不同的浏览器是指在同一台机器不同的客户端 [英] Different browser means a different client from the same machine
问题描述
-
如果我打开我的工作在同一个浏览器的一个新的选项卡(或窗口)(说火狐),那么这将被视为服务器相同的客户端。
If I open a new Tab (or Window) of the same browser I am working on (say Firefox), then it would be considered as the same client by the server.
但是,如果我从一个不同的浏览器(IE比方说)打开相同的URL,那么服务器不能标识为同一个客户端。
But, if I open the same URL from a different browser (say IE), then the server cannot identify this as the same client.
那么,如何在服务器识别客户,内部?
So, how does the server identifies a client, internally?
如果我想要一个服务器唯一即使从不同的浏览器标识客户端(而不是把它作为一个新的客户端),我该怎么做它从一个Web服务器(使用servlet)?
If I want a Server to uniquely identify a client even from a different browser (and not consider it as a new client), how do I do it from a Web Server (using Servlets)?
推荐答案
如果我打开我的工作在同一个浏览器的一个新的选项卡(或窗口)(火狐说)
"If I open a new Tab (or Window) of the same browser I am working on (say Firefox)"
您premise是不准确的。
Your premise is not accurate.
如果我使用相同的浏览器(Firefox或Chrome等)不同的配置文件,这将被视为不同的会话。
If I use a different profile of the same browser (FireFox, or Chrome, etc), it would be considered a different session.
这是观念 - 我能有不会让服务器或Web服务看到我的其他个人资料的隐私。作为用户,我永远不会让你的应用程序越过这条线探询我的其他浏览器或型材。此外,FF,铬,Safari浏览器,IE浏览器等不共享相同的存储架构的饼干。
That is the idea - that I can have the privacy of not letting the server or web service see my other profiles. As the user, I will not ever let your app cross that line of inquiring into my other browsers or profiles. Moreover, FF, Chrome, Safari, IE, etc do not share the same storage schema for their cookies.
当然,你可以花大量的时间,试图破解了一个桌面应用程序,将浏览器之间交换饼干 - 但是这将是无用的,因为
Of course, you could spend a lot of time, attempting to hack up a desktop app that would exchange cookies between the browsers - but that would be useless because
- 你怎么解密这些cookie?
- 你是否愿意写相同的应用程序为所有的操作系统
- 那么你打算怎么说服我信任你,让你我的系统上安装此cookie入侵程序?
您最好将时间花在业界所接受和prevalent的做法。
Your time would be better spent on industry accepted and prevalent practices.
然而,如果你的应用有用户登录/验证,那么我想你的应用程序能够识别我和我的历史无论哪个PC,哪个配置文件,或者是世界上我在的一部分。
However, if your application has user login/authentication, then I would want your app to recognise me and my history no matter which PC, which profile, or which part of the world I am in.
所以,回答你的问题是 - 用户身份验证
Therefore, the answer to your question is - user authentication.
您不应处理服务器周围碴识别相同的会话ID,跨越多台PC或浏览器的会话。它得到是结实的,有毛和缺憾。
You should not deal with mucking around the server to recognise the same session id, across multiple PCs or browser "sessions". It gets to be wiry, hairy and kludgy.
不要推倒重来。使用OpenID的或OAuth2用户。
Don't reinvent the wheel. Use OpenID or OAuth2.
OpenID的消费者很容易实现。简单,因为它是,没有关于实施OpenID的文献很多例子。但谷歌已经提出了有益的文学足够量的OAuth的。
OpenID-consumer is very simple to implement. Simple as it is, there is not much literature example on implementing openID. But Google has put up sufficient amount of helpful literature on OAuth.
谷歌联合登录/ OAuth是也相当有趣和容易实现。即使GWT。
Google Federated login/OAuth is also quite fun and easy to implement. Even with GWT.
问题依然存在 - 为什么我想在所有我想要的是要共享多个浏览器会话会话此事与用户认证复杂化。原因是安全性。即使是公司内部的应用程序。你认为你的经理会想知道,任何人在该公司可能会伪装成他们的会话。
The question remains - why do I want to complicate the matter with user authentication when all I want is to share a session across multiple "browser sessions". The reason is security. Even if it is an internal company application. Do you think your managers would want to know that anyone in the company could masquerade their sessions.
这是你有深入到你的项目的时候,你会意识到没有一点尝试从用户认证的路线逃跑。而且没有一点掀起自己的安全会话认证框架。
By the time you got deep into your project, you would realise there is no point trying to escape from the user authentication route. And there is no point whipping up your own secure session authentication framework.
这篇关于不同的浏览器是指在同一台机器不同的客户端的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
