JSESSIONID在同一IP但不同端口上的两个服务器之间的冲突 [英] JSESSIONID collision between two servers on same ip but different ports
问题描述
我有一种情况,我有两个不同的webapps运行在单个服务器上,使用不同的端口。它们都运行Java的Jetty servlet容器,因此它们都使用名为JSESSIONID的cookie参数来跟踪会话ID。
- 打开Firefox标签页,然后转到WebApp1
- WebApp1的HTTP响应具有JSESSIONID = 1的set-cookie标头
- Firefox现在具有一个Cookie标头,其JSESSIONID = 1,所有HTTP请求都发送到WebApp1
- 打开第二个Firefox标签,然后转到WebApp2
- 对WebApp2的HTTP请求也有一个Cookie头,JSESSIONID = 1,但在doGet中, c $ c> req.getSession(false); 我得到
null
。如果我调用req.getSession(true)
我得到一个新的Session对象,但是WebApp2的HTTP响应有一个set-cookie头,JSESSIONID = 20 - 现在,WebApp2有一个工作会话,但WebApp1的会话去了。
- 永久继续
所以会话在每个网络应用程序之间颠簸。如果已经定义了一个JSESSIONID cookie,我真的很想让 req.getSession(false)
返回一个有效的会话。
$ b $一个选项是基本上使用HashMap和Cookie(称为WEBAPP1SESSIONID和WEBAPP2SESSIONID)重新实现Session框架,但这很糟糕,这意味着我必须在ActionServlet和其他几个地方嵌入新的Session。
这必须是别人遇到的问题。是Jetty的 HttpServletRequest.getSession(boolean)
只是crappy?
I有一个类似的问题:在不同端口的localhost上的同一个应用程序的一个或多个实例,在应用程序启动时选择,每个使用自己的jetty实例。
过了一会儿,我想出了这个:
- 等待码头以初始化
- 使用jetty的SocketManager获取端口(
socketManager.getLocalPort()
) - 通过SessionManager设置cookie名称
(sessionHandler.getSessionManager()。setSessionCookie(String)
)
b $ b
这样,我对每个实例都有一个差异cookie名称,因此没有任何干扰。
I've got a situation where I have two different webapps running on a single server, using different ports. They're both running Java's Jetty servlet container, so they both use a cookie parameter named JSESSIONID to track the session id. These two webapps are fighting over the session id.
- Open a Firefox tab, and go to WebApp1
- WebApp1's HTTP response has a set-cookie header with JSESSIONID=1
- Firefox now has a Cookie header with JSESSIONID=1 in all it's HTTP requests to WebApp1
- Open a second Firefox tab, and go to WebApp2
- The HTTP reqeust to WebApp2 also has a Cookie header with JSESSIONID=1, but in the doGet, when I call
req.getSession(false);
I getnull
. And if I callreq.getSession(true)
I get a new Session object, but then the HTTP response from WebApp2 has a set-cookie header with JSESSIONID=20 - Now, WebApp2 has a working Session, but WebApp1's session is gone. Going to WebApp1 will give me a new session, blowing away WebApp2's session.
- Continue forever
So the Sessions are thrashing between each web app. I'd really like for the req.getSession(false)
to return a valid session if there's already a JSESSIONID cookie defined.
One option is to basically reimplement the Session framework with a HashMap and cookies called WEBAPP1SESSIONID and WEBAPP2SESSIONID, but that sucks, and means I'll have to hack the new Session stuff into ActionServlet and a few other places.
This must be a problem others have encountered. Is Jetty's HttpServletRequest.getSession(boolean)
just crappy?
I had a similar problem: One or more instances of the same application on localhost on different ports, choosen at application start time, each using its own jetty instance.
After a while, I came up with this:
- Wait for jetty to initialize
- use jetty's SocketManager to get the port (
socketManager.getLocalPort()
) - set the cookie name through the SessionManager
(sessionHandler.getSessionManager().setSessionCookie(String)
)
This way I have a difference cookie name for each instance - thus no interference anymore.
这篇关于JSESSIONID在同一IP但不同端口上的两个服务器之间的冲突的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!