I should assign unique JSESSIONID
after authentication. The JSESSIONID
before authentication and after authentication should always be different.
So, how can I do this using Struts 2?
Unique session id you can get if you get HttpSession
object. In Struts2
HttpSession session = ServletActionContext.getRequest().getSession();
System.out.println("Old session ID: "+session.getId());
//do authentication
session = ServletActionContext.getRequest().getSession(true);
System.out.println("New session ID: "+session.getId());
You should refer to following
http://nickcoblentz.blogspot.in/2008/09/jsessionid-regeneration-in-struts-2.html
Your class must implement SessionAware for this. There are 4 methods suggested for it .
One of them could be
((SessionMap)this.session).invalidate();
this.session = ActionContext.getContext().getSession();
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.