrieved with "tab-awareness." This might involve:
-
Providing an extensible API within Spring Session that allows
HttpSessionStrategy(or a new component) to be aware of tab-specific identifiers. -
Offering default implementations or configuration options that work seamlessly with a UI-generated tab ID (as suggested in
spring-framework#34780via hidden fields or URL parameters). -
Potentially managing multiple "sub-session" contexts within a single underlying
HttpSessionfor different tabs, if not full independent sessions.
Describe alternatives you've considered
Currently, developers resort to manual workarounds in the application layer, such as:
- Appending tab-specific IDs to session attribute keys (e.g.,
product_12345). This requires extensive manual coding, making model attribute management cumbersome. - Moving complex state management to the client-side (e.g., using browser local storage), which can have security implications and shift complexity to the frontend.
- Restricting user workflows to single tabs, which degrades user experience.
Additional context
The modern web often involves users interacting with applications across multiple tabs concurrently. Providing robust, framework-level support for managing session state in such environments is crucial for building scalable and maintainable applications. The discussion in spring-framework#34780 clearly highlights a significant pain point for many developers. Believe a solution originating from or closely integrated with Spring Session would be the most effective and idiomatic approach within the Spring ecosystem.