发表新帖
发表新帖

Session is lost and created as new in every servlet request

前端 未结
关注
9 1377
暖寄归人
暖寄归人 2020-11-28 03:56

I have this big issue. My current session is gone every time I made a new request to Server.

I have checked in a lot of places. I can\'t find what\'s the problem. I

相关标签:
9条回答
  • 北海茫月
    2020-11-28 04:57

    Please verify if the session is not being invalidated in your code someplace. Look for code similar to request.getSession().invalidate();

    0 讨论(0)
  • 情话喂你
    2020-11-28 04:58

    I experienced a stale https session cookie (my ad-hoc term) problem, due to a secure flag.

    I had this problem when switching between http and https. The cookie stored by https session was never overwritten by http session. It remained in FireFox memory for eternity. It was visible in FireFox Tools / Options / Privacy / Delete single cookies where in Send for field it was Only for secure connections. Clearing this single cookie or all cookies is a workaround.

    I was debugging the problem with wget, and I noticed such a header:

    Set-Cookie: JSESSIONID=547ddffae0e5c0e2d1d3ef21906f; Path=/myapp; Secure; HttpOnly

    The word secure appears only in https connections and creates this stale cookie. It's a SecureFlag (see OWASP). There are ways to disable this flag on server side, which seems like a permanent solution, but maybe not safe.

    Or is it a browser bug, that the cookie is not overwritten?

    0 讨论(0)
  • 攒了一身酷
    2020-11-28 04:59

    After years, I never posted the answer back here. At that time I was busy and forgot about this question. But, today I am looking for a solution in Stackoverflow as usual and saw this notification mentioning I am getting points from this Question. Seems like other developers are facing the same issue. So, I tried to recall how I solved the issue. And yes, I solved by manually put back the session id to track/maintain the session id.

    Please see the code that I manually put back jsessionid inside the servlet. 

    HttpSession session = request.getSession();
if (request.getParameter("JSESSIONID") != null) {
    Cookie userCookie = new Cookie("JSESSIONID", request.getParameter("JSESSIONID"));
    response.addCookie(userCookie);
} else {
    String sessionId = session.getId();
    Cookie userCookie = new Cookie("JSESSIONID", sessionId);
    response.addCookie(userCookie);
}
    0 讨论(0)
 看不清?
提交回复
热议问题