tomcat中的空会话路径是什么?
我前一天读过 apache tomcat 文档,我对 emptySessionPath 感到很困惑。据我所知,如果设置为 true,则 emptySessionPath 存储在 Web 应用程序的根文件夹中。请给出术语 emptySessionPath 的正确定义,如果将其设置为 true 和 false 会发生什么?
请指导我。提前致谢。
I have read apache tomcat documentation a day before, and I am so confused about emptySessionPath . Up to my knowledge, if it's set to true, the emptySessionPath is stored at the root folder of web application. Please give the right definition of the term emptySessionPath and what happens if it is set to true and false?
Please guide me.Thanks in advance.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
emptySessionPath字段仅说明所有 cookie 是否应存储在根 URL 路径/中(如果emptySessionPath=true)或不存储(否则) 。这是由 Apache 的连接器使用的。请参阅此处详细信息(这是针对 AJP 连接器的,它是连接器对象的一部分)。
这基本上意味着:
JSESSIONID是您的 Web 应用程序的 ID 会话。请参阅此处的完整说明。更新:有关使用的信息有些过时 - 请参阅此处了解更多信息-有关如何为最近的 tomcat 设置会话路径的最新信息。
The
emptySessionPathfield just states whether the all cookie should be stored in the root URL path/(ifemptySessionPath=true) or not (otherwise).This is used by Apache's Connector. See details here (This is for AJP Connector, which is part of the Connnector object).
What this basically means is:
JSESSIONIDis the ID Session for your Webapp. See a full explanation here.Update: This information about usage is somewhat outdated - see here for a more up-to-date information on how to set the Session path also for recent tomcat.
如果emptySessionPath设置为true,它将从JSESSIONID cookie中消除上下文路径。它将设置一个cookie路径为/。该属性可用于跨应用程序认证机制。
If emptySessionPath is set to true, it will eliminate the context path from JSESSIONID cookie.It will set a cookie path to /.This attribute can be used for cross application autehentication mechanism.
您可能知道,会话通常由 cookie 维护。 Cookie 有两个值,用于确定浏览器是否应针对特定请求返回它们:cookieDomain 和 cookiePath。 cookiePath 必须与请求的一致。
对 Cookie 的请求
将返回 cookie 路径:
但不返回 cookie 路径:
根据规范,会话不会在不同的 Web 应用程序之间共享,因此,如果您在以下位置部署了 Web 应用程序
foo.war/foo,会话 cookie 路径默认设置为/foo。似乎 Connector.emptySessionPath 是连接器上的受保护变量。我还没有读过代码 - 但我想这与 Tomcat 的单点登录或共享会话有关,在这种情况下,您登录到一个上下文并在所有上下文中进行身份验证 - 在这种情况下,cookie 路径必须是
/< /code> 用于会话 cookie。Session are, as you probably know, often maintained by a cookie. A cookie has two values that determines whether they should be returned by the browser for a certain request, cookieDomain and cookiePath. The cookiePath must match that of the request.
A request is made for
Cookie would be returned with cookie path:
But not for cookie path:
By spec, a session is not shared between different web applications, so if you have web application
foo.wardeployed under/foo, the session cookie path would, by default be set to/foo.It seems Connector.emptySessionPath is a protected variable on Connector. I haven't read the code - but I guess it has something to do with Tomcat's single sign on or sharing sessions, where you login to one context and are authenticated in all - in which case the cookie path must be
/for the session cookies.为了以防万一,对于 web_app 3.0 版本,cookie 配置是标准化的,因此相当于 webapp 3.0 中 AJP 的emptySessionPath 是:
<路径>/
<安全>true
Just in case, for the web_app version 3.0, the cookie configuration is standarized, so the equivalent to the AJP's emptySessionPath in webapp 3.0 is:
<session-config>
<cookie-config>
<path>/</path>
<secure>true</secure>
</cookie-config>
</session-config>