Java中没有Cookie的单点登录 [英] Single Sign On without cookies in Java

问题描述

我继续面对我经理的这个问题，如果客户端禁用cookie，SSO将如何工作，但我没有任何答案.我们目前正在使用JOSSO进行单点登录.我们是否有任何不使用烹饪机制就支持单点登录的开源框架.

I keep on facing this question from my manager how SSO will work if client disable cookies but I don't have any answer. We are currently using JOSSO for single sign on. Do we have any open source framework which support single sign on without using cooking mechanism.

推荐答案

在没有cookie的情况下，您将必须在每个url请求中嵌入一些参数.例如登录后，您可以为用户分配任意ID，并将其嵌入到每个链接中，例如http://mydomain.com/main?sessionid=123422234235235.这可能会变得很混乱，因为每个链接在出门之前都必须修复，这会减慢您的内容的速度.它还具有安全性，日志记录和会话历史记录的含义，当状态为cookie时，这并不是什么大问题.

In the absence of cookies, you're going to have to embed some parameter in each url request. e.g. after logging in you assign some arbitrary id to a user and embed that in every link such as http://mydomain.com/main?sessionid=123422234235235. It could get pretty messy since every link would have to be fixed up before it went out the door which slows down your content. It also has security, logging and session history implications which are not such a huge deal when the state is in a cookie.

如果未启用Cookie，则对登录的用户进行简单的cookie测试，然后将其发送到错误页面可能会更简单.

It may be simpler to do a simple cookie test on logged in users and send them off to an error page if they do not have cookies enabled.

这篇关于Java中没有Cookie的单点登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！