Issue in Redis Session Serialization after Upgrading from Spring Boot 3.3.3 to 3.4.3

[luc-greg]

Description:
Hello :)
After upgrading from Spring Boot 3.3.3 to 3.4.3, my application encounters an issue where certain sessions stored in Redis no longer include the creationTime attribute. This results in a persistent exception being thrown during request handling:

Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception
java.lang.IllegalStateException: creationTime key must not be null
	at org.springframework.session.data.redis.RedisSessionMapper.handleMissingKey(RedisSessionMapper.java:62)
	at org.springframework.session.data.redis.RedisSessionMapper.apply(RedisSessionMapper.java:72)
	at org.springframework.session.data.redis.RedisSessionMapper.apply(RedisSessionMapper.java:37)
	at org.springframework.session.data.redis.RedisIndexedSessionRepository.getSession(RedisIndexedSessionRepository.java:535)
	at org.springframework.session.data.redis.RedisIndexedSessionRepository.findById(RedisIndexedSessionRepository.java:500)
	at org.springframework.session.data.redis.RedisIndexedSessionRepository.findById(RedisIndexedSessionRepository.java:267)
	at org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper.getRequestedSession(SessionRepositoryFilter.java:352)
	at org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper.getSession(SessionRepositoryFilter.java:286)
	at org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper.getSession(SessionRepositoryFilter.java:193)
	at jakarta.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:221)
	at org.springframework.security.web.context.HttpSessionSecurityContextRepository.lambda$loadDeferredContext$0(HttpSessionSecurityContextRepository.java:143)
	at org.springframework.security.web.context.SupplierDeferredSecurityContext.init(SupplierDeferredSecurityContext.java:67)
	at org.springframework.security.web.context.SupplierDeferredSecurityContext.get(SupplierDeferredSecurityContext.java:52)

Steps to Reproduce:

Use Spring Boot 3.4.3 with Spring Session Data Redis.

Upgrade from Spring Boot 3.3.3 to 3.4.3.

Start the application and attempt to retrieve a session from Redis.

Observe the IllegalStateException: creationTime key must not be null error.

Expected Behavior:

The session should be deserialized correctly, retaining all required attributes, including creationTime.

Actual Behavior:

Some sessions retrieved from Redis do not contain creationTime, leading to an IllegalStateException.

Workaround:

No known workaround at this time. Clearing Redis storage does not resolve the issue permanently.

Environment:

Spring Boot Version: 3.4.3

Spring Data Session Version: 3.4.2

Java Version: 17

Any additional dependencies or configurations that might be relevant.

Additional Context:

This issue was not present in Spring Boot 3.3.3.

The problem appears to be related to session serialization/deserialization changes in Redis.

Would appreciate any guidance on resolving this issue. Thanks!