Tomcat如何维护会话完整性? [英] How does Tomcat maintain session integrity?

问题描述

HttpServletRequest的 getSession(boolean)方法提及会话完整性. Tomcat如何维护会话完整性?它使用什么规则?什么方法到底是怎么回事?

HttpServletRequest's getSession(boolean) method mentions session integrity. How does Tomcat maintains session integrity? What rules does it use? What method? What is happening under the hood precisely?

编辑

如何以及何时创建特定的会话ID?例如，Tomcat是否依赖IP地址和端口?

How and when is a specific session ID is created? Does Tomcat rely on IP address and port for example?

推荐答案

在Tomcat中，

In Tomcat the ManagerBase.generateSessionId() method is responsible for session id generation. It looks for me that session ids are generated based on random numbers. You can store the client's IP address in the session and check it in your webapp but as far as I know Tomcat does not do that.

关于会话完整性:您能定义一下吗? Java Servlet规范中有关于此的段落，版本3.0 ，但不是太多:

About session integrity: could you define it, please? There is a paragraph about it in the Java Servlet Specification, Version 3.0 but it isn't too much:

7.1.4会话完整性

7.1.4 Session Integrity

Web容器必须能够支持HTTP会话，而 为来自不支持使用Cookie的客户端的HTTP请求提供服务.到 满足此要求的Web容器通常支持URL重写 机制.

Web containers must be able to support the HTTP session while servicing HTTP requests from clients that do not support the use of cookies. To fulfill this requirement, Web containers commonly support the URL rewriting mechanism.

这篇关于Tomcat如何维护会话完整性?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！