TCP断开连接时的HTTP会话持久性 [英] Http session persistence on tcp disconnect

问题描述

关于HTTP会话:它可以通过cookie或URL重写来实现.

Concerning an HTTP session: It is either implemented via cookies or URL rewriting.

由于HTTP 1.1使用持久连接，因此我假定TCP连接断开时会话无效.还是不?
我对此感到困惑，因为否则使用Cookie和URL重写的行为将是不一样的，对吗?我的意思是浏览器没有将URL重写的值部分存储到磁盘上，对吗?

Since the HTTP 1.1 uses persistent connections, I assume that a session is invalidated when a TCP connection disconnects. Or not?
I am confused on this since otherwise the behavior using cookies vs URL-rewriting would not be the same,right?I mean the browser does not store the values part of the URL-rewriting to disk, correct?

如果不是这样，当tcp连接重置时，如何在服务器上以编程方式使它无效? Tomcat中的侦听器?

Additionally if it is not, how could we programmatically invalidate it on the server when a tcp connection resets?Is there such e.g. listener in Tomcat?

推荐答案

由于HTTP 1.1使用持久连接，因此我假定TCP连接断开时会话无效.还是不?

Since the HTTP 1.1 uses persistent connections, I assume that a session is invalidated when a TCP connection disconnects. Or not?

这是错误的.

在Java中，通常通过cookie(tomcat，jetty等)实现会话.在第一个响应上从服务器设置了一个名为JSESSIONID = 1234567的cookie(该数字是随机生成的，用于标识会话)，然后将其存储在浏览器中，并为每个后续连接发送回服务器. 该cookie通常具有30分钟的默认生存期，并且在tcp连接中断时仍然有效.这样，服务器就可以通过不同的连接识别用户.

In Java the session is implemented via cookie, usually (tomcat, jetty,etc). A cookie called JSESSIONID=1234567 (the number is randomly generated and identifies the session) is set from the server on the first response, then it gets stored in the browser and is sent back to the server for every subsequent connection. This cookie usually has default lifetime of 30 minutes, and survives when the tcp connection is interrupted. This allows the server to recognize the user across different connections.

URL重写意味着每个URL都包含JSESSIONID作为URL的一部分，在服务器端没有任何变化，只是从URL而非从cookie中读取JSESSIONID值.

URL rewriting means that every URL contains the JSESSIONID as part of the URL, on the server side nothing changes, except that the JSESSIONID value is read from the URL instead than from the cookie.

如果在关闭tcp连接后cookie丢失了，那就完全没用了.想象一下基于持久性tcp连接的聊天系统:如果您可以从绑定到套接字的标识符中简单地识别连接，就需要一个cookie吗?否.Cookie非常有用，因为您需要跨多个连接跟踪用户.

If the cookie was lost after the tcp connection was closed, it was completely useless. Imagine a chat system based on a persistent tcp connection: do you need a cookie if you can simply identify the connection from an identifier binded to the socket? No... The cookie is useful exactly because you need to track the user across several connections.

由于HTTP 1.1使用持久连接，所以

Since the HTTP 1.1 uses persistent connections,

它们是持久性的，这意味着在第一个请求(html页面)之后，可以重新使用同一连接来发送其他资源(图像，css，javascript等).并且浏览器将连接保持打开状态一段时间，以避免在用户单击另一个链接时重新创建新的连接.这只是一种优化，并不意味着当您在浏览器中打开一个URL时，该连接在您位于同一网站上的所有时间都保持活动状态.

They are persistent, in the meaning that after a first request (the html page), the same connection can be reused to send also other resources (images, css, javascript, etc). And the browser keeps the connection open for sometime after, to avoid recreating a new connection in case the user clicks to another link. It's just an optimization, it doesn't mean that when you open a URL in your browser, the connection keeps alive for all the time you lay on the same website.

如果不是这样，当tcp连接重置时，如何在服务器上以编程方式使它无效? Tomcat中的侦听器?

Additionally if it is not, how could we programmatically invalidate it on the server when a tcp connection resets?Is there such e.g. listener in Tomcat?

在服务器上，您始终可以使调用session.invalidate()的会话无效. 如果您想在每次发出请求时都使会话无效，那么您根本就不需要会话.

On the server, you can always invalidate the session calling session.invalidate(). If you want to invalidate the session every time a request is made, then you simply don't need a session.

也可以通过javascript在客户端使Cookie无效.

Cookie can also be invalidated on the client side via javascript.

对此我感到困惑，因为否则使用Cookie和URL重写的行为将是不一样的，对吗?我的意思是浏览器没有将URL重写的值部分存储到磁盘上，对吗?

I am confused on this since otherwise the behavior using cookies vs URL-rewriting would not be the same,right?I mean the browser does not store the values part of the URL-rewriting to disk, correct?

URL重写在禁用cookie的情况下起作用.基本上，每次您单击链接时，JSESSIONID =都会附加到URL，因此服务器将识别用户，并且所有后续链接将在具有相同JSESSIONID的服务器上继续生成.这样，每个POST或GET请求都将包含用户(会话)的标识.

URL rewriting works where cookies are disabled. Basically, every time you click on a link, the JSESSIONID= is appended to the url, so the server will identify the user, and all the subsequent links will continue to be generated on the server having the same JSESSIONID. In this way, every POST or GET request will contain the identification of the user (the session).

Cookie以相同的方式工作，只是它没有被硬编码在URL上，而是作为标头信息嵌入到HTTP请求中，并且由浏览器自动完成(除非已被禁用).

The cookie works in the same way, only that instead of being hardcoded on the URL, it gets embedded in the HTTP request as header information, and this is done by automatically by the browser (unless it has been disabled).

这并不意味着它已保存在磁盘中(出于什么目的?)，它只是将其保存在内存中，用于会话cookie(当您关闭浏览器时或30分钟后会过期).

It doesn't mean that it gets saved in the disk (for what purpose?), it just keeps it in memory, for session cookies (that expire when you close the browser or after 30 minutes).

您可以为Cookie设置更长的使用寿命；在这种情况下，浏览器会将cookie存储更长的时间.但是通常这些不是会话cookie"，而是用于标识特定用户的cookie(例如UUID).然后，当同一用户重新连接时，您可以从UUID cookie创建新的会话cookie.

You can set a longer life time for a cookie; in that case, the browser stores the cookie for a longer time. But usually those are not "session cookie", but are cookie used to identify a specific user (like a UUID). From the UUID cookie then you can create a new session cookie when the same user reconnects.

会话，用于跟踪会话.用户关闭浏览器，对话结束.如果存在像UUID这样的持久性cookie，则可以使用该cookie创建新的会话，并将新的会话绑定到您之前遇到的同一用户.

The session, is used to keep track of a CONVERSATION. The user closes the browser, the conversation ends. If there is a persistent cookie like a UUID, then you can use that cookie to create a new conversation and bind the new session to the same user you met before.

这篇关于TCP断开连接时的HTTP会话持久性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！