是否有关于 servlet 的会话完整性的正式定义?
此问题与另一个现有的SO问题相关。 HttpServletRequest 的 getSession(boolean)< /a> 方法提到了会话完整性,但它没有定义这个概念。
我找不到官方定义。有吗?有谁知道会话完整性或不完整性时有哪些规则正式定义?谢谢。
This question is related to another existing SO question. HttpServletRequest's getSession(boolean) method mentions session integrity, but it does not define the concept.
I could not find an offical definition. Is there any? Does anyone know what rules formally define when a session is in or out of integrity? Thanks.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
它指的是通过 cookie 将服务器会话与客户端(Web 浏览器)会话链接起来的概念。
我不确定您对 java web 应用程序有多熟悉,但是 Servlet 容器可以通过向 url 添加参数(通常称为 jsessionid)或向客户端发送 cookie 来跟踪会话。我认为这会让人感到困惑,因为会话跟踪是会话完整性的同义词。
It refers to the concept of linking the server session with the client (web browser) session with a cookie.
I'm not sure how familiar you are with java web apps, but the Servlet containers can track sessions by adding a parameter to the url (usually called jsessionid) or by sending a cookie to the client. I think it gets confusing because session tracking is a synonym of session integrity.
我认为“会话完整性”一词没有特殊含义。会话只是在用户请求应用程序特定数据之间维护的数据存储。当客户端为其请求提供相同且有效的会话 ID 时,应用程序可以保证具有一致的会话数据,即应用程序已将哪些内容放入会话中,它也将返回。因此,我将“完整性”视为使用该词的常见理解:
I don't think there is a special meaning for term "session integrity". Session is just a data store maintained between user requests for application specific data. While client provides same and valid session id with her requests, application is guaranteed to have consistent session data i.e what application has put into session, it will also get back. So, I would treat "integrity" as using common understanding of that word:
会话完整性由 servlet 容器处理。会话完整性是指会话的一致性:即会话跟踪。
servlet 容器可以使用(据我所知)两种类型的会话跟踪:
JSESSIONID
作为片段(不是作为参数,这是有原因的)附加到 URL 中。Servlet 容器必须确保其跟踪会话的一致性。
资源:
Session integrity is dealt by the servlet container. Session integrity means the consistency of sessions: i.e. session tracking.
The servlet container can either use (as far as I know) 2 types of session tracking:
JSESSIONID
in a cookie.JSESSIONID
as a fragment (not as a parameter, and there's reasons why) in the URL.The servlet container must make sure that it tracks its sessions with consistency.
Resources: