`Hello,

I’m facing an issue using a spring boot 3 application that implement a websocket communication with other angular application

In fact,I’m configuring my application to create spring session only for websocket requests and avoid creating session for other requests

the configuration is like the following:

security config class: I configured the session to be stateless

@Bean
    public SecurityFilterChain configure(final HttpSecurity http) throws Exception {
        http
                .authorizeHttpRequests(r -> r
                        .requestMatchers("/actuator/**", "/public/**", "/v2/api-docs", "/swagger-resources/**",
                                "/swagger-ui/**", "/swagger/**","/swagger-ui.html", "/api/user/profile",
                                "/stompwebsocket/**"
                        )
                        .permitAll()
                        .requestMatchers("/v2/registration/**").hasRole("ADMIN")
                        .requestMatchers("/v3/**").hasRole("ADMIN")
                        .anyRequest().authenticated()
                ).csrf(AbstractHttpConfigurer::disable)
                .oauth2ResourceServer(o -> o.authenticationManagerResolver(authenticationManagerResolver))
                .sessionManagement(s -> s.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
        return http.build();
    }

Websocket config class: i added an interceptor to create session for websocket

@Configuration
@EnableWebSocketMessageBroker
@EnableScheduling
public class WebSocketConfigurationSession extends AbstractSessionWebSocketMessageBrokerConfigurer<Session> {
       
        @Override
    protected void configureStompEndpoints(StompEndpointRegistry stompEndpointRegistry) {
        stompEndpointRegistry.addEndpoint("/stompwebsocket").setAllowedOrigins("*")
                .addInterceptors(new HttpSessionHandshakeInterceptor());
    }

}

This is the interceptor class:

public class HttpSessionHandshakeInterceptor implements HandshakeInterceptor {

    private static final Logger logger = LoggerFactory.getLogger(HttpSessionHandshakeInterceptor.class);

    @Override
    public boolean beforeHandshake(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler wsHandler, Map<String, Object> attributes) throws Exception {
        logger.info("Handshake interceptor called!!");
        if (request instanceof ServletServerHttpRequest) {
            ServletServerHttpRequest servletRequest = (ServletServerHttpRequest) request;
            HttpSession session = servletRequest.getServletRequest().getSession();
            attributes.put("sessionId", session.getId());
            logger.info("Websocket session with id {} created", session.getId());
        }

        return true;
    }

    @Override
    public void afterHandshake(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler wsHandler, Exception exception) {
}
}

Now , the problem is that many SELECT and UPDATE queries are triggered by spring session
and in the application log i received continiously this message:

DEBUG o.s.s.w.h.S.SESSION_LOGGER.getSession – No session found by id: Caching result for getSession(false) for this HttpServletRequest.

And also by checking the pg_stat_statements table i found that many SELECT and UPDATE calls are performed to the spring_session table:

SELECT calls, query FROM pg_stat_statements WHERE query LIKE ‘%’ || ‘SPRING_SESSION’ || ‘%’ order by calls desc;

(https://i.sstatic.net/GewEvxQE.jpg)

What should i do to fix this issue and avoid having a huge number of SELECT and UPDATE queries to spring_session table ?

Thanks in advance for you help`