使用 JRE 1.7 的 Windows 中的 URLConnection 客户端不会发回会话 cookie [英] Session cookie not send back by client using URLConnection in windows with JRE 1.7

问题描述

我们有一个使用 Java Web Start 部署的应用程序.它使用 URLConnection 与 servlet 通信并通过 Cookies (JSESSIONID) 管理会话.它适用于 Java 1.5 &1.6.在 windows 中使用 Java 1.7 它不再起作用:cookie JSESSIONID 不会发送回服务器(我使用 apache 轴的 HTTPMonitor 看到了这一点).怎么了?

We have an application that is deploied using Java Web Start. It communicate with a servlet using URLConnection and managing session by Cookies (JSESSIONID). It worked well with Java 1.5 & 1.6. With Java 1.7 in windows It doesn't work anymore: cookie JSESSIONID is not send back to the server (I saw this using apache axis's HTTPMonitor). What's going wrong?

在 Linux 机器上使用 Java Web Start 启动相同的应用程序可以正常工作.

Launching the same application with Java Web Start from a linux box works as expected.

版本是:JRE 1.7.0_04 with Java Web Start 10.4.0.22_04

Version are: JRE 1.7.0_04 with Java Web Start 10.4.0.22_04

推荐答案

我们的应用程序从 Eclipse 启动时运行良好，但在通过 Web Start 运行时无法与经过身份验证的 REST 端点通信，这让我们感到非常沮丧，由于根据问题中描述的问题缺少 JSESSIONID.我们运行的是 Java 1.7.

We were getting incredibly frustrated with the fact that our application worked fine when launched from Eclipse but failed to communicate with our authenticated REST endpoints, when run via Web Start, due to the JSESSIONID going missing as per the problem described in the question. We are running Java 1.7.

经过多次远程调试，我们发现无论是有意还是无意(我只能找到很少的文档，例如这里的单行:http://docs.oracle.com/javase/tutorial/networking/cookies/cookiehandler.html)，Java Web Start 应用程序设置默认值CookieHandler，通常是 com.sun.deploy.net.cookie.DeployCookieSelector 的一个实例，但不管它是什么，这都会弄乱 JSESSIONID cookie 处理.将默认 cookie 处理程序重置为 null java.net.CookieHandler.setDefault(null) 瞧，传出的 HTTP 请求保留了 JSESSIONID cookie！

After much remote debugging, we discovered that whether intentional or not (I can only find little documentation on it, e.g. a one-liner here: http://docs.oracle.com/javase/tutorial/networking/cookies/cookiehandler.html), a Java Web Start application sets a default CookieHandler, usually an instance of com.sun.deploy.net.cookie.DeployCookieSelector, but whatever this is, this messes up the JSESSIONID cookie handling. Reset the default cookie handler to null java.net.CookieHandler.setDefault(null) and voila, the outgoing HTTP requests have the JSESSIONID cookie preserved!

顺便说一句，Windows 和 Linux 都表现出这种行为.

BTW Windows and Linux both exhibited this behaviour.

这篇关于使用 JRE 1.7 的 Windows 中的 URLConnection 客户端不会发回会话 cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！