问题描述

我有一个应用程序，它使用带有 <iframe></iframe> 的欢迎页面 index.jsp，iframe 的内容是一个 jsf 页面.如果我访问 index.jsp，我会在第一次进入 firebug 时看到一个 cookie:

I have an application which uses the welcome-page index.jsp with an <iframe></iframe> the contents of the iframe is a jsf page. If I access index.jsp I see a cookie already on the first get in firebug:

Set-Cookie  JSESSIONID=C615DA89B6EF73F801973EA3DCD3B226; Path=/

的页面继承了这个jsessionid.但是:当我直接访问 <iframe/> 的页面时，我将 jsessionId 重写为所有没有 cookie 的 URL - 在第一个请求中.然后使用cookie.这一切都很好 - 如果:安全系统将允许我执行 url 重写.

The page of the <iframe> inherits this jsessionid. BUT: when I directly access the page of the <iframe/> I get the jsessionId rewritten to all URLs without a cookie - on the first request. Afterwards the cookie is used. This is all fine - if:The security system would allow me to perform url rewrites.

我运行 jboss 4.2.2

I run jboss 4.2.2

我想实现与 index.jsp 相同的行为 - 例如始终使用 cookie，并始终避免 http 重写.

I want to achieve the same behaviour as I have with the index.jsp - e.g. always use cookies and always avoid http rewrite.

感谢 balusc 的回答，我写了这个:

public class JsessionIdAvoiderFilter implements Filter {

            public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException,
                    ServletException {
                boolean allowFilterChain = redirectToAvoidJsessionId((HttpServletRequest) req, (HttpServletResponse)res);

                         //I'm doing this because if I execute the request completely, it will perform a pretty heavy lookup operation. No need to do it twice.
                if(allowFilterChain)
                    chain.doFilter(req, res);
            }


            public static boolean redirectToAvoidJsessionId(HttpServletRequest req, HttpServletResponse res) {
                HttpSession s = req.getSession();
                if(s.isNew()) {

 //after the redirect we don't want to redirect again.
if(!(req.isRequestedSessionIdFromCookie()&&req.isRequestedSessionIdFromURL()))
                    {
                                //yeah we have request parameters actually on that request.
                        String qs = req.getQueryString();

                        String requestURI = req.getRequestURI();
                        try {
                            res.sendRedirect(requestURI+"?"+qs);
                            return false;
                        } catch (IOException e) {
                            logger.error("Error sending redirect. " + e.getMessage());
                        }
                    }
                }
                return true;
            }
}

不要忘记将它添加到您的 web.xml

Don't forget to add it to your web.xml

    <filter>
    <display-name>JsessionId Filter</display-name>
    <filter-name>jsessionIdAvoiderFilter</filter-name>
    <filter-class>my.namespace.JsessionIdAvoiderFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>jsessionIdAvoiderFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
<filter>

推荐答案

从 Servlet 3.0 开始，你可以使用 来解决这个问题.但由于 JBoss 4.2.2 不兼容 Servlet 3.0，所以这不是一个选项.

Since Servlet 3.0 you could use <tracking-mode>COOKIE</tracking-mode> for this. But as JBoss 4.2.2 isn't Servlet 3.0 compilant, this isn't an option.

最简单的方法是创建一个 servlet 过滤器，它将重定向发送到 HttpServletRequest#getRequestURI() 当 HttpSession#isNew() 返回 true.不要忘记检查 HttpServletRequest#isRequestedSessionIdFromCookie() 防止在客户端根本不支持 cookie 时无限重定向循环.

Easiest would be to create a servlet filter which sends a redirect to HttpServletRequest#getRequestURI() when HttpSession#isNew() returns true. Don't forget to check the HttpServletRequest#isRequestedSessionIdFromCookie() to prevent an infinite redirect loop when the client doesn't support cookies at all.

这篇关于如何避免在第一次调用页面时出现;jsessionid=XXX?如果第一页是jsp，它就可以工作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！