HttpSession.getId() 有多独特?
HttpSession.getId()
返回的值是否保证在一段时间内是唯一的——还是仅在所有活动会话中唯一?
换句话说,我可以将它用作会话日志条目的密钥(哪个用户何时登录以及登录了多长时间)?
如果 getId
是特定于实现的(我猜是这样,因为 J2EE 规范没有提及这个问题),那么它在 Google App Engine 上是如何处理的?
Is the value returned by HttpSession.getId()
guaranteed to be unique across time -- or only unique among all active sessions?
In other words, can I use it as a key for a session log entry (which user logged in when and for how long)?
If getId
is implementation-specific (which I’m guessing it is, as the J2EE spec is silent about this issue), how is it treated on Google App Engine?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
据我所知,只要您没有重新启动网络服务器,会话 ID 就是唯一的。因此,会话 ID 在网络服务器的生命周期中随时间变化是唯一的。
在 Apache Tomcat 中,您可以查看 ManagerBase。 generateSessionId() 了解 ID 是如何生成的。但要注意,在 Tomcat 中,生成的 ID 仅在同一上下文中是唯一的。
希望有帮助
As far as i know, the session IDs are only unique as long as you did not restart the webserver. So the Session ID is unique across time during the lifecycle of your webserver.
In Apache Tomcat you can check out ManagerBase.generateSessionId() to learn how the ID is generated. But beware in Tomcat the generated IDs are only unique across the same context.
hope that helped
是的,它依赖于 实施。就像任何接口中的任何方法一样:-)。由程序员来确保 id 是唯一的。
如果您使用 ManagerBase.createSession(java.lang.String) 与 UUID 您 100% 确定您的 ID 是唯一的。
Yes, it is dependent on the implementation. As it is for any method in any interface :-). It is up to the programmer to make sure the id is unique.
If you use ManagerBase.createSession(java.lang.String) in combination with UUID you are 100% sure your id will be unique.
问题是关于 Google App Engine 的。GAE 基于 Jetty 而不是 Tomcat,因此您不能使用 ManagerBase.createSession(java.lang.String)。会话在数据存储(或memcached)中分布式和持久化。它通过 cookie(称为 JSESSONID)进行跟踪,该 cookie 由 servlet 容器管理。在数据存储区中,存在 _ah_SESSION 类型的实体,其 ID 是前缀为“_ahs”的会话 ID。目前 _ah_SESSION 实体不会自动删除。
所以答案是:目前GAE 上的会话 ID 在不同时间段内是唯一的。
The question is about Google App Engine. GAE is based on Jetty not Tomcat sou you can't use ManagerBase.createSession(java.lang.String). The session is distributed and persisted in Datastore (or memcached). It is tracked by means of a cookie (called JSESSONID), which is managed by the servlet container. In Datastore there are entities of kind _ah_SESSION with id which is session id prefixed by "_ahs". Currently _ah_SESSION entities are not deleted automatically.
So the answer is: currently session id on GAE is unique across time.