Java servlet session id 在每次请求时更改
[英]Java servlet session id changes on every request
问题描述
I have a web application where the front end is developed via vue-cli and running on localhost:8081 and the back-end is a separated project using tomcat and is running on localhost:8080
我有一个 web 应用程序,其中前端是通过 vue-cli 开发并在 localhost:8081 上运行,后端是使用 tomcat 的单独项目并在 localhost:8080 上运行
the back-end has a controller servlet which, based on an action, the controller delegate the work to another servlet.后端有一个 controller servlet,基于一个动作,controller 将工作委托给另一个 servlet。 when the login page submits the login info to the controller, the controller creates the HttpSession, call the LoginServlet which validate the credentials then send the response to the controller which will respond to the login page.当登录页面将登录信息提交到 controller 时,controller 创建 HttpSession,调用验证凭据的 LoginServlet,然后将响应发送到 Z594C103F2C6E04C3D18AB059F031 响应登录页面。 Until now if we check the HttpSession on the ControllerServlet and on the LoginServlet they match perfectly.到目前为止,如果我们检查 ControllerServlet 和 LoginServlet 上的 HttpSession,它们完全匹配。
Now that the login has been successfully vue-router push us the admin component on the url: localhost:8081/admin, at this point we have two get request, both to the ControllerServlet which will delegate the work to another servlet.现在登录已经成功,vue-router 向我们推送 url 上的 admin 组件:localhost:8081/admin,此时我们有两个 get 请求,都发给 ControllerServlet,后者会将工作委托给另一个 servlet。 If we check the session on the controller and this third servlet, they match.如果我们检查 controller 和第三个 servlet 上的 session,它们匹配。 BUT if we check the HttpSession from these 3 requests, they all differ from eachother the servlet creates a new one for each of them.但是,如果我们从这 3 个请求中检查 HttpSession,它们都彼此不同,servlet 会为它们中的每一个创建一个新请求。 How can I make this HttpSession persistent?如何使这个 HttpSession 持久化? Is the problem due to the fact that vue is running on 8081 and the back-end is on 8080?问题是因为vue在8081上运行而后端在8080上吗?
1 个解决方案
解决方案1
0 已采纳 2020-08-22 20:31:18
Until now if we check the HttpSession on the ControllerServlet and on the LoginServlet they match perfectly.
Of course, they will match because the session for both ControllerServlet and LoginServlet has been created by the same server (which is running at the port, 8080).当然,它们会匹配,因为ControllerServlet和LoginServlet的 session 是由同一服务器(在端口 8080 上运行)创建的。
The session created by the server running at the port, 8080 has no relation with the server running at the port, 8081 and therefore expecting them to match is wrong.由运行在端口 8080 的服务器创建的 session 与运行在端口 8081 的服务器没有关系,因此期望它们匹配是错误的。 In the rarest of rare occasions, if they match, it can be just a coincidence.在最罕见的情况下,如果它们匹配,那可能只是巧合。
The only way the server running at the port, 8081 can get the session created by the server running at the port, 8080 is through persisting and querying the session ie you will have to persist the session created by the server running at the port, 8080 to a data-store (DB, NFS etc.) from where the server running at the port, 8081 will have to query and get it. The only way the server running at the port, 8081 can get the session created by the server running at the port, 8080 is through persisting and querying the session ie you will have to persist the session created by the server running at the port, 8080到在端口上运行的服务器的数据存储(DB、NFS 等),8081 必须查询并获取它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.