[英]Do multiple browser instances run in same session
I need to consolidate separate browser's sessions in one. 我需要将单独的浏览器会话合并为一个。 Please read me carefully, I know that multiple tabs, or windows coming from the same browser instance will do it automatically.
请仔细阅读我的信息,我知道来自同一浏览器实例的多个选项卡或窗口将自动执行此操作。 However I have separate instances of the same browser which share same president sessions pool.
但是,我有共享同一总裁会话池的同一浏览器的单独实例。 It means if I enforce session cookie persistence option, the task gets resolved automatically.
这意味着如果我强制执行会话cookie持久性选项,任务将自动解决。 However not many App Servers support the option.
但是,没有很多App Server支持该选项。 Some servers like WebSphere provide an option as remember me, however it sets a persistent cookie with limited trust, and as result a user can be prompted for login information.
像WebSphere这样的某些服务器提供了一个选项,让我记住了,但是它设置了具有有限信任的持久性cookie,因此可以提示用户输入登录信息。 So I need some push on thoughts.
所以我需要一些想法。 I can see currently one approach
我现在可以看到一种方法
I need you opinion on 我需要你的意见
If the cookie data is encrypted for the user session using a key on the server and some non repeatable session identifier then you only have to worry about a "man in the middle" which can be mitigated using ssl. 如果使用服务器上的密钥和一些不可重复的会话标识符对用户会话的cookie数据进行加密,那么您只需要担心可以使用ssl缓解的“中间人”。
I do not see this as an issue as you said you have a sliding expiration for your server sessions and your server should reclaim the resources when that expiration is reached. 我不认为这是一个问题,因为您说您的服务器会话有一个到期日,并且服务器应在达到该到期时回收资源。
Unless you are using some backing store to support sticky session persistence your user's session will be lost during a failover. 除非您使用某些后备存储来支持粘性会话持久性,否则您的用户会话将在故障转移期间丢失。
Also, keep in mind that your authentication cookie is only good for the domain at which it was issued. 另外,请记住,您的身份验证cookie仅适用于发出它的域。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.