`InMemoryWebSessionStore#changeSessionId` makes blocking calls to UUID.randomUUID

While using blockhound to detect blocking operations in general, it was found for `logout` operation in reactive web support, `InMemoryWebSessionStore` makes a blocking call `UUID.randomUUID` via `changeSessionId` method call. 

As evident from [source](https://github.com/spring-projects/spring-framework/blob/b1ee44f12ead454deb72ff22bf6d4f2ed5643309/spring-web/src/main/java/org/springframework/web/server/session/InMemoryWebSessionStore.java#L231:L237), new session id generation would be performed on reactor thread.

```
reactor.blockhound.BlockingOperationError: Blocking call! java.io.FileInputStream#readBytes
	at java.io.FileInputStream.readBytes(FileInputStream.java) ~[?:?]
	Suppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException: 
Error has been observed at the following site(s):
	*__checkpoint ⇢ org.springframework.security.web.server.authentication.logout.LogoutWebFilter [DefaultWebFilterChain]
	*__checkpoint ⇢ org.springframework.security.web.server.savedrequest.ServerRequestCacheWebFilter [DefaultWebFilterChain]
	*__checkpoint ⇢ org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter [DefaultWebFilterChain]
	*__checkpoint ⇢ org.springframework.security.web.server.authentication.AuthenticationWebFilter [DefaultWebFilterChain]
	*__checkpoint ⇢ org.springframework.security.web.server.context.ReactorContextWebFilter [DefaultWebFilterChain]
	*__checkpoint ⇢ org.springframework.security.web.server.header.HttpHeaderWriterWebFilter [DefaultWebFilterChain]
	*__checkpoint ⇢ org.springframework.security.config.web.server.ServerHttpSecurity$ServerWebExchangeReactorContextWebFilter [DefaultWebFilterChain]
	*__checkpoint ⇢ org.springframework.security.web.server.WebFilterChainProxy [DefaultWebFilterChain]
	*__checkpoint ⇢ HTTP POST "/logout" [ExceptionHandlingWebHandler]
Original Stack Trace:
		at java.io.FileInputStream.readBytes(FileInputStream.java) ~[?:?]
		at java.io.FileInputStream.read(FileInputStream.java:276) ~[?:?]
		at java.io.FilterInputStream.read(FilterInputStream.java:132) ~[?:?]
		at sun.security.provider.NativePRNG$RandomIO.readFully(NativePRNG.java:425) ~[?:?]
		at sun.security.provider.NativePRNG$RandomIO.ensureBufferValid(NativePRNG.java:528) ~[?:?]
		at sun.security.provider.NativePRNG$RandomIO.implNextBytes(NativePRNG.java:547) ~[?:?]
		at sun.security.provider.NativePRNG.engineNextBytes(NativePRNG.java:221) ~[?:?]
		at java.security.SecureRandom.nextBytes(SecureRandom.java:758) ~[?:?]
		at java.util.UUID.randomUUID(UUID.java:151) ~[?:?]
		at org.springframework.util.JdkIdGenerator.generateId(JdkIdGenerator.java:31) ~[spring-core-5.3.22.jar:5.3.22]
		at org.springframework.web.server.session.InMemoryWebSessionStore$InMemoryWebSession.changeSessionId(InMemoryWebSessionStore.java:234) ~[spring-web-5.3.22.jar:5.3.22]
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

`InMemoryWebSessionStore#changeSessionId` makes blocking calls to UUID.randomUUID #29212

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

InMemoryWebSessionStore#changeSessionId makes blocking calls to UUID.randomUUID #29212

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

`InMemoryWebSessionStore#changeSessionId` makes blocking calls to UUID.randomUUID #29212