在 URL 中使用 JSESSIONID 时,会创建一个新会话
[英]When using JSESSIONID in the URL, a new session is created
问题描述
I make the following request:
我提出以下要求:
http://qwerty.localhost:82/Server/chat/connect;8O8488WlWWgNzAkGCFYAZyj3Bn91CR=05493D28DDD97308D66DAAC3DD66EAC2
or so:或者:
http://qwerty.localhost:82/Server/chat/connect/;8O8488WlWWgNzAkGCFYAZyj3Bn91CR=05493D28DDD97308D66DAAC3DD66EAC2
In this case, the session id (8O8488WlWWgNzAkGCFYAZyj3Bn91CR) is passed both in cookies and in url (So it is necessary for the forest of safety, suddenly the cook will not be delivered).在这种情况下,会话 id (8O8488WlWWgNzAkGCFYAZyj3Bn91CR) 在 cookie 和 url 中都被传递(所以为了安全森林是必要的,突然厨师不会被传递)。 For some reason, a new session is being created.出于某种原因,正在创建一个新会话。 Why is this happening?为什么会这样? what is wrong doing?做错了什么? can url not that ...可以网址不是...
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
version="3.1">
<session-config>
<cookie-config>
<name>8O8488WlWWgNzAkGCFYAZyj3Bn91CR</name>
<http-only>true</http-only>
</cookie-config>
<tracking-mode>URL</tracking-mode>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
</web-app>
2 个解决方案
解决方案1
0 2018-02-12 08:52:56
If there is always a new session is created for each request then, that means the client has cookies disabled and the URL-rewriting is not working properly.如果总是为每个请求创建一个新会话,则意味着客户端禁用了 cookie,并且 URL 重写无法正常工作。 If you do encode your URLs, the Container will first attempt to use cookies for session management, and fall back to URL rewriting only if the cookie approach fails.如果您对 URL 进行编码,容器将首先尝试使用 cookie 进行会话管理,只有在 cookie 方法失败时才回退到 URL 重写。
Try this way :试试这个方法:
HttpSession session = request.getSession(false);//Passing “false” means the method returns a pre-existing session, or null if there was no session associated with this client. HttpSession session = request.getSession(false);//传递“false”表示该方法返回一个预先存在的会话,如果没有与此客户端关联的会话,则返回null。
and for URL Rewriting, use response.encodeURL()对于 URL 重写,请使用 response.encodeURL()
解决方案2
0 2018-02-12 12:44:47
Ok, as example and proof of concept i created worked sample好的,作为示例和概念证明,我创建了工作示例
web.xml网页.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
version="3.1">
<session-config>
<cookie-config>
<name>8O8488WlWWgNzAkGCFYAZyj3Bn91CR</name>
<http-only>true</http-only>
</cookie-config>
<tracking-mode>URL</tracking-mode>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
<servlet>
<servlet-name>Test</servlet-name>
<servlet-class>org.company.TestServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Test</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
</web-app>
servlet小服务程序
package org.company;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
public class TestServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
HttpSession session = req.getSession(true);
resp.getWriter().printf(session.getId()+ " isNew:" + session.isNew());
}
}
build script:构建脚本:
group 'org.company'
version '1.0-SNAPSHOT'
apply plugin: 'java'
apply plugin: 'war'
sourceCompatibility = 1.8
war{
archiveName = 'ROOT.war'
}
repositories {
mavenCentral()
}
dependencies {
providedCompile group: 'javax.servlet', name: 'javax.servlet-api', version:'3.1.0'
}
After deploy war in tomcat:在tomcat中部署war后:
request page without cookie没有cookie的请求页面
GET http://localhost:8080/
Host: localhost:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
response:回复:
Content-Length: 48
Date: Mon, 12 Feb 2018 12:32:08 GMT
Set-Cookie: 8O8488WlWWgNzAkGCFYAZyj3Bn91CR=AD5F8B47BB0CEC1A08D8887FB82384BD.tc00;path=/;HttpOnly
page show AD5F8B47BB0CEC1A08D8887FB82384BD.tc00 isNew:true页面显示 AD5F8B47BB0CEC1A08D8887FB82384BD.tc00 isNew:true
if you open new browser ( or go to incognito mode ) and request page with cookie:如果您打开新浏览器(或进入隐身模式)并使用 cookie 请求页面:
GET http://localhost:8080/;8O8488WlWWgNzAkGCFYAZyj3Bn91CR=AD5F8B47BB0CEC1A08D8887FB82384BD.tc00
you will get in return你会得到回报
AD5F8B47BB0CEC1A08D8887FB82384BD.tc00 isNew:false
headers标题
Content-Length: 49
Date: Mon, 12 Feb 2018 12:37:38 GMT
but if you change that value, for example但是如果你改变那个值,例如
GET http://localhost:8080/;8O8488WlWWgNzAkGCFYAZyj3Bn91CR=AD5F8B47BB0CEC1A08D8887FB82384BD.tc01
than you will get new session 2061CBA151CE2148687B2BF48807253F.tc00 isNew:true and server will return set-cookie header比您将获得新会话 2061CBA151CE2148687B2BF48807253F.tc00 isNew:true 并且服务器将返回 set-cookie 标头
Content-Length: 48
Date: Mon, 12 Feb 2018 12:38:42 GMT
Set-Cookie: 8O8488WlWWgNzAkGCFYAZyj3Bn91CR=2061CBA151CE2148687B2BF48807253F.tc00;path=/;HttpOnly
Everything is work as expected, so problem related to different part of your programm.一切都按预期工作,因此问题与程序的不同部分有关。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.