禁用 cookie 时,C:url 不附加 jsessionid
我尝试过:
<c:url value="/web/pclub/userprofile" var="test">
<c:param name="userid" value="${user.id}"/>
</c:url>
${test}
但是当我检查禁用 cookie 的页面时,不会附加 jsessionid。 有谁知道为什么会发生这种情况?
I tried:
<c:url value="/web/pclub/userprofile" var="test">
<c:param name="userid" value="${user.id}"/>
</c:url>
${test}
But when I check the page with cookies disabled then the jsessionid is not appended.
Does anyone know why this happens?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
jsessionid仅在cookie被禁用时和在服务器端创建会话时附加(因此服务器端需要以某种方式通知客户端, cookie 是默认方法)。如果尚未创建会话,则没有必要附加jsessionid。尝试将以下行添加到 JSP 顶部,至少在调用
执行此操作仅用于测试目的。如果它有效,那么问题的原因是没有会话的方法。保持原样即可。无需创建不必要的会话。对于存在会话并且浏览器不支持 cookie 的情况,
c:url就可以正常工作。顺便说一句,要验证 cookie 是否确实被禁用,请通过 Firebug 跟踪请求标头。如果服务器在响应中设置了
Set-Cookie标头,但请求中没有Cookie标头,则意味着 Cookie 确实在客户端被禁用。The
jsessionidis only appended when the cookies are disabled and when a session has been created on the server side (and thus the server side needs to notify the client about this somehow, for which a cookie would is the default approach). If no session has been created, then there's no point of appending thejsessionid.Try adding the following line to top of your JSP, at least before the
<c:url>line is called. It not only prints/debugs the session ID for you, but it also implicitly creates the session if not done yet.Do this for testing purposes only. If it works, then the cause of your problem is that there was just no means of a session. Just keep it as is. There's no need to unnecessarily create the session. For the case whenever there's as session and the browser doesn't support cookies, the
c:urlwill work fine.By the way, to verify if the cookies are indeed disabled, track the request headers by Firebug. If there's no
Cookieheader in the request even though the server has set aSet-Cookieheader in the response, then it means that the cookies are indeed disabled in the client side.我认为 BalusC 是正确的,但是要强制在服务器上创建会话,您可以在 JSP 顶部添加一个指令页面,如下所示:
I think BalusC is right, however to force creating a session on the server, you can add a directive page on the top of your JSP, like this: