Tomcat Unique SessionId [英] Tomcat Unique SessionId

问题描述

有没有办法配置（xml）tomcat（6.x）来生成唯一的SessionId。
（不扩展ManagerBase / StandardManager）。

Is there any way to configure(xml) tomcat (6.x) to generate unique SessionId. (Without extending ManagerBase/StandardManager).

推荐答案

我正在捕获db表中的用户登录详细信息，其中Session Id位于具有唯一约束的列中，并且我获得唯一约束异常

您不应将Tomcat生成的会话ID存储为DB中的唯一约束。这毫无意义。 Tomcat的会话ID仅在所有现有活动会话中是唯一的。 Servlet规范不禁止在某个时间点，几个月或几年后为新会话重用过期会话的ID。使用固定长度的32-char十六进制字符串作为会话ID，所有可能的ID都不是无限制。您无法阻止它在某个时刻被重用于其他客户端。

You should not store the Tomcat-generated session ID as an unique constraint in the DB. This makes no sense. Tomcat's session ID is only unique within all existing active sessions. The Servlet spec does not forbid to reuse the ID of an expired session for a new session at some point, months or years later. With a fixed length 32-char hexadecimal string as session ID, all possible IDs are not "unlimited". You can't prevent it from being reused for a different client at some point.

我不明白为什么要在数据库中存储Tomcat生成的会话ID终身长。您应该在数据库过期时将其从数据库中删除。或者你应该以不同的方式解决问题。由于你没有说明这个解决方案背后的功能要求，我无法给出更合适的答案。这里有一些提示：

I do not understand why you would ever store a Tomcat-generated session ID in the DB lifetime long. You should remove it from the DB whenever it has expired. Or you should solve your problem differently. As you didn't state anything about the functional requirement behind this "solution", I cannot give a more suited answer. Here are however some hints:

• 反之亦然：在DB中插入或选择必要的数据，得到DB生成的ID并将其存储为 HttpSession 的属性。例如登录的用户ID，或者只是整个用户对象。

• Do it the other way round: insert or select the necessary data in/from DB, get the DB-generated ID and store it as an attribute of the HttpSession. For example the logged-in user ID, or just the whole User object.

或者，如果它需要扩展会话的默认生命周期，例如记住我选项，然后你应该自己生成一个UUID（并测试它是否在DB中不存在）并在另一个cookie中使用它。

Or, if it needs to expand the default lifetime of a session, e.g. "Remember me" option, then you should generate an UUID yourself (and test if it doesn't exist in DB yet) and use it in a separate cookie instead.

这篇关于Tomcat Unique SessionId的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！