问题描述
我们的应用程序中通过实现Filter来安装SecurityFilter类,我们的doFilter方法如下所示。
We have SecurityFilter class in our application by implementing Filter and our doFilter method looks like this.
public void doFilter(ServletRequest sres, ServletResponse sreq,
FilterChain chain) throws IOException, ServletException {
LOGGER.debug(Logger.buildLogMessage("Starting SecurityFilter.doFilter"));
HttpServletRequest request = (HttpServletRequest) sres;
HttpServletResponse response = (HttpServletResponse) sreq;
HttpSession session = request.getSession();
我们的web.xml中有以下条目
We have the following entry in our web.xml
<filter>
<filter-name>SecurityFilter</filter-name>
<filter-class>com.a.b.c.web.filter.SecurityFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SecurityFilter</filter-name>
<url-pattern>/resources/*</url-pattern>
</filter-mapping>
我们对应用程序进行了很多REST调用,所有这些调用都通过了这个过滤器。 Java API文档说,request.getSession()返回会话(如果存在),否则会创建新会话。但是在我们的应用程序中,request.getSession()总是为每个REST调用创建一个新会话。这可能会出错?
We have many REST calls to our application and all of them pass through this filter. The Java API documentation says, the request.getSession() returns a session if exists else it creates a new session. But in our application the request.getSession() always creates a new session for every REST call. What could be going wrong here ?
推荐答案
如果您的应用程序设置设置为通过cookie跟踪JSESSIONID,则应用程序将返回相同的会话如果您是从其他浏览器发出请求,请从同一浏览器请求,以及新会话。这显然是因为cookie基于每个浏览器生存。
If your application settings are set to track JSESSIONID via cookie, the application will return the same session if you're making a request from the same browser, and a new session if you're making a request from a different browser. This is obviously because cookies live on a per-browser basis.
这篇关于getSession()始终创建一个新会话的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!