IE会随着时间的推移始终发送相同的jsessionid(使用Java Wicket) [英] IE always sending the same jsessionid over time (using Java Wicket)
问题描述
我有一个在本地环境中托管的应用程序,并且遇到了一个非常奇怪的问题,该问题仅在IE中出现.我测试过的其他浏览器(Chrome和Firefox)似乎都无法重现该问题.
I have an application that I'm hosting on a local environment and am experiencing a very strange problem that occurs only in IE. The other browsers I've tested with (Chrome and Firefox) don't seem to reproduce the problem.
我正在使用Wicket 1.5.0快照.
I'm using Wicket 1.5.0 snapshot.
在应用程序中,我有一个分派页面,该页面可以验证初始请求并在验证时采取进一步的措施.在其中:
In the application I've got a dispatch page that validates initial requests and take further action upon validation. In it I've got:
setResponsePage(Canvas.class, pageParams);
MyCustomSession.get().bind();
在Canvas页面上,调用MyCustomSession.get()时,它会为每个请求返回一个全新的会话,这会导致问题,因为我之前放入该会话中的所有数据均已消失.
and in Canvas page upon calling MyCustomSession.get() it returns a brand new session for each and every request, which causes problems because all the data I've previously put in the session is gone.
然后我找到了问题所在,无论如何,IE总是在请求标头中始终发送相同的jsessionid-8302844E8BB8FD6D1A617C0E6A2C58C3.
Then I traced down the problem and to me it looks like IE always sends the very same jsessionid in request header, no matter what - 8302844E8BB8FD6D1A617C0E6A2C58C3.
在setResponsePage(Canvas.class,pageParams)的响应头中,状态代码为302,我看到了以下响应头:
In the response headers for setResponsePage(Canvas.class, pageParams), with status code of 302 I saw the response headers as follows:
Set-Cookie JSESSIONID=91474844FC17D16B960A0760BA9DC129; Path=/apppath
不管来自IE的所有下一个请求都具有该标头字段(与以前相同的会话ID):
Regardless of that all next requests from IE have that header field (the same session id as before):
Cookie JSESSIONID=8302844E8BB8FD6D1A617C0E6A2C58C3
请协助我解决此问题,因为这确实使我感到困扰.谢谢!
Please assist me to resolve this because it really bothers me. Thanks!
推荐答案
实际上,问题在于根本没有发送cookie.我进一步检查了一下,结果发现这是第三方内容交流的问题(正如IE术语所定义的那样).
Actually the problem was that cookie was not sent at all. I examined further and it turned out it is a problem of third-party content communication (as IE terminology would define that).
我们的应用程序是FB应用程序,因此包含在iframe中(因为它是由FB嵌入的),并且IE的安全设置拒绝向我们的第三方内容(在这种情况下)发送cookie.经过一番研究,我发现在响应中添加P3P(隐私首选项平台)标头将满足这些政策,并使IE能够在请求标头中发送cookie.
Our application is a FB application and is therefore contained within an iframe (since being embedded by FB) and IE's security settings were refusing to send cookie to our - in this case - third party content. After some research I found out that putting P3P (Platform for Privacy Preferences Project) header in our responses would satisfy these policies and enable IE to send cookie in the request headers.
为此,我在Web项目中创建了一个过滤器,以将该标头放入从我们的应用发送的每个响应中.
For this purpose, I created a filter in our web project to put that header in each response being sent from our app.
这篇关于IE会随着时间的推移始终发送相同的jsessionid(使用Java Wicket)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
