如何重置JSESSIONID [英] How to reset JSESSIONID
本文介绍了如何重置JSESSIONID的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
当用户进行身份验证时,重置会话cookie被认为是一种很好的安全措施.
It is considered a good security practice to reset the session cookie when a user authenticates.
如何使用Java做到这一点?
How to do this with Java?
到目前为止,我的尝试是成功的,但是我想知道是否有更好的方法:
My attempt so far is successful, but I was wondering if there's a better way:
public static HttpSession resetSessionId(HttpSession session,
HttpServletRequest request) {
session.invalidate();
session = request.getSession(true);
return session;
}
推荐答案
您的答案似乎是最佳的.另一种方法是以这种方式直接操作厨师:
Your answer seems optimal. Another way would be to directly manipulate cookes in this fashion:
Cookie cookie = new Cookie ("JSESSIONID", "randomValue");
cookie.setMaxAge( 0 );
因此您创建了一个具有相同名称的新cookie并立即将其过期,但是我不建议这样做,因为对于熟悉基本Servlet API的任何人来说,您的cookie都更加简洁明了
so you create a new cookie with the same name and immediately expire it, but I don't recommend going this way since yours is much cleaner and pretty obvious to anyone who's familiar with basic Servlet APIs.
这篇关于如何重置JSESSIONID的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文