SessionRepositoryFilter.SessionRepositoryRequestWrapper.commitSession() triggers extraneous call to SessionRespository.findById(...)

[pferraro]

Describe the bug
For a valid session, SessionRepositoryFilter.SessionRepositoryRequestWrapper.commitSession() does the following:

1. Clears cached values for references for requestedSessionCache, requestedSession, and requestedSessionId.
2. Saves the state of the session
3. If the requested session ID is not valid, or if the ID of the session changed from the requested session ID, then the session ID is sent to the client

However, since #1 already cleared the requested session cached values #3 requires a completely redundant call to SessionRepository.findById(...). Depending on the implementation, this can be unnecessarily expensive.

To Reproduce
Use a tracer to detect calls to SessionRepository.findById(...). For a requested session, this is triggered twice, once at the beginning of the request, and again after the session is saved.

Expected behavior
SessionRepository.findById(...) should be considered a potentially expensive operation, and only triggered when necessary. Clearing cached values after determining whether to send the session ID to the client (i.e. in a finally block) would solve the problem.

[ashwaniagarwal226]

Hi All can i know in which release above fix will be available as i am facing the same issue mentioned above

[anilgupta22]

Spring Session works great for session management but noticed lot of slowness because of this known issue. This is very urgent issue and blocker. Is there any official release date for this?