Java Servlet 请求的会话标识在每次请求时都会发生更改。

huangapple go评论73阅读模式
英文:

Java servlet session id changes on every request

问题

我有一个网络应用程序,其中前端是通过vue-cli开发的,运行在localhost:8081,而后端是一个独立的项目,使用tomcat开发,运行在localhost:8080。

后端有一个控制器servlet,根据操作,控制器将工作委托给另一个servlet。当登录页面将登录信息提交给控制器时,控制器创建HttpSession,调用LoginServlet验证凭据,然后将响应发送给控制器,控制器将响应传递给登录页面。到目前为止,如果我们在ControllerServlet和LoginServlet上检查HttpSession,它们完全匹配。

现在登录已成功,vue-router将我们推到URL为localhost:8081/admin的管理组件,在此时有两个GET请求,都发送到ControllerServlet,该Servlet将工作委托给另一个servlet。如果我们在控制器和这第三个servlet上检查会话,它们是匹配的。但是,如果我们检查这3个请求的HttpSession,它们彼此不同,每个请求的servlet都会创建一个新的HttpSession。我如何使这个HttpSession持久化?问题是否是因为vue运行在8081端口,而后端在8080端口上?

英文:

I have a web application where the front end is developed via vue-cli and running on localhost:8081 and the back-end is a separated project using tomcat and is running on localhost:8080

the back-end has a controller servlet which, based on an action, the controller delegate the work to another servlet.
when the login page submits the login info to the controller, the controller creates the HttpSession, call the LoginServlet which validate the credentials then send the response to the controller which will respond to the login page. Until now if we check the HttpSession on the ControllerServlet and on the LoginServlet they match perfectly.

Now that the login has been successfully vue-router push us the admin component on the url: localhost:8081/admin, at this point we have two get request, both to the ControllerServlet which will delegate the work to another servlet. If we check the session on the controller and this third servlet, they match. BUT if we check the HttpSession from these 3 requests, they all differ from eachother the servlet creates a new one for each of them. How can I make this HttpSession persistent? Is the problem due to the fact that vue is running on 8081 and the back-end is on 8080?

答案1

得分: 0

直到现在,如果我们在ControllerServletLoginServlet上检查HttpSession,它们完全匹配。

当然,它们会匹配,因为ControllerServletLoginServlet的会话都是由同一个服务器创建的(运行在端口8080)。

由运行在端口8080的服务器创建的会话与运行在端口8081的服务器没有关系,因此期望它们匹配是错误的。在极少数情况下,如果它们匹配,那只能是巧合。

运行在端口8081的服务器唯一获取由运行在端口8080的服务器创建的会话的方式是通过持久化和查询会话,即您必须将由运行在端口8080的服务器创建的会话持久化到数据存储(数据库、NFS等),然后运行在端口8081的服务器将进行查询并获取它。

英文:

> Until now if we check the HttpSession on the ControllerServlet and on
> the LoginServlet they match perfectly.

Of course, they will match because the session for both ControllerServlet and LoginServlet has been created by the same server (which is running at the port, 8080).

The session created by the server running at the port, 8080 has no relation with the server running at the port, 8081 and therefore expecting them to match is wrong. In the rarest of rare occasions, if they match, it can be just a coincidence.

The only way the server running at the port, 8081 can get the session created by the server running at the port, 8080 is through persisting and querying the session i.e. you will have to persist the session created by the server running at the port, 8080 to a data-store (DB, NFS etc.) from where the server running at the port, 8081 will have to query and get it.

huangapple
  • 本文由 发表于 2020年8月23日 00:16:56
  • 转载请务必保留本文链接:https://go.coder-hub.com/63538398.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定