是否有关于servlet的会话完整性的正式定义？ [英] Is there a formal definition of session integrity regarding servlets?

问题描述

此问题与另一个现有的问题有关。 HttpServletRequest的 getSession（boolean）方法提到会话完整性，但它没有定义概念。

我找不到官方定义。有没有？有没有人知道会话进入或退出完整性时正式定义的规则？谢谢。

解决方案

它指的是将服务器会话与客户端（Web浏览器）会话与cookie链接的概念。 / p>

我不确定你对java web应用程序有多熟悉，但Servlet容器可以通过向url添加参数（通常称为jsessionid）或通过发送来跟踪会话给客户的cookie。我认为它会让人感到困惑，因为会话跟踪是会话完整性的同义词。

This question is related to another existing SO question. HttpServletRequest's getSession(boolean) method mentions session integrity, but it does not define the concept.

I could not find an offical definition. Is there any? Does anyone know what rules formally define when a session is in or out of integrity? Thanks.

解决方案

It refers to the concept of linking the server session with the client (web browser) session with a cookie.

I'm not sure how familiar you are with java web apps, but the Servlet containers can track sessions by adding a parameter to the url (usually called jsessionid) or by sending a cookie to the client. I think it gets confusing because session tracking is a synonym of session integrity.

这篇关于是否有关于servlet的会话完整性的正式定义？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！