JAX-RS、RestEasy:无会话 cookie
伙计们,
过去,当您点击 servlet/jsp 时,应用程序服务器会自动启动会话。它将在第一个动态响应中放置一个会话 cookie,并进行全程跟踪。
我有一个休息后端,我注意到没有会话 cookie 被交易。因此,我手动添加代码来发送 JSESSIONID cookie:
@Context
private HttpServletRequest httpRequest;
// ...
@GET
@Path( "/{rcpGuid}" )
public Response myMethod( ... )
{
final HttpSession session = httpRequest.getSession();
final String sSessionId = session.getId();
...
return Response.status( Response.Status.SEE_OTHER ).
location( redirectUrl ).cookie( new NewCookie( "JSESSIONID", sSessionId ) );
}
现在,这导致返回 JSESSIONID cookie 的 2 个副本,而之前没有 Set-Cookie 标头。这就是我现在在浏览器检查器中看到的内容:
Set-Cookie:JSESSIONID=sdm-Q1P6pRoQbKd4-9cJylGb; Path=/nn, JSESSIONID=sdm-Q1P6pRoQbKd4-9cJylGb; Version=1
只要它能工作,我不在乎。但不幸的是,当我的浏览器请求重定向到的 URL 时(请注意,响应是“SEE_OTHER”),该请求不包含会话 ID。这导致我的应用程序无法正常运行。
有什么见解吗?
Folks,
Used to be that when you hit a servlet/jsp, the app server would automatically start a session. It would put a session cookie in the first dynamic response that would get tracked throughout.
I have a rest backend and I notice that no session cookies are being traded. So I manually add code to send the JSESSIONID cookie:
@Context
private HttpServletRequest httpRequest;
// ...
@GET
@Path( "/{rcpGuid}" )
public Response myMethod( ... )
{
final HttpSession session = httpRequest.getSession();
final String sSessionId = session.getId();
...
return Response.status( Response.Status.SEE_OTHER ).
location( redirectUrl ).cookie( new NewCookie( "JSESSIONID", sSessionId ) );
}
Now this is causing 2 copies of the JSESSIONID cookie being returned where before there was no Set-Cookie header. This is what I see now in my browser's inspector:
Set-Cookie:JSESSIONID=sdm-Q1P6pRoQbKd4-9cJylGb; Path=/nn, JSESSIONID=sdm-Q1P6pRoQbKd4-9cJylGb; Version=1
I don't care as long as this would work. But unfortunately, when my browser requests the URL being redirected to (notice that the response is "SEE_OTHER"), that request does not bear the session id. This causing my app to not function right.
Any insights?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
在调用
httpRequest.getSession()之前,应用服务器不会创建会话。在您的示例中,您调用
getSession()并创建一个单独的jsessionidcookie。这可以解释为什么你有两个饼干。如果您两者都不做,那么您根本就不会拥有jessionid。The app server doesn't create a session until
httpRequest.getSession()is called.In your example, you call
getSession()and create a separatejsessionidcookie. That would explain why you have two cookies. If you do neither, you wont have ajessionidat all.如果它是 REST 后端,那么您不应该拥有 JSESSIONID cookie 并将后端端点保持为无状态。
从您的一项 Web 服务获取结果所需的所有信息都应包含在对该 Web 服务的请求中。 Web 服务是幂等的。
If it is a REST back-end, so you should not have JSESSIONID cookie and keep your back-end endpoints as Stateless.
All informations required to get a result from one of your web service should be contained in the request to the web service. A web service is idempotent.