Websocket：在页面重新加载后维护用户会话 [英] Websocket: maintain user session after page reloading

问题描述

我有一个简单的单页应用程序，使用jetty websockets进行服务器和客户端之间的通信。

I've got a simple Single Page Application using jetty websockets for communication between server and client.

问题： 每次重新加载页面时，我的websocket连接被禁用，new被初始化。问题是用户应该重新刷新每次页面刷新。

Problem: Each time I have reload page my websocket connection is disabled and new is initialized. The problem is that user should relogin on each page refresh.

问题： 如何消除是否需要重新登录页面刷新？

已编辑： 面对下一个问题：如何决定何时删除会话？我在服务器端有一个对等对象，除了websocket会话容器之外别无其他。在 onClose 方法上删除Peer，然后在删除客户端websocket上调用该方法。这里的问题来了：当用户按F5 - >客户端websocket被破坏 - >服务器删除相应的websocket - >客户端尝试重新加载页面并检查是否有任何会话和找不到。另一方面，我根本不能停止删除同伴（会话）。

EDITED: Faced the next problem: how to decide when session should be deleted? I've a peer object on the server side which is a nothing else but websocket session container. Peer is deleted on onClose method, which in turn is invoked on droping client side websocket. Here the problem comes: when user press F5 -> client side websocket is broken -> server delete appropriate websocket -> client side try to reload a page and check if there is any session AND FIND NOTHING. On the other hand I can't cease removing y peers (sessions) at all.

问题：如何判断服务器何时删除我的同行？

Question: How can I tell server when to remove my peers?

推荐答案

为了消除在每次建立新连接时验证WebSocket连接的需要，您可以使用cookie。

To eliminate the need to authenticate a WebSocket connection upon each new connection establishment you can use cookies.

首次验证WebSocket连接，在WebSocket连接上设置cookie ，并在新连接时重新检查cookie。

Authenticate the WebSocket connection upon first time, set cookie on the WebSocket connection, and recheck the cookie upon a new connection.

这需要一个允许在WebSocket连接上读取和设置cookie的WebSocket服务器。

This requires a WebSocket server that allows to read and set cookies on a WebSocket connection.

如果WebSocket连接是从同一个源提供的作为包含打开WebSocket连接的JavaScript的HTML页面，您还可以使用普通基于HTML表单的登录加cookie过程：

If the WebSocket connection is served from the same origin as the HTML page containing the JavaScript that opens the WebSocket connection, you could also use a "normal" HTML form based login plus cookie procedure:

1. 用户打开login.html，其中包含用于登录的HTML表单


2. 用户输入用户名/密码，提交HTML通过HTTP / POST形成某个URL


3. 服务器检查凭据，成功时生成随机cookie，存储cookie，并在HTTP返回的HTML页面上设置cookie / POST


4. 后一个返回的页面然后打开一个到服务器的WebSocket连接（它在同一个源上，因此设置了之前设置的cookie）


5. 打开握手中的WebSocket服务器检查是否存在cookie，以及cookie是否存储在登录用户的数据库中


6. 如果是，则WebSocket连接成功。如果没有，WebSocket服务器不会建立连接，但会将用户重定向到1.

1. User opens "login.html", which contains a HTML form for login
2. User enters username/password, which submits the HTML form via HTTP/POST to some URL
3. The server checks the credentials, and when successful, generates a random cookie, stores the cookie, and sets the cookie on the HTML page returned from the HTTP/POST
4. This latter returned page then opens a WebSocket connection to the server (which is on same origin, and hence the previously set cookie is set)
5. The WebSocket server in the opening handshake checks if there is a cookie, and if the cookie is stored in the DB for logged-in users
6. If so, the WebSocket connection succeeds. If not, the WebSocket server does not establish a connection, but redirects the user to 1.

这篇关于Websocket：在页面重新加载后维护用户会话的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！