1、浏览器第一次请求
浏览器cookie中没有jsessionid,所以http请求包cookie中无jsessionid的值
tomcat收到http请求,取出cookie中的jsessionid,没有取到值所以生成sessionid并保存到tomcat中, 且添加到request中,request.getSession().getId()可以获取sessionid。
response返回结果时会告诉浏览器设置jsessionid
2、浏览器第二次访问时
浏览器cookie中有jsessionid,所以http请求包cookie中会带上jsessionid的值,
tomcat收到http请求,取出cookie中jsessionid,和tomcat中保存的sessionid对比,如果一致则不处理,如果不一致则重新生成一个sessionid并保存到tomcat,且添加到request中的sessionid。
注:此时request.getSession().getId()取到的sessionid是tomcat新生成的id,
从cookie中取到的id是浏览器发送请求是request带过来的id。
Cookie[] cookies = (Cookie[]) request.getCookies();
// 从Cookie数据中遍历查找, 并取jsessionid
if (null != cookies && cookies.length > 0) {
for (Cookie cookie : cookies) {
if ("JSESSIONID".equals(cookie.getName())) {
//有, 直接返回
return cookie.getValue();
}
}
}
wireshark抓包:
HTTP/1.1
Host: 10.26.201.210
Connection: keep-alive
Accept: application/json, text/javascript, /; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36
Referer: http://10.26.201.210/antimoneylaundering/login/loginIn
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: JSESSIONID=2A799C85B95F18D2E89854D99B95B8A3; CSESSIONID=a43ed30a1f81411d95fa1a8b251ef81b; user_Name=
HTTP/1.1 200 OK
Server: nginx/1.14.0
Date: Tue, 26 Jun 2018 07:56:26 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 54
Connection: keep-alive
Set-Cookie: JSESSIONID=e107642b95724c61aeb242d8dcf4f07b; Path=/
X-Content-Type-Options: nosniff
{"errorNo":"0","user_Name":"18368868043","switch":"0"}GET /antimoneylaundering/query/searchHomePage HTTP/1.1
1598
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
