如何从 JSESSIONID 加载 Java HttpSession？

发布于 2024-09-06 10:13:52 字数 69 浏览 6 评论 0 原文

我想通过 JSESSIONID 获取 Java HttpSession。是否可以？如果是，怎么办？

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

可可 2024-09-13 10:13:52

您基本上需要手动将它们全部收集在 Map 使用 HttpSessionListener 自己。

@WebListener
public class HttpSessionCollector implements HttpSessionListener {
    private static final Map<String, HttpSession> SESSIONS = new ConcurrentHashMap<>();

    @Override
    public void sessionCreated(HttpSessionEvent event) {
        HttpSession session = event.getSession();
        SESSIONS.put(session.getId(), session);
    }


    @Override
    public void sessionDestroyed(HttpSessionEvent event) {
        SESSIONS.remove(event.getSession().getId());
    }

    public static HttpSession find(String sessionId) {
        return SESSIONS.get(sessionId);
    }
}

然后，在任何您想要的地方，只需执行 HttpSessionCollector.find(sessionId) 即可获取相关的 HttpSession。

也就是说，这是一种巨大气味。当然有比这更好的方法来解决实际功能需求；）正如我在您的后续问题：

这是您第二次提出在现实世界中永远不应该练习的问题。老实说，这都是臭味。您认为在服务器端获取与 JSESSONID 关联的 HttpSession 并在客户端获取 JSESSIONID 值是“解决方案”，这是什么问题？在一个新问题中详细说明这一点，您将获得如何正确执行此操作的答案。

认真对待吧。我们不是在取笑您，我们只是想帮助您朝正确的方向前进，以避免您的项目/网络应用程序因安全漏洞和不良做法而崩溃和/或您被解雇。

You'll basically need to manually collect them all in a Map using a HttpSessionListener yourself.

@WebListener
public class HttpSessionCollector implements HttpSessionListener {
    private static final Map<String, HttpSession> SESSIONS = new ConcurrentHashMap<>();

    @Override
    public void sessionCreated(HttpSessionEvent event) {
        HttpSession session = event.getSession();
        SESSIONS.put(session.getId(), session);
    }


    @Override
    public void sessionDestroyed(HttpSessionEvent event) {
        SESSIONS.remove(event.getSession().getId());
    }

    public static HttpSession find(String sessionId) {
        return SESSIONS.get(sessionId);
    }
}

Then, anywhere you want just do HttpSessionCollector.find(sessionId) to get the HttpSession in question.

That said, this is a huge smell. There are certainly better ways to solve the actual functional requirement than this ;) As I commented in your follow-up question:

This is the 2nd time that you asked a question which in real world should never be practiced. Honestly said, this all smells. What is it, the problem for which you think that getting the HttpSession associated with JSESSONID in server side and getting the JSESSIONID value in client side is "the" solution? Elaborate about this in a new question, you'll get answers how to do it the right way.

Take it serious. We're not teasing you, we're just trying to help you in the right direction to avoid that your project/webapp will break due to security holes and bad practices and/or that you will get fired.

回复收藏 0 原文