JsessionId - 如何避免; jsessionid = XXX第一次调用页面?它的工作原理如果第一页是jsp [英] JsessionId - how to avoid ;jsessionid=XXX on the first call to a page? it works if first page is jsp
问题描述
我完成了这个...
我有一个应用程序使用
欢迎页面index.jsp与< iframe>< / iframe> iframe的内容是一个jsf页面。如果我访问index.jsp我看到一个cookie已经在第一次获取在firebug:
I have an application which uses
the welcome-page index.jsp with an <iframe></iframe> the contents of the iframe is a jsf page. If I access index.jsp I see a cookie already on the first get in firebug:
Set-Cookie JSESSIONID=C615DA89B6EF73F801973EA3DCD3B226; Path=/
< iframe> inherits这个jsessionid。但是,当我直接访问< iframe /> 的页面时,我得到的jsessionId重写到所有的URL没有cookie - 第一次请求。之后使用cookie。这很好 - 如果:
安全系统将允许我执行url重写。
The page of the <iframe> inherits this jsessionid. BUT: when I directly access the page of the <iframe/> I get the jsessionId rewritten to all URLs without a cookie - on the first request. Afterwards the cookie is used. This is all fine - if:
The security system would allow me to perform url rewrites.
我运行jboss 4.2.2
I run jboss 4.2.2
我想实现与索引相同的行为。 jsp - 例如
I want to achieve the same behaviour as I have with the index.jsp - e.g. always use cookies and always avoid http rewrite.
感谢balusc的回答我这样写:
public class JsessionIdAvoiderFilter implements Filter {
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException,
ServletException {
boolean allowFilterChain = redirectToAvoidJsessionId((HttpServletRequest) req, (HttpServletResponse)res);
//I'm doing this because if I execute the request completely, it will perform a pretty heavy lookup operation. No need to do it twice.
if(allowFilterChain)
chain.doFilter(req, res);
}
public static boolean redirectToAvoidJsessionId(HttpServletRequest req, HttpServletResponse res) {
HttpSession s = req.getSession();
if(s.isNew()) {
//after the redirect we don't want to redirect again.
if(!(req.isRequestedSessionIdFromCookie()&&req.isRequestedSessionIdFromURL()))
{
//yeah we have request parameters actually on that request.
String qs = req.getQueryString();
String requestURI = req.getRequestURI();
try {
res.sendRedirect(requestURI+"?"+qs);
return false;
} catch (IOException e) {
logger.error("Error sending redirect. " + e.getMessage());
}
}
}
return true;
}
}
不要忘记将它添加到您的 web.xml
Don't forget to add it to your web.xml
<filter>
<display-name>JsessionId Filter</display-name>
<filter-name>jsessionIdAvoiderFilter</filter-name>
<filter-class>my.namespace.JsessionIdAvoiderFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>jsessionIdAvoiderFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
推荐答案
由于Servlet 3.0,您可以使用< tracking-mode> COOKIE< / tracking-mode> 。但是由于JBoss 4.2.2不是Servlet 3.0编译器,因此这不是一个选项。
Since Servlet 3.0 you could use <tracking-mode>COOKIE</tracking-mode> for this. But as JBoss 4.2.2 isn't Servlet 3.0 compilant, this isn't an option.
最简单的方法是创建一个servlet过滤器, href =http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getRequestURI%28%29> HttpServletRequest#getRequestURI() HttpSession#isNew() 返回 true 。不要忘记检查 HttpServletRequest#isRequestedSessionIdFromCookie() ,以防止客户端不支持Cookie时的无限重定向循环。
Easiest would be to create a servlet filter which sends a redirect to HttpServletRequest#getRequestURI() when HttpSession#isNew() returns true. Don't forget to check the HttpServletRequest#isRequestedSessionIdFromCookie() to prevent an infinite redirect loop when the client doesn't support cookies at all.
这篇关于JsessionId - 如何避免; jsessionid = XXX第一次调用页面?它的工作原理如果第一页是jsp的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
