具有跨域请求的重复 Flex 会话
当我在本地发出请求时,维护 FlexSession 完全没有问题;但是,当我从另一台计算机发出请求时,它会为每个请求创建重复的 FlexSession。我注意到每个请求的 JSESSIONID 都不同,这可能是导致会话被欺骗的原因。
但我不知道为什么会发生这种情况。我得到的具体错误是:
Channel.Ping.Failed error Detected duplicate HTTP-based FlexSessions, generally due to the remote host disabling session cookies. Session cookies must be enabled to manage the client connection correctly.
我的 crossdomain.xml 如下:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*" secure="false"/>
<allow-http-request-headers-from domain="*" headers="*" secure="false"/>
</cross-domain-policy>
编辑:
我们在后端使用 spring-flex 集成。此外,这种情况发生在多个浏览器中;我们尝试了 IE、Firefox 和 Chrome。
这是 Flex 代码:
var ro : RemoteObject = new RemoteObject("myDestination");
ro.endpoint = "http://localhost/foo";
ro.source = "com.bar.MyService";
var op : AbstractOperation = ro.getOperation("serviceMethod");
op.addEventListener( FaultEvent.FAULT, ro_faultHandler );
op.addEventListener( ResultEvent.RESULT, ro_resultHandler );
op.send();
When I make a request locally, I have no problems at all maintaining my FlexSession; however, when I make a request from another computer, it creates duplicate FlexSession for every request. I noticed the JSESSIONID is different for each request which is what's probably causing the duped sessions.
But I have no idea why this is happening. The specific error I get is:
Channel.Ping.Failed error Detected duplicate HTTP-based FlexSessions, generally due to the remote host disabling session cookies. Session cookies must be enabled to manage the client connection correctly.
My crossdomain.xml is as follows:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*" secure="false"/>
<allow-http-request-headers-from domain="*" headers="*" secure="false"/>
</cross-domain-policy>
EDIT:
We are using spring-flex integration on the backend. Also, this happens in multiple browsers; we tried IE, Firefox, and Chrome.
Here's the Flex code:
var ro : RemoteObject = new RemoteObject("myDestination");
ro.endpoint = "http://localhost/foo";
ro.source = "com.bar.MyService";
var op : AbstractOperation = ro.getOperation("serviceMethod");
op.addEventListener( FaultEvent.FAULT, ro_faultHandler );
op.addEventListener( ResultEvent.RESULT, ro_resultHandler );
op.send();
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
有三篇文章描述了发生的情况。这些文章是由一些从事 BlazeDS 工作的人撰写的,阅读完这些文章后您应该能够解决您的问题。如果没有,请尝试创建一个重现问题的功能测试,我会看一下。
亚历克斯的博客
Mete 的博客
林的博客
There are three articles describing what happens. The articles are written by some guys working on BlazeDS and you should be able to fix your problem after reading them. If not, try to create a functional test reproducing the problem and I'll take a look.
Alex's blog
Mete's blog
Lin's blog