jsessionid作为路径参数在Tomcat中不起作用
[英]jsessionid as path parameter not working in Tomcat
问题描述
I'm using Tomcat 7.0.84, and my web app uses the Servlet 3.0 deployment descriptor. 
我正在使用Tomcat 7.0.84,我的Web应用程序使用Servlet 3.0部署描述符。 The web.xml file contains this: web.xml文件包含以下内容:
<session-config>
<cookie-config>
<name>JSESSIONID</name>
<http-only>false</http-only>
</cookie-config>
<tracking-mode>URL</tracking-mode>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
I have a desktop application that logs into the web app and establishes a session. 我有一个登录到Web应用程序并建立会话的桌面应用程序。 In response to a user action, it invokes a URL in a browser. 作为对用户操作的响应,它在浏览器中调用URL。 Since I want the browser to be logged in with the same session, I append the jsessionid path parameter like this: 由于我希望浏览器使用相同的会话登录,因此我添加了jsessionid path参数,如下所示:
http://server/contextroot/path/;jsessionid=8BDF744802E7850D5AA4AB6535163504 http:// server / contextroot / path /; jsessionid = 8BDF744802E7850D5AA4AB6535163504
I close my browser completely so when the URL is spawned, no previous session cookies will be sent. 我完全关闭了浏览器,因此当生成URL时,将不会发送以前的会话cookie。 (My default browser is chrome, and I verify this is the case.) (我的默认浏览器是chrome,我确认是这种情况。)
I also very in code that the URL tracking mode is enabled, by logging the return value of ServletContext.getEffectiveSessionTrackingModes. 我还非常在代码中通过记录ServletContext.getEffectiveSessionTrackingModes的返回值来启用了URL跟踪模式。
What I'm expecting is the browser request to automatically get the session indicated by the ;jsessionid parameter, but it is not happening. 我期望的是浏览器请求自动获取; jsessionid参数指示的会话,但是这没有发生。 Each time Tomcat includes a new session cookie in its response. 每次Tomcat在其响应中包括一个新的会话cookie。
This code used to work with a previous version of Tomcat (Probably 5.5) and the servlet 2.3 spec. 该代码曾经用于Tomcat的早期版本(可能是5.5)和Servlet 2.3规范。 I don't see anything in the Servlet 3.0 spec or Tomcat docs that indicate that this shouldn't work, and I'm all out of ideas. 我没有在Servlet 3.0规范或Tomcat文档中看到任何指示这不起作用的东西,并且我全都没有想法。
Does anyone know why this isn't working as expected? 有谁知道为什么这没有按预期进行?
1 个解决方案
解决方案1
0 已采纳 2018-02-03 21:33:48
Here is how I got this to work: 这是我如何使它工作的:
In web.xml, I changed 在web.xml中,我更改了
<cookie-config>
<name>JSESSIONID</name>
<http-only>false</http-only>
</cookie-config>
to: 至:
<cookie-config>
<name>jsessionid</name>
<http-only>false</http-only>
</cookie-config>
so that the session cookie name is now all lowercase, and exactly matches the name of the jsessionid path parameter. 因此会话cookie名称现在全为小写,并且与jsessionid路径参数的名称完全匹配。
Another way it worked was to change the path parameter name from jsessionid to JSESSIONID. 另一种工作方式是将路径参数名称从jsessionid更改为JSESSIONID。 This is because, in Tomcat, if you explictly configure a name for the session cookie, it uses that as the name of the path parameter used to pass in a session ID. 这是因为,在Tomcat中,如果您明确配置会话cookie的名称,它将使用该名称作为用于传递会话ID的path参数的名称。 This seems to be out of compliance with section 7.1.3 of the Servlet 3.0 spec, which says: 这似乎不符合Servlet 3.0规范的7.1.3节,即:
The session ID must be encoded as a path parameter in the URL string.
http://www.myserver.com/catalog/index.html;jsessionid=1234
However, it does comply with this excerpt from section 7.1.1: 但是,它确实符合第7.1.1节中的摘录:
If a web application configures a custom name for its session tracking cookies, the same custom name will also be used as the name of the URI parameter if the session id is encoded in the URL (provided that URL rewriting has been enabled).
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.