是否有关于 servlet 的会话完整性的正式定义?

发布于 2024-12-06 19:57:37 字数 396 浏览 3 评论 0原文

此问题与另一个现有的SO问题相关。 HttpServletRequest 的 getSession(boolean)< /a> 方法提到了会话完整性,但它没有定义这个概念。

我找不到官方定义。有吗?有谁知道会话完整性或不完整性时有哪些规则正式定义?谢谢。

This question is related to another existing SO question. HttpServletRequest's getSession(boolean) method mentions session integrity, but it does not define the concept.

I could not find an offical definition. Is there any? Does anyone know what rules formally define when a session is in or out of integrity? Thanks.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

此生挚爱伱 2024-12-13 19:57:37

它指的是通过 cookie 将服务器会话与客户端(Web 浏览器)会话链接起来的概念。

我不确定您对 java web 应用程序有多熟悉,但是 Servlet 容器可以通过向 url 添加参数(通常称为 jsessionid)或向客户端发送 cookie 来跟踪会话。我认为这会让人感到困惑,因为会话跟踪会话完整性的同义词。

It refers to the concept of linking the server session with the client (web browser) session with a cookie.

I'm not sure how familiar you are with java web apps, but the Servlet containers can track sessions by adding a parameter to the url (usually called jsessionid) or by sending a cookie to the client. I think it gets confusing because session tracking is a synonym of session integrity.

§普罗旺斯的薰衣草 2024-12-13 19:57:37

我认为“会话完整性”一词没有特殊含义。会话只是在用户请求应用程序特定数据之间维护的数据存储。当客户端为其请求提供相同且有效的会话 ID 时,应用程序可以保证具有一致的会话数据,即应用程序已将哪些内容放入会话中,它也将返回。因此,我将“完整性”视为使用该词的常见理解

诚信是行动、价值观、方法、
措施、原则、期望和结果。

I don't think there is a special meaning for term "session integrity". Session is just a data store maintained between user requests for application specific data. While client provides same and valid session id with her requests, application is guaranteed to have consistent session data i.e what application has put into session, it will also get back. So, I would treat "integrity" as using common understanding of that word:

Integrity is a concept of consistency of actions, values, methods,
measures, principles, expectations, and outcomes.

风筝在阴天搁浅。 2024-12-13 19:57:37

会话完整性由 servlet 容器处理。会话完整性是指会话的一致性:即会话跟踪。

servlet 容器可以使用(据我所知)两种类型的会话跟踪:

  • Cookie,通过将 JSESSIONID 存储在 cookie 中。
  • URL 重写,通过将 JSESSIONID 作为片段(不是作为参数,这是有原因的)附加到 URL 中。

Servlet 容器必须确保其跟踪会话的一致性。

资源:

Session integrity is dealt by the servlet container. Session integrity means the consistency of sessions: i.e. session tracking.

The servlet container can either use (as far as I know) 2 types of session tracking:

  • Cookie, by storing JSESSIONID in a cookie.
  • URL Rewriting, by appending the JSESSIONID as a fragment (not as a parameter, and there's reasons why) in the URL.

The servlet container must make sure that it tracks its sessions with consistency.

Resources:

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文