在标签之间共享会话 [英] Session shared in between tabs

问题描述

我有JAVA Web应用程序，我需要停止在浏览器选项卡之间共享会话，这意味着

I have JAVA web application where I need to stop session being shared between browser tabs, meaning

用户打开浏览器，登录到他的帐户并打开特定页面在同一浏览器的新选项卡中。根据默认设置，会话将共享到新选项卡，用户将自动登录到新选项卡。任何人都可以告诉我这是如何停止的，所以我至少可以在几个敏感页面中限制它，如果不是整个应用程序。

User opens a browser, Logs into his account and opens a particular page in a new tab in the same browser. As per the default setting the session is shared to the new tab and the user is automatically logged-in to the new tab. Can anyone tell how this can be stopped so I can at least restrict this in few sensitive pages if not the entire application.

推荐答案

通常cookie用于会话处理。然后所有选项卡和浏览器窗口共享同一会话。但是您可以将servlet容器配置为使用URL重写而不是cookie。 （这是一个 Jetty示例。）

Usually cookies are used for session handling. Then all tabs and browser windows share the same session. But you can configure your servlet container to use URL rewrite instead of cookies. (Here is an example for Jetty.)

使用URL重写时，会话仅通过包含会话ID的URL参数进行标识。因此，必须使用以下方法使用此参数增强Web应用程序的每个内部URL HttpServletResponse.encodeURL（） 。如果您正在使用像Wicket这样的Web框架，很可能已经为您完成了这项工作。

With URL rewrite the session is only identified via a URL parameter containing the session ID. So every internal URL of your web application has to be enhanced with this parameter using the method HttpServletResponse.encodeURL(). If you are using a web framework like Wicket, chances are good that this is already done for you.

通过URL重写，可以在不同的窗口中创建多个独立会话或者相同浏览器实例的标签。

With URL rewrite it is possible to have several indepedent sessions in different windows or tabs of the same browser instance.

更新：
为了回应downvote，我想弄清楚不同的行为网址重写：

Update: In response to the downvote I want to make clear the different behaviour of URL rewriting:

我们假设网站的网址为 http://webapp.com 。

Let's assume the website's URL is http://webapp.com.

Cookie：
打开 http://webapp.com 在第一个浏览器选项卡中。

Cookies: Open http://webapp.com in the first browser tab.

服务器创建会话并在响应中发送cookie。

The server creates a session and sends a cookie in the response.

浏览器存储cookie。

The Browser stores the cookie.

然后打开 http://webapp.com 在第二个浏览器选项卡中。浏览器将此URL与最近存储的cookie相关联，并将cookie添加到请求中。

Then open http://webapp.com in the second browser tab. The browser associates this URL with the recently stored cookie and adds the cookie to the request.

对于服务器，来自第一个或第二个浏览器选项卡的请求与来自同一会话的响应之间没有区别。有时这是理想的行为。

For the server there is no difference between requests from the first or second browser tab and responds from the same session. Sometimes this is the desired behaviour.

网址重写：
打开第一个浏览器选项卡中的http://webapp.com 。

服务器创建一个ID为1的会话，并将参数jsessionid = 1添加到每个响应页面中的URL。没有cookie被转移。

The server creates a session with ID 1 and adds the parameter jsessionid=1 to every URL in the response page. No cookie is transferred.

从第一个浏览器选项卡到同一个webapp的另一个页面的所有进一步请求包括会话ID（例如1）。

All further requests to another page of the same webapp from the first browser tab include the session ID (for exeample 1).

然后从第二个浏览器标签打开 http://webapp.com 。 这是区别！因为请求中没有cookie且没有jsessionid参数，服务器会创建一个新会话（即ID 2）并将参数jsessionid = 2添加到响应页面中包含的每个URL 。从现在开始，来自第二个浏览器选项卡的所有后续请求都与会话2相关联。

Then open http://webapp.com from the second browser tab. Here is the difference! Because there is no cookie and no jsessionid parameter in the request, the server creates a new session (i.e. ID 2) and adds parameter jsessionid=2 to every URL contained in the response page. From now on all subsequent requests from the second browser tab are associated with session 2.

因此，您在同一浏览器中有两个独立会话。

So you have two independend sessions in the same browser.

这篇关于在标签之间共享会话的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！