最近面试被问到cookie被禁用,如何保证session的正常使用。之前看过网上的博客,session的读取主要依赖于服务端传递给浏览器设置到cookie的jsessionid,cookie禁用后, 解决方式有两种(分别是表单隐藏域和url重写),今天我们来测试一下两种方式看下是否都可行
测试第一种表单隐藏域的方式:
上java代码
package com.lishu.demo.cookie.test;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@RequestMapping("/test")
@Controller
public class CookieTest {
@RequestMapping("/cookie1")
public String cookie1(HttpServletRequest request,HttpServletResponse response){
//把user信息保存进session
request.getSession().setAttribute("user",123);
//将sessionid获取出来保存进request域中,页面中用fremarker的${}取
request.setAttribute("jsessionid",request.getSession().getId());
return "cookie1";
}
@RequestMapping("/cookie2")
public String cookie2(HttpServletRequest request){
System.out.println("user :" + request.getSession().getAttribute("user"));
return "cookie2";
}
}
上cookie1.ftl代码
<form name="testform" action="/test/cookie2">
<input type="hidden" name="jsessionid" value="${jsessionid}"/>
<input type="submit"/>
</form>
禁用网站cookie后我们点击提交按钮开始测试
结果显示
user:null
user没有取到,说明表单隐藏域传递jsessionid的方式可能已经不被支持了
测试第二种重写URL的方式:
上java代码
package com.lishu.demo.cookie.test;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@RequestMapping("/test")
@Controller
public class CookieTest {
@RequestMapping("/cookie1")
public String cookie1(HttpServletRequest request,HttpServletResponse response){
//把user信息保存进session
request.getSession().setAttribute("user",123);
//encodeURL方法为url重写方法,重写后会在原来的基础上追加jsessionid 例: /test/cookie2;jsessionid=DE8EA4AC8934B2BCB5FC8AC5805BFCAD
request.setAttribute("cookie2Url",response.encodeURL("/test/cookie2"));
return "cookie1";
}
@RequestMapping("/cookie2")
public String cookie2(HttpServletRequest request){
System.out.println("user :" + request.getSession().getAttribute("user"));
return "cookie2";
}
}
上cookie1.ftl代码
<form name="testform" action="${cookie2Url}">
<input type="submit"/>
</form>
禁用网站cookie后我们点击提交按钮开始测试
结果显示
user:123
user取到了,说明重写url的方式是有效的
其实还可以自己去重写url组装 jsessionid(这样的灵活性更好) ,格式: /test/cookie2;jsessionid=DE8EA4AC8934B2BCB5FC8AC5805BFCAD (注意;是英文分号)
上java代码
package com.lishu.demo.cookie.test;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@RequestMapping("/test")
@Controller
public class CookieTest {
@RequestMapping("/cookie1")
public String cookie1(HttpServletRequest request,HttpServletResponse response){
//把user信息保存进session
request.getSession().setAttribute("user",123);
//获取jsessionid,保存到域中用fremarker的${}取
request.setAttribute("jsessionid",request.getSession().getId());
return "cookie1";
}
@RequestMapping("/cookie2")
public String cookie2(HttpServletRequest request){
System.out.println("user :" + request.getSession().getAttribute("user"));
return "cookie2";
}
}
上cookie1.ftl代码
<form name="testform" action="/test/cookie2;jsessionid=${jsessionid}">
<input type="submit"/>
</form>
禁用网站cookie后我们点击提交按钮开始测试
结果显示
user:123
user取到了,说明测试成功了