如何避免在第一次调用页面时出现; jsessionid = XXX?如果第一页是jsp，它就可以工作 [英] How to avoid ;jsessionid=XXX on the first call to a page? it works if first page is jsp

问题描述

我有一个应用程序，它使用带有<iframe></iframe>的welcome-page index.jsp，iframe的内容是一个jsf页面.如果我访问index.jsp，我会在萤火虫的第一个获取中看到一个cookie:

I have an application which uses the welcome-page index.jsp with an <iframe></iframe> the contents of the iframe is a jsf page. If I access index.jsp I see a cookie already on the first get in firebug:

Set-Cookie  JSESSIONID=C615DA89B6EF73F801973EA3DCD3B226; Path=/

<iframe>的页面继承了此jsessionid.但是:当我直接访问<iframe/>的页面时，我会在第一次请求时将jsessionId重写为所有没有cookie的URL.之后，使用cookie.一切都很好-如果: 该安全系统将允许我执行url重写.

The page of the <iframe> inherits this jsessionid. BUT: when I directly access the page of the <iframe/> I get the jsessionId rewritten to all URLs without a cookie - on the first request. Afterwards the cookie is used. This is all fine - if: The security system would allow me to perform url rewrites.

我运行jboss 4.2.2

I run jboss 4.2.2

我想实现与index.jsp相同的行为-例如始终使用cookie并始终避免http重写.

I want to achieve the same behaviour as I have with the index.jsp - e.g. always use cookies and always avoid http rewrite.

感谢balusc的回答，我这样写:

public class JsessionIdAvoiderFilter implements Filter {

            public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException,
                    ServletException {
                boolean allowFilterChain = redirectToAvoidJsessionId((HttpServletRequest) req, (HttpServletResponse)res);

                         //I'm doing this because if I execute the request completely, it will perform a pretty heavy lookup operation. No need to do it twice.
                if(allowFilterChain)
                    chain.doFilter(req, res);
            }


            public static boolean redirectToAvoidJsessionId(HttpServletRequest req, HttpServletResponse res) {
                HttpSession s = req.getSession();
                if(s.isNew()) {

 //after the redirect we don't want to redirect again.
if(!(req.isRequestedSessionIdFromCookie()&&req.isRequestedSessionIdFromURL()))
                    {
                                //yeah we have request parameters actually on that request.         
                        String qs = req.getQueryString();

                        String requestURI = req.getRequestURI();
                        try {
                            res.sendRedirect(requestURI+"?"+qs);
                            return false;
                        } catch (IOException e) {
                            logger.error("Error sending redirect. " + e.getMessage());
                        }
                    }
                }
                return true;
            }
}

别忘了将其添加到您的web.xml

Don't forget to add it to your web.xml

    <filter> 
    <display-name>JsessionId Filter</display-name> 
    <filter-name>jsessionIdAvoiderFilter</filter-name> 
    <filter-class>my.namespace.JsessionIdAvoiderFilter</filter-class> 
</filter> 
<filter-mapping> 
    <filter-name>jsessionIdAvoiderFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
<filter> 

推荐答案

从Servlet 3.0开始，您可以使用<tracking-mode>COOKIE</tracking-mode>来实现.但是由于JBoss 4.2.2不是Servlet 3.0编译器，因此这不是一个选择.

Since Servlet 3.0 you could use <tracking-mode>COOKIE</tracking-mode> for this. But as JBoss 4.2.2 isn't Servlet 3.0 compilant, this isn't an option.

最简单的方法是创建一个Servlet过滤器，该过滤器将重定向发送到 HttpServletRequest#isRequestedSessionIdFromCookie() 可以防止客户端完全不支持Cookie时发生无限重定向循环.

Easiest would be to create a servlet filter which sends a redirect to HttpServletRequest#getRequestURI() when HttpSession#isNew() returns true. Don't forget to check the HttpServletRequest#isRequestedSessionIdFromCookie() to prevent an infinite redirect loop when the client doesn't support cookies at all.

这篇关于如何避免在第一次调用页面时出现; jsessionid = XXX?如果第一页是jsp，它就可以工作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！