修改cookieName从SESSION为JSESSIONID

最新推荐文章于 2024-09-19 10:27:01 发布
最新推荐文章于 2024-09-19 10:27:01 发布
阅读量1.7k 收藏 2
点赞数
分类专栏: 问题汇集 Java 文章标签: java redis spring session
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_43145299/article/details/107911297
版权

当不使用redis的时候,键名为 JSESSIONID
当使用redis的时候,键名为 SESSION

环境 spring-security、spring-session-data-redis

    <!--配置文件中指定cookieName为JSESSIONID ,同步于.net客户端中代码JSESSIONID-->
    <bean id="defaultCookieSerializer"
          class="org.springframework.session.web.http.DefaultCookieSerializer">
        <property name="cookieName" value="JSESSIONID"/>
        <property name="cookiePath" value="/"/>
    </bean>

修改后的效果图:
在这里插入图片描述

源码分析

/*
 * Copyright 2002-2015 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.springframework.session.web.http;

import java.util.ArrayList;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import javax.servlet.ServletRequest;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * The default implementation of {@link CookieSerializer}
 *
 * @author Rob Winch
 * @since 1.1
 */
public class DefaultCookieSerializer implements CookieSerializer {

    // 这里指定了,默认的cookieName为SESSION,可以在配置文件中修改
	private String cookieName = "SESSION";

	private Boolean useSecureCookie;

	private boolean useHttpOnlyCookie = isServlet3();

	private String cookiePath;

	private int cookieMaxAge = -1;

	private String domainName;

	private Pattern domainNamePattern;

	private String jvmRoute;

	/*
	 * (non-Javadoc)
	 * @see org.springframework.session.web.http.CookieSerializer#readCookieValues(javax.servlet.http.HttpServletRequest)
	 */
	public List<String> readCookieValues(HttpServletRequest request) {
		Cookie cookies[] = request.getCookies();
		List<String> matchingCookieValues = new ArrayList<String>();
		if (cookies != null) {
			for (Cookie cookie : cookies) {
				if (cookieName.equals(cookie.getName())) {
					String sessionId = cookie.getValue();
					if(sessionId == null) {
						continue;
					}
					if(jvmRoute != null && sessionId.endsWith(jvmRoute)) {
						sessionId = sessionId.substring(0, sessionId.length() - jvmRoute.length());
					}
					matchingCookieValues.add(sessionId);
				}
			}
		}
		return matchingCookieValues;
	}

	/*
	 * (non-Javadoc)
	 * @see
	 * org.springframework.session.web.http.CookieWriter#writeCookieValue(org.
	 * springframework.session.web.http.CookieWriter.CookieValue)
	 */
	public void writeCookieValue(CookieValue cookieValue) {
		HttpServletRequest request = cookieValue.getRequest();
		HttpServletResponse response = cookieValue.getResponse();

		String requestedCookieValue = cookieValue.getCookieValue();
		String actualCookieValue = jvmRoute == null ? requestedCookieValue : requestedCookieValue + jvmRoute;

		Cookie sessionCookie = new Cookie(cookieName, actualCookieValue);
		sessionCookie.setSecure(isSecureCookie(request));
		sessionCookie.setPath(getCookiePath(request));
		String domainName = getDomainName(request);
		if (domainName != null) {
			sessionCookie.setDomain(domainName);
		}

		if (useHttpOnlyCookie) {
			sessionCookie.setHttpOnly(true);
		}

		if ("".equals(requestedCookieValue)) {
			sessionCookie.setMaxAge(0);
		} else {
			sessionCookie.setMaxAge(cookieMaxAge);
		}

		response.addCookie(sessionCookie);
	}

	/**
	 * Sets if a Cookie marked as secure should be used. The default is to use
	 * the value of {@link HttpServletRequest#isSecure()}.
	 *
	 * @param useSecureCookie
	 *            determines if the cookie should be marked as secure.
	 */
	public void setUseSecureCookie(boolean useSecureCookie) {
		this.useSecureCookie = useSecureCookie;
	}

	/**
	 * Sets if a Cookie marked as HTTP Only should be used. The default is true
	 * in Servlet 3+ environments, else false.
	 *
	 * @param useHttpOnlyCookie
	 *            determines if the cookie should be marked as HTTP Only.
	 */
	public void setUseHttpOnlyCookie(boolean useHttpOnlyCookie) {
		if(useHttpOnlyCookie && !isServlet3()) {
			throw new IllegalArgumentException("You cannot set useHttpOnlyCookie to true in pre Servlet 3 environment");
		}
		this.useHttpOnlyCookie = useHttpOnlyCookie;
	}

	private boolean isSecureCookie(HttpServletRequest request) {
		if (useSecureCookie == null) {
			return request.isSecure();
		}
		return useSecureCookie;
	}

	/**
	 * Sets the path of the Cookie. The default is to use the context path from
	 * the {@link HttpServletRequest}.
	 *
	 * @param cookiePath
	 *            the path of the Cookie. If null, the default of the context
	 *            path will be used.
	 */
	public void setCookiePath(String cookiePath) {
		this.cookiePath = cookiePath;
	}

	public void setCookieName(String cookieName) {
		if (cookieName == null) {
			throw new IllegalArgumentException("cookieName cannot be null");
		}
		this.cookieName = cookieName;
	}

	/**
	 * Sets the maxAge property of the Cookie. The default is -1 which signals
	 * to delete the cookie when the browser is closed.
	 *
	 * @param cookieMaxAge
	 *            the maxAge property of the Cookie
	 */
	public void setCookieMaxAge(int cookieMaxAge) {
		this.cookieMaxAge = cookieMaxAge;
	}

	/**
	 * Sets an explicit Domain Name. This allow the domain of "example.com" to
	 * be used when the request comes from www.example.com. This allows for
	 * sharing the cookie across subdomains. The default is to use the current
	 * domain.
	 *
	 * @param domainName
	 *            the name of the domain to use. (i.e. "example.com")
	 * @throws IllegalStateException if the domainNamePattern is also set
	 */
	public void setDomainName(String domainName) {
		if (this.domainNamePattern != null) {
			throw new IllegalStateException("Cannot set both domainName and domainNamePattern");
		}
		this.domainName = domainName;
	}

	/**
	 * <p>
	 * Sets a case insensitive pattern used to extract the domain name from the
	 * {@link HttpServletRequest#getServerName()}. The pattern should provide a
	 * single grouping that defines what the value is that should be matched.
	 * User's should be careful not to output malicious characters like new
	 * lines to prevent from things like
	 * <a href= "https://www.owasp.org/index.php/HTTP_Response_Splitting">HTTP
	 * Response Splitting</a>.
	 * </p>
	 *
	 * <p>
	 * If the pattern does not match, then no domain will be set. This is useful
	 * to ensure the domain is not set during development when localhost might
	 * be used.
	 * </p>
	 * <p>
	 * An example value might be "^.+?\\.(\\w+\\.[a-z]+)$". For the given input,
	 * it would provide the following explicit domain (null means no domain name
	 * is set):
	 * </p>
	 *
	 * <ul>
	 * <li>example.com - null</li>
	 * <li>child.sub.example.com - example.com</li>
	 * <li>localhost - null</li>
	 * <li>127.0.1.1 - null</li>
	 * </ul>
	 *
	 * @param domainNamePattern
	 *            the case insensitive pattern to extract the domain name with
	 * @throws IllegalStateException if the domainName is also set
	 */
	public void setDomainNamePattern(String domainNamePattern) {
		if (this.domainName != null) {
			throw new IllegalStateException("Cannot set both domainName and domainNamePattern");
		}
		this.domainNamePattern = Pattern.compile(domainNamePattern, Pattern.CASE_INSENSITIVE);
	}

	/**
	 * <p>
	 * Used to identify which JVM to route to for session affinity. With some
	 * implementations (i.e. Redis) this provides no performance benefit.
	 * However, this can help with tracing logs of a particular user. This will ensure that the value of the cookie is formatted as
	 * </p>
	 * <code>
	 * sessionId + "." jvmRoute
	 * </code>
	 * <p>
	 * To use set a custom route on each JVM instance and setup a frontend proxy
	 * to forward all requests to the JVM based on the route.
	 * </p>
	 *
	 * @param jvmRoute
	 *            the JVM Route to use (i.e. "node01jvmA", "n01ja", etc)
	 */
	public void setJvmRoute(String jvmRoute) {
		this.jvmRoute = "." + jvmRoute;
	}

	private String getDomainName(HttpServletRequest request) {
		if (domainName != null) {
			return domainName;
		}
		if (domainNamePattern != null) {
			Matcher matcher = domainNamePattern.matcher(request.getServerName());
			if (matcher.matches()) {
				return matcher.group(1);
			}
		}
		return null;
	}

	private String getCookiePath(HttpServletRequest request) {
		if (cookiePath == null) {
			return request.getContextPath() + "/";
		}
		return cookiePath;
	}

	/**
	 * Returns true if the Servlet 3 APIs are detected.
	 *
	 * @return
	 */
	private boolean isServlet3() {
		try {
			ServletRequest.class.getMethod("startAsync");
			return true;
		} catch (NoSuchMethodException e) {
		}
		return false;
	}
}
仰望星空的脚踏实地
关注
专栏目录
Tomcat 中的 SessionCookie
编程知识分享
06-03 323
HTTP 是一种无状态通信协议,每个请求之间相互独立,服务器不能识别曾经来过的请求。而对于 Web 应用,它的活动都是依赖某个状态的,比如用户登录,此时使用 HTTP 就需要它在一次登录请求后,有为后续请求提供已登录信息的能力。本文首发于公众号顿悟源码. 解决办法就是使用Cookie,它由服务器返回给浏览器,浏览器缓存并在每次请求时将 cookie 数据提交到服务器。Cookies 在请求中以...
html获取session的值_开发中你一定碰到过cookiesession问题,今天一并帮你解决!
weixin_39608988的博客
11-19 872
一、会话的概念会话可简单理解为:用户开一个浏览器,点击多个超链接,访问服务器多个web资源,然后关闭浏览器,整个过程称之为一个会话。二、会话过程中要解决的一些问题每个用户在使用浏览器与服务器进行会话的过程中,不可避免各自会产生一些数据,程序要想办法为每个用户保存这些数据。三、保存会话数据的两种技术1、CookieCookie意为"甜饼",是由W3C组织提出,最早由Netscape社区发展的一种机制...
jsessionid
热门推荐
Crack The World
10-29 2万+
在服务器端,我们用惯了session.setAttribute("",userInfo)这样的一行代码,估计你很少想到:服务器与浏览器之间是如何保持会话状态的。好了,先引用一些文章的精彩片段:http://www.xxx.com/xxx_app;jsessionid=xxxxxxxxxx?a=x&b=x。 这跟一般的url基本一样,只有一个地方有区别,那就是“;jessionid=xxxxxxx
tomcat修改jsessionidcookie中的名称
weixin_41729242的博客
07-14 621
同一台server部署多个tomcat,每个tomcat里部署了同一个app作为不同的环境,在同一个浏览器同事访问不同环境的时候,session会混乱如下 :server1 登录>产生session ID>回传给客户端浏览器 > 客户端进行接下来的操作,request默认会加上JSESSIONID,就是回传的session ID, tomcat根据request里的session ID判断要不要新...
Cookie的所有属性详解
最新发布
tian830937的专栏
09-19 102
转载:https://blog.csdn.net/qq_39834073/article/details/107808959。
JAVA 修改 JSESSIONID
amg63834的博客
09-10 2015
@Action("sidTest") public void sidTest() { HttpSession session = request.getSession(); String id=getParameter("sid"); Cookie cookie=new Cookie("JS...
tomcat在server.xml修改默认session名称
CHE墨心的博客
02-12 6671
问题描述: 我们程序因为某种原因需要调用另一个程序新打开一个页面。于是在一台主机中架了两个tomcat,现在后台管理需要加一个预览按钮,于是用window.open打开显示相关界面也就是说http://192.168.0.200:8080中有一个网页用window.open打开http://192.168.0.200:8081的一个界面。会出现session丢失的情况,(父窗口的session
tomcat多域名共享cookie,共享session以及修改sessionCookieName的解决方案
weixin_30562507的博客
04-17 329
参考:http://497155382.blog.163.com/blog/static/1949123201391694020/ 转载于:https://www.cnblogs.com/hihtml5/p/6722411.html
单点登陆Redis存储session(重点)
Richard_666的博客
12-12 442
1、cookie里面存放的jsessionid就是session里面存的session.getId();session里面存放的是用户登陆信息,也就是我们常说的token值 第一次登陆到tomcat1获得jsessionid和第二次到tomcat2获得jessionid肯定是不一样的 解决方案: 将第一次登陆的sessionid(也就是token)以loginToken为健存储到r...
java回顾:cookiesession
m0_56678122的博客
11-10 350
cookiesession
HTTP状态管理机制Cookiesession
java编程学习_java基础教程_booyzhang的博客
05-27 258
状态管理概述 HTTP协议是无状态的,不能保存每次提交的信息,即当服务器返回与请求相对应的应答之后,这次事务的所有信息就丢掉了。 如果用户发来一个新的请求,服务器无法知道它是否与上次的请求有联系。 对于那些需要多次提交数据才能完成的Web操作,比如登录来说,就成问题了。 什么是状态管理 WEB应用中的会话是指一个客户端浏览器与WEB服务器之间连续发生的一系列请求和响应过程。 WEB应用的会话状态是指WEB服务器与浏览器在会话过程中产生的状态信息,借助会话状态,WEB服务器能够把属于同一会话中的一系列的请求和
web 浏览器 JSESSIONID 名称被覆盖问题修复 项目一的cookie默认名称是JSESSIONID
MRchen009的博客
04-23 805
项目一的cookie默认名称是JSESSIONID 项目二的cookie默认名称也是JSESSIONID 导致JSESSIONID value值被覆盖 导致其中一个需要重新登录 项目二的cookie 决绝方案: 在application.yml 配置如下信息就可以防止被覆盖了 server: port: 8081 servlet: session: cookie...
【笔记】关于我不喜欢Shiro生成默认CookieJSESSIONID,我想修改为其他key的哪些事
深渊码头
01-27 1081
修改Shiro默认CookieJSESSIONID修改JSESSIONID为其他名称
sessionCookieJSESSIONID
一只苟延残喘的卑微蝼蚁
05-09 5269
&lt;% Cookie cookie = new Cookie("userName", "zhangsan"); cookie.setMaxAge(30 * 24 * 60 * 60); //保存30天//  cookie.setDomain(".baidu.com");//    cookie.setPath("/");//  cookie.setDomain("...
springboot替换sessoinid
qq_33564365的博客
03-31 367
ackage com.xx.config; import org.springframework.session.web.http.DefaultCookieSerializer; public class MyCookieSerializer extends DefaultCookieSerializer { private String cookieName = "xxsession"; public MyCookieSerializer(){ .
http请求中没有set-cookie,却产生了jsessionid;tomcat产生两个sessionid,一个是自定义的sessionid(customSessionId),一个是默认的jsess
wangjun5159的专栏
12-19 1万+
背景项目使用了spring session,并用redis存储,以实现分布式环境下session同步;查看dev tools—>network时发现,有两个sessionid,一个是spring session中指定的customSessionId,一个是tomcat默认jsessionid
关于使用会话追踪(session tracking)
xiaobashagua的专栏
12-20 309
关于使用会话追踪(session tracking) To associate a session with a user, a web container can use several methods, all of which involve passing an identifier between the client and the server. The identifier c...
Cookie中的JSESSIONID说明
qq_42449963的博客
07-28 4084
事实上当用户访问服务器的时候会为每一个用户开启一个session,浏览器是怎么判断这个session到底是属于哪个用户呢?换句话说服务器识别session的方法是通过jsessionid来告诉服务器该客户端的session在内存的什么地方。注意此cookie由于没有设置cookie有效日期,所以在关闭浏览器的情况下会丢失掉这个cookie。浏览器会根据响应头的set-cookie信息设置浏览器的cookie并保存之。不难发现这个的jsessionid和上面的jsessionid是一样的。......
Springboot 修改cookiename 获取session
05-11
修改Cookie名称并在Spring Boot中获取会话,可以按照以下步骤操作: 1. 在Spring Boot配置文件中添加以下属性: ``` server.servlet.session.cookie.name=NEW_COOKIE_NAME ``` 2. 创建一个控制器来获取会话并...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值