简体繁体 English

Java Servlet / JSP Cookie断开连接

[英]Java Servlet/JSP Cookie Disconnect

原文 2009-07-16 18:34:00 5 3 java/ jsp/ cookies

I'm having a strange issue with cookie visibility between an authentication servlet and our actual jsp. 我在身份验证Servlet和实际的jsp之间的cookie可见性遇到一个奇怪的问题。 We're using a servlet to authenticate that the user is a valid user, and if they are, we go ahead and add a cookie to the HttpServletResponse with their referer url (this is so that integrations can be redirected to their own login page on logout). 我们正在使用servlet来验证用户是有效用户，如果是，我们继续使用其引用URL向cookie添加到HttpServletResponse（这样可以将集成重定向到他们自己的登录页面）登出）。 Logout operations go through the same servlet, and the cookie is retrieved, and the user directed back to the stored cookie url. 注销操作将通过相同的servlet，并且将检索cookie，并将用户定向回存储的cookie url。 This all works. 所有这一切。

However, within my site, if I print out the cookies pulled through the pageContext.getRequest().getCookies() [Or through firebug's console] I do not find the cookie I stored at all. 但是，在我的站点内，如果我打印出通过pageContext.getRequest（）。getCookies（）[或通过Firebug的控制台]拉出的cookie，则根本找不到我存储的cookie。 There's literally no trace of it. 实际上没有任何痕迹。 Yet, when you click the logout link, and are directed back to the authentication servlet, the cookie is found, and the redirect followed accordingly. 但是，当您单击注销链接，并直接返回到身份验证servlet时，就找到了cookie，并据此进行了重定向。

The thing is, I need to handle timeout operations in the same ways as logouts, but the timeout check is external to the servlet, in a jsp tag. 关键是，我需要以与注销相同的方式处理超时操作，但是超时检查在servlet外部，在jsp标记中。 Since the timeout can't find the cookie, it's just using the standard timout page, which the integrating customer wouldn't want to see. 由于超时无法找到Cookie，因此它只是使用标准的timout页面，集成客户不希望看到该页面。

Any ideas what's going on here? 有什么想法吗？

[ANSWER] It turned out to be a path issue. [答案]原来是路径问题。 I know I didn't paste any code, but I was creating the cookie without setting a path, so the cookie was only visible within the servlet directory. 我知道我没有粘贴任何代码，但是我在创建cookie时没有设置路径，因此cookie仅在servlet目录中可见。 Once I set a path of "/" the cookie was visible throughout the site. 一旦我将路径设置为“ /”，就可以在整个站点中看到Cookie。

3 个解决方案

When you say "within my site", does that mean that your site is deployed on a different (sub) domain? 当您说“在我的站点内”时，是否表示您的站点已部署在其他（子）域上？ Cookies by default are only visible to host they were set from, meaning cookie that was set from "www.example.com" will not be visible to "other.example.com". 默认情况下，Cookie仅对设置它们的主机可见，这意味着从“ www.example.com”设置的cookie对“ other.example.com”将不可见。 You can get around that by explicitly specifying cookie domain to be common for both (eg "example.com"). 您可以通过明确指定两者都通用的Cookie域来解决该问题（例如“ example.com”）。

How are you doing this redirect? 您如何执行此重定向？

RequestDispatcher 's forward method takes request and response objects, presumably the ones you were already working with. RequestDispatcher的forward方法接受请求和响应对象，大概是您已经在使用的对象。 This means that the request object is the same HttpServletRequest object that you were dealing with in the Servlet. 这意味着该请求对象与您在Servlet中处理的HttpServletRequest对象相同。

Actually, it turned out to be a path issue. 实际上，事实证明这是一个路径问题。 I know I didn't paste any code, but I was creating the cookie without setting a path, so the cookie was only visible within the servlet directory. 我知道我没有粘贴任何代码，但是我在创建cookie时没有设置路径，因此cookie仅在servlet目录中可见。 Once I set a path of "/" the cookie was visible throughout the site. 一旦我将路径设置为“ /”，就可以在整个站点中看到Cookie。