如何从 JSESSIONID 加载 Java HttpSession?

发布于 2024-09-06 10:13:52 字数 69 浏览 10 评论 0 原文

我想通过 JSESSIONID 获取 Java HttpSession。是否可以?如果是,怎么办?

I want to get Java HttpSession by JSESSIONID. Is it possible? If yes, how?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

可可 2024-09-13 10:13:52

您基本上需要手动将它们全部收集在 Map 使用 HttpSessionListener 自己。

@WebListener
public class HttpSessionCollector implements HttpSessionListener {
    private static final Map<String, HttpSession> SESSIONS = new ConcurrentHashMap<>();

    @Override
    public void sessionCreated(HttpSessionEvent event) {
        HttpSession session = event.getSession();
        SESSIONS.put(session.getId(), session);
    }


    @Override
    public void sessionDestroyed(HttpSessionEvent event) {
        SESSIONS.remove(event.getSession().getId());
    }

    public static HttpSession find(String sessionId) {
        return SESSIONS.get(sessionId);
    }
}

然后,在任何您想要的地方,只需执行 HttpSessionCollector.find(sessionId) 即可获取相关的 HttpSession


也就是说,这是一种巨大气味。当然有比这更好的方法来解决实际功能需求;)正如我在您的 后续问题

这是您第二次提出在现实世界中永远不应该练习的问题。老实说,这都是臭味。您认为在服务器端获取与 JSESSONID 关联的 HttpSession 并在客户端获取 JSESSIONID 值是“解决方案”,这是什么问题?在一个新问题中详细说明这一点,您将获得如何正确执行此操作的答案。

认真对待吧。我们不是在取笑您,我们只是想帮助您朝正确的方向前进,以避免您的项目/网络应用程序因安全漏洞和不良做法而崩溃和/或您被解雇。

You'll basically need to manually collect them all in a Map using a HttpSessionListener yourself.

@WebListener
public class HttpSessionCollector implements HttpSessionListener {
    private static final Map<String, HttpSession> SESSIONS = new ConcurrentHashMap<>();

    @Override
    public void sessionCreated(HttpSessionEvent event) {
        HttpSession session = event.getSession();
        SESSIONS.put(session.getId(), session);
    }


    @Override
    public void sessionDestroyed(HttpSessionEvent event) {
        SESSIONS.remove(event.getSession().getId());
    }

    public static HttpSession find(String sessionId) {
        return SESSIONS.get(sessionId);
    }
}

Then, anywhere you want just do HttpSessionCollector.find(sessionId) to get the HttpSession in question.


That said, this is a huge smell. There are certainly better ways to solve the actual functional requirement than this ;) As I commented in your follow-up question:

This is the 2nd time that you asked a question which in real world should never be practiced. Honestly said, this all smells. What is it, the problem for which you think that getting the HttpSession associated with JSESSONID in server side and getting the JSESSIONID value in client side is "the" solution? Elaborate about this in a new question, you'll get answers how to do it the right way.

Take it serious. We're not teasing you, we're just trying to help you in the right direction to avoid that your project/webapp will break due to security holes and bad practices and/or that you will get fired.

我的影子我的梦 2024-09-13 10:13:52

您可以按照 BalusC 的回答进行操作,但这种设施的存在是不同用户之间表面上的安全漏洞。您不应该在您的应用程序中构建这样的东西。

You can do it as per BalusC's answer, but the existence of such a facility is a prima facie security breach between different users. You shouldn't be building things like this into your application.

苦笑流年记忆 2024-09-13 10:13:52

不可以,API 不允许这样做。

我还想说更多,但这就是全部了。

No, the API does not permit this.

I'd say more, but that's about all there is to it.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文