在https和http间切换时session丢失问题
2012-07-02 00:00
232 查看
添加如下类:
public class SessionFiler extends HttpServlet implements Filter {
private static final Log log = LogFactory.getLog(SessionFiler.class);
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest re = (HttpServletRequest) request;
log.fatal("SessionFiler >>" + re.getSession() == null ? "no-id" : re
.getSession().getId());
SessionWraper myrequest = new SessionWraper(
(HttpServletRequest) request);
myrequest.setResponse((HttpServletResponse) response);
log.fatal("SessionFiler 2>>" + re.getSession() == null ? "no-id" : re
.getSession().getId());
chain.doFilter(myrequest, response);
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
}
public class SessionWraper extends HttpServletRequestWrapper {
private static final Log log = LogFactory.getLog(SessionWraper.class);
private HttpServletResponse response = null;
public SessionWraper(HttpServletRequest request) {
super(request);
}
public void setResponse(HttpServletResponse response) {
this.response = response;
}
public HttpSession getSession() {
HttpSession session = super.getSession();
processSessionCookie(session);
return session;
}
public HttpSession getSession(boolean create) {
HttpSession session = super.getSession(create);
processSessionCookie(session);
return session;
}
private void processSessionCookie(HttpSession session) {
log.fatal("processSessionCookie>>"+session.getId());
if (null == response || null == session) {
return;
}
// cookieOverWritten - Flag to filter multiple "Set-Cookie" headers
Object cookieOverWritten = getAttribute("COOKIE_OVERWRITTEN_FLAG");
log.fatal((null == cookieOverWritten) +"||"+ isSecure()
+"||"+ isRequestedSessionIdFromCookie() +"||"+ session.isNew());
if (null == cookieOverWritten && isSecure()
&& isRequestedSessionIdFromCookie() && session.isNew()) {
Cookie cookie = createCookie(session);
// Adding an "Set-Cookie" header to the response
response.addCookie(cookie);
// To avoid multiple "Set-Cookie" header
setAttribute("COOKIE_OVERWRITTEN_FLAG", "true");
}
}
/**
* Might have created the cookie in SSL protocol and tomcat will loose the
* session if there is change in protocol from HTTPS to HTTP. To avoid this,
* trick the browser using the HTTP and HTTPS session cookie.
*
* @param session
*
* @return the cookie
*/
private Cookie createCookie(HttpSession session) {
log.fatal("createCookie>>"+session.getId());
Cookie cookie = new Cookie("JSESSIONID", session.getId());
cookie.setMaxAge(-1); // Life of the browser or timeout
cookie.setSecure(false);
String contextPath = getContextPath();
if ((contextPath != null) && (contextPath.length() > 0)) {
cookie.setPath(contextPath);
} else {
cookie.setPath("/");
}
return cookie;
}
}
结果是有时可以,有时不可以,不知道是不是https的问题,还是浏览器本身的限制?
public class SessionFiler extends HttpServlet implements Filter {
private static final Log log = LogFactory.getLog(SessionFiler.class);
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest re = (HttpServletRequest) request;
log.fatal("SessionFiler >>" + re.getSession() == null ? "no-id" : re
.getSession().getId());
SessionWraper myrequest = new SessionWraper(
(HttpServletRequest) request);
myrequest.setResponse((HttpServletResponse) response);
log.fatal("SessionFiler 2>>" + re.getSession() == null ? "no-id" : re
.getSession().getId());
chain.doFilter(myrequest, response);
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
}
public class SessionWraper extends HttpServletRequestWrapper {
private static final Log log = LogFactory.getLog(SessionWraper.class);
private HttpServletResponse response = null;
public SessionWraper(HttpServletRequest request) {
super(request);
}
public void setResponse(HttpServletResponse response) {
this.response = response;
}
public HttpSession getSession() {
HttpSession session = super.getSession();
processSessionCookie(session);
return session;
}
public HttpSession getSession(boolean create) {
HttpSession session = super.getSession(create);
processSessionCookie(session);
return session;
}
private void processSessionCookie(HttpSession session) {
log.fatal("processSessionCookie>>"+session.getId());
if (null == response || null == session) {
return;
}
// cookieOverWritten - Flag to filter multiple "Set-Cookie" headers
Object cookieOverWritten = getAttribute("COOKIE_OVERWRITTEN_FLAG");
log.fatal((null == cookieOverWritten) +"||"+ isSecure()
+"||"+ isRequestedSessionIdFromCookie() +"||"+ session.isNew());
if (null == cookieOverWritten && isSecure()
&& isRequestedSessionIdFromCookie() && session.isNew()) {
Cookie cookie = createCookie(session);
// Adding an "Set-Cookie" header to the response
response.addCookie(cookie);
// To avoid multiple "Set-Cookie" header
setAttribute("COOKIE_OVERWRITTEN_FLAG", "true");
}
}
/**
* Might have created the cookie in SSL protocol and tomcat will loose the
* session if there is change in protocol from HTTPS to HTTP. To avoid this,
* trick the browser using the HTTP and HTTPS session cookie.
*
* @param session
*
* @return the cookie
*/
private Cookie createCookie(HttpSession session) {
log.fatal("createCookie>>"+session.getId());
Cookie cookie = new Cookie("JSESSIONID", session.getId());
cookie.setMaxAge(-1); // Life of the browser or timeout
cookie.setSecure(false);
String contextPath = getContextPath();
if ((contextPath != null) && (contextPath.length() > 0)) {
cookie.setPath(contextPath);
} else {
cookie.setPath("/");
}
return cookie;
}
}
结果是有时可以,有时不可以,不知道是不是https的问题,还是浏览器本身的限制?
相关文章推荐
- Https跳到http时session信息丢失的分析及解决方案
- http https session丢失
- Https跳到http时session信息丢失的分析及解决方案
- 关于HTTP和HTTPS相互转换的问题--解决根据过滤器自动切换功能--可用
- nginx http自动跳转https post参数丢失问题
- 使用Spring security,遇到从HTTPS页面重定向到HTTP页面时会丢失JSESSIONID的问题
- 有关HttpURLConnection充当代理转发Session丢失的问题
- .net 自由切换http和https请求页面,含带处理css和js切换时失效问题
- http https session丢失
- Spring + Shiro 项目 + HttpSessionListener 【调用springService问题】&【Session失效问题】
- Session "丢失"问题
- php session跨页面传递 session值丢失问题之完美解决
- 客户端 HttpURLConnection session不会丢失
- 关于http和https允许请求设置header问题
- HTTP及HTTPS协议原理解析与面试问题
- 关于asp.net Session丢失问题的总结
- ASP.NET网站SESSION丢失的问题
- uploadify在Firefox下丢失session问题的解决方法
- 解决uploadify使用时session发生丢失问题的方法
- asp.net 修改/删除站内目录操作后Session丢失问题