JSessionID会被覆盖

JSessionID会被覆盖

关注
发信
关注(28)粉丝(399)

在HTTP和HTTPS之间切换时,JSessionID会被覆盖。如何解决?

本文介绍了在HTTP和HTTPS之间切换时,JSessionID会被覆盖。如何解决?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我们有以下情况:


  1. 前往 http ://网站/并点击指向 http :// website / appX

    的链接。检查Cookie是否显示带有secure = NO的JSessionID。

  1. Go to http://website/ and click on a link to http://website/appX
    Check that the cookie shows JSessionID with secure = NO.

打开另一个浏览器窗口或标签页,然后转到 https ://网站/,然后点击指向 https :// website / appY的链接。

检查cookie是否显示带有secure = YES的JSessionID。

Open another browser window or tab and go to https://website/ and click on a link to https://website/appY.
Check that the cookie shows JSessionID with secure = YES.

尝试与步骤1中创建的窗口/

Try to interact with the window/tab created in step 1. I'm getting a session expired...

如果我们重复这些步骤,但使用 https :// website / appX而不是 https :// website / appY,则JSessionID cookie保持为Secure = NO。

If we repeat the steps but use https://website/appX instead of https://website/appY in step2, then the JSessionID cookie remains with Secure=NO.

所有cookie都有JSessionId,最后添加jvmRoute。

All cookies have JSessionId with jvmRoute appended in the end.

-

我们正在使用:

Apache(2.2.3-43.el5_5.3)+ mod_jk(w /粘性会话)和负载均衡器配置到几个JBoss实例(v 4.3.0)。

Apache (2.2.3-43.el5_5.3) + mod_jk (w/ sticky sessions) and load balancer configured to several JBoss instances (v 4.3.0).

我发现只有一个链接与完全相同的问题(通常其他人都使用PHP):

I have found only a link with the exact same issue (normally the other ones are using PHP):http://threebit.net/mail-archive/tomcat-users/msg17687.html

问:我们如何

推荐答案

在deploy / jboss中,在连接器配置(对于JBoss中的Tomcat捆绑版本) web.deployer / server.xml,有一个 emptySessionPath 属性,用于控制是否在上下文路径上设置会话cookie。

In the connector configuration (for Tomcat's bundled version in JBoss) in deploy/jboss-web.deployer/server.xml, there's an emptySessionPath attribute that controls whether the session cookie is set on the context path or not.

<Connector port="8080" address="${jboss.bind.address}"
     maxThreads="250" maxHttpHeaderSize="8192"
     emptySessionPath="true" protocol="HTTP/1.1"
     enableLookups="false" redirectPort="8443" acceptCount="100"
     connectionTimeout="20000" disableUploadTimeout="true" />

如果将此值设置为false,则每个应用程序都有一个cookie,

If you set this to false, you'll have one cookie per application, which prevents the problem from happening.

这篇关于在HTTP和HTTPS之间切换时,JSessionID会被覆盖。如何解决?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-28 19:13
Powered by LMLPHP ©2024 JSessionID会被覆盖 0.048678