Spring Security - 如何在同一浏览器的多个选项卡之间禁用相同的会话共享? [英] Spring Security - How to disable same session sharing across multiple tabs of same browser?

问题描述

正如我们所知，Spring Security 在基于 cookie 的会话管理解决方案中提供 JSESSIONID，它允许跨同一浏览器的多个选项卡共享相同的 JSESSIONID 信息.

As we know Spring Security is providing JSESSIONID in cookie, based session management solution,it is allowing sharing same JSESSIONID information across multiple tabs of same browser.

根据 OWASP 指南，它不应共享.

As per OWASP guideline, It should not share.

有什么办法可以在 spring security 中禁用这种共享吗?

Is there any way to disable this sharing in spring security?

推荐答案

我的第一个想法是阻止浏览器这样做是不可能的."

My first idea was "It is not really possible to prevent the browser from doing so."

但后来我发现了这个

您可以使用 HTML5 SessionStorage (window.sessionStorage).您将生成一个随机 ID 并保存在每个浏览器选项卡的会话存储中.然后每个浏览器选项卡都有自己的 ID.https://stackoverflow.com/a/11783754/280244

You can use HTML5 SessionStorage (window.sessionStorage). You will generate a random id and save in session Storage per Browser Tab. Then each browser tab has his own Id. https://stackoverflow.com/a/11783754/280244

我希望这可以帮助您找到解决方案.

I hope this helps you to find a solution.

这篇关于Spring Security - 如何在同一浏览器的多个选项卡之间禁用相同的会话共享?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！