Spring Security会话如何工作？ [英] How does Spring Security sessions work?

问题描述

如本教程所述，当您在Spring安全性上登录表单时，Spring会话如何工作？ http://static.springsource.org/spring-security/site/tutorial.html

How do Spring sessions work when you login to a form on Spring security as described in this tutorial? http://static.springsource.org/spring-security/site/tutorial.html

是否基于cookie？我不知道到底发生了什么，允许用户登录并让它记住并让你在浏览会话的剩余时间内登录。

Is it cookie based? Im not sure what exactly is going on that allows the user to log in and have it remember and keep you logged in for the remainder of the browsing session.

推荐答案

它基于cookie，类似于servlet维护会话的方式。如果禁用cookie，则必须使用URL重写。根据FAQ 这里。

It is cookie based similar to how the servlet maintains sessions . If cookies are disabled, you would have to resort to URL rewriting .According to the FAQ here.

所有它看到的都是HTTP请求，它关联起来根据它们包含的JSESSIONID cookie的值到特定会话的那些。当用户在会话期间进行身份验证时，Spring Security的并发会话控制会检查他们拥有的其他经过身份验证的会话的数量。如果他们已经使用相同的身份验证会话，然后重新进行身份验证将无效。

"All it sees are HTTP requests and it ties those to a particular session according to the value of the the JSESSIONID cookie that they contain. When a user authenticates during a session, Spring Security's concurrent session control checks the number of other authenticated sessions that they have. If they are already authenticated with the same session, then re-authenticating will have no effect. "

还

如果客户禁用了cookie，并且您没有重写URL以包含jsessionid，然后会话将丢失。请注意，出于安全原因，首选使用cookie，因为它不会在URL中公开会话信息。

"If clients have cookies disabled, and you are not rewriting URLs to include the jsessionid, then the session will be lost. Note that the use of cookies is preferred for security reasons, as it does not expose the session information in the URL. "

参见此处

这篇关于Spring Security会话如何工作？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！