标签:
如果用户浏览器设置的阻止cookie,当服务器完成登录后,并标记当前session已登录,那么在浏览器进入转向页面时,可能出现引入js无法下载,点击页面中超链接后提示用户未登录。
使用response.encodeURL(“url”)。
<script type="text/javascript" src="<%=response.encodeURL("jquery/jquery-min.js") %>" charset="UTF-8"></script> <a href="<%=response.encodeURL("download.do?id=1") %>">下载文件</>最终渲染到浏览器时,查看源代码,内容变为:
<script type="text/javascript" src="jquery/jquery-min.js;jsessionid=FEF549911390D7ADC6E85D06128405CF" charset="UTF-8"></script> <a href="download.do;jsessionid=FEF549911390D7ADC6E85D06128405CF?id=1">下载文件</>
/** * Wrapper object for the Coyote request. * * @author Remy Maucherat * @author Craig R. McClanahan * @version $Revision: 1.37 $ $Date: 2004/06/07 16:54:58 $ */ public class CoyoteRequest implements HttpRequest, HttpServletRequest { /** * Return the session associated with this Request, creating one * if necessary. */ public HttpSession getSession() { return (getSession(true)); } /** * Return the session associated with this Request, creating one * if necessary and requested. * * @param create Create a new session if one does not exist */ public HttpSession getSession(boolean create) { return doGetSession(create); } protected HttpSession doGetSession(boolean create) { // There cannot be a session if no context has been assigned yet if (context == null) return (null); // Return the current session if it exists and is valid if ((session != null) && !session.isValid()) session = null; if (session != null) return (session.getSession()); // Return the requested session if it exists and is valid Manager manager = null; if (context != null) manager = context.getManager(); if (manager == null) return (null); // Sessions are not supported if (requestedSessionId != null) { try { session = manager.findSession(requestedSessionId); } catch (IOException e) { session = null; } if ((session != null) && !session.isValid()) session = null; if (session != null) { session.access(); return (session.getSession()); } } // Create a new session if requested and the response is not committed if (!create) return (null); if ((context != null) && (response != null) && context.getCookies() && response.getResponse().isCommitted()) { throw new IllegalStateException (sm.getString("coyoteRequest.sessionCreateCommitted")); } //***************************** // mahh 就是此时在创建session //***************************** session = manager.createSession(); // Creating a new session cookie based on that session if ((session != null) && (getContext() != null) && getContext().getCookies()) { Cookie cookie = new Cookie(Globals.SESSION_COOKIE_NAME, session.getId()); configureSessionCookie(cookie); ((HttpServletResponse) response).addCookie(cookie); } if (session != null) { session.access(); return (session.getSession()); } else { return (null); } } /** * Configures the given JSESSIONID cookie. * * @param cookie The JSESSIONID cookie to be configured */ protected void configureSessionCookie(Cookie cookie) { cookie.setMaxAge(-1); String contextPath = null; if (getContext() != null) { contextPath = getContext().getPath(); } if ((contextPath != null) && (contextPath.length() > 0)) { cookie.setPath(contextPath); } else { cookie.setPath("/"); } if (isSecure()) { cookie.setSecure(true); } } }
/** * Minimal implementation of the <strong>Manager</strong> interface that supports * no session persistence or distributable capabilities. This class may * be subclassed to create more sophisticated Manager implementations. * * @author Craig R. McClanahan * @version $Revision: 1.27 $ $Date: 2004/05/26 16:13:59 $ */ public abstract class ManagerBase implements Manager, MBeanRegistration { /** * Construct and return a new session object, based on the default * settings specified by this Manager's properties. The session * id will be assigned by this method, and available via the getId() * method of the returned session. If a new session cannot be created * for any reason, return <code>null</code>. * * @exception IllegalStateException if a new session cannot be * instantiated for any reason */ public Session createSession() { // Recycle or create a Session instance Session session = createEmptySession(); // Initialize the properties of the new session and return it session.setNew(true); session.setValid(true); session.setCreationTime(System.currentTimeMillis()); session.setMaxInactiveInterval(this.maxInactiveInterval); String sessionId = generateSessionId(); String jvmRoute = getJvmRoute(); // @todo Move appending of jvmRoute generateSessionId()??? if (jvmRoute != null) { sessionId += '.' + jvmRoute; } synchronized (sessions) { while (sessions.get(sessionId) != null){ // Guarantee uniqueness duplicates++; sessionId = generateSessionId(); // @todo Move appending of jvmRoute generateSessionId()??? if (jvmRoute != null) { sessionId += '.' + jvmRoute; } } } session.setId(sessionId); sessionCounter++; return (session); } /** * Get a session from the recycled ones or create a new empty one. * The PersistentManager manager does not need to create session data * because it reads it from the Store. */ public Session createEmptySession() { return (getNewSession()); } /** * Get new session class to be used in the doLoad() method. */ protected StandardSession getNewSession() { return new StandardSession(this); } }
public abstract class ManagerBase implements Manager, MBeanRegistration { /** * The set of currently active Sessions for this Manager, keyed by * session identifier. */ protected HashMap sessions = new HashMap(); }
/** * Implementation of a request processor which delegates the processing to a * Coyote processor. * * @author Craig R. McClanahan * @author Remy Maucherat * @version $Revision: 1.26 $ $Date: 2004/05/14 11:00:25 $ */ public class CoyoteAdapter implements Adapter { private static Log log = LogFactory.getLog(CoyoteAdapter.class); /** * The match string for identifying a session ID parameter. */ private static final String match = ";" + Globals.SESSION_PARAMETER_NAME + "="; /** * Parse session id in URL. */ protected void parseSessionId(Request req, CoyoteRequest request) { CharChunk uriCC = req.decodedURI().getCharChunk(); int semicolon = uriCC.indexOf(match, 0, match.length(), 0); if (semicolon > 0) { // Parse session ID, and extract it from the decoded request URI int start = uriCC.getStart(); int end = uriCC.getEnd(); int sessionIdStart = start + semicolon + match.length(); int semicolon2 = uriCC.indexOf(';', sessionIdStart); if (semicolon2 >= 0) { request.setRequestedSessionId (new String(uriCC.getBuffer(), sessionIdStart, semicolon2 - semicolon - match.length())); } else { request.setRequestedSessionId (new String(uriCC.getBuffer(), sessionIdStart, end - sessionIdStart)); } request.setRequestedSessionURL(true); // Extract session ID from request URI ByteChunk uriBC = req.requestURI().getByteChunk(); start = uriBC.getStart(); end = uriBC.getEnd(); semicolon = uriBC.indexOf(match, 0, match.length(), 0); if (semicolon > 0) { sessionIdStart = start + semicolon; semicolon2 = uriCC.indexOf (';', start + semicolon + match.length()); uriBC.setEnd(start + semicolon); byte[] buf = uriBC.getBuffer(); if (semicolon2 >= 0) { for (int i = 0; i < end - start - semicolon2; i++) { buf[start + semicolon + i] = buf[start + i + semicolon2]; } uriBC.setBytes(buf, start, semicolon + (end - start - semicolon2)); } } } else { request.setRequestedSessionId(null); request.setRequestedSessionURL(false); } } /** * Parse session id in URL. */ protected void parseSessionCookiesId(Request req, CoyoteRequest request) { // Parse session id from cookies Cookies serverCookies = req.getCookies(); int count = serverCookies.getCookieCount(); if (count <= 0) return; for (int i = 0; i < count; i++) { ServerCookie scookie = serverCookies.getCookie(i); if (scookie.getName().equals(Globals.SESSION_COOKIE_NAME)) { // Override anything requested in the URL if (!request.isRequestedSessionIdFromCookie()) { // Accept only the first session id cookie request.setRequestedSessionId (scookie.getValue().toString()); request.setRequestedSessionCookie(true); request.setRequestedSessionURL(false); if (log.isDebugEnabled()) log.debug(" Requested cookie session id is " + ((HttpServletRequest) request.getRequest()) .getRequestedSessionId()); } else { if (!request.isRequestedSessionIdValid()) { // Replace the session id until one is valid request.setRequestedSessionId (scookie.getValue().toString()); } } } } } }
public final class Globals { /** * The name of the cookie used to pass the session identifier back * and forth with the client. */ public static final String SESSION_COOKIE_NAME = "JSESSIONID"; /** * The name of the path parameter used to pass the session identifier * back and forth with the client. */ public static final String SESSION_PARAMETER_NAME = "jsessionid"; }
public class CoyoteResponse implements HttpResponse, HttpServletResponse { protected CoyoteRequest request = null; /*******************在此隐藏N行******/ /** * Encode the session identifier associated with this response * into the specified URL, if necessary. * * @param url URL to be encoded */ public String encodeURL(String url) { String absolute = toAbsolute(url); if (isEncodeable(absolute)) { HttpServletRequest hreq = (HttpServletRequest) request.getRequest(); // W3c spec clearly said if (url.equalsIgnoreCase("")){ url = absolute; } return (toEncoded(url, hreq.getSession().getId())); } else { return (url); } } /** * Return the specified URL with the specified session identifier * suitably encoded. * * @param url URL to be encoded with the session id * @param sessionId Session id to be included in the encoded URL */ private String toEncoded(String url, String sessionId) { if ((url == null) || (sessionId == null)) return (url); String path = url; String query = ""; String anchor = ""; int question = url.indexOf('?'); if (question >= 0) { path = url.substring(0, question); query = url.substring(question); } int pound = path.indexOf('#'); if (pound >= 0) { anchor = path.substring(pound); path = path.substring(0, pound); } StringBuffer sb = new StringBuffer(path); if( sb.length() > 0 ) { // jsessionid can't be first. sb.append(";jsessionid="); sb.append(sessionId); } sb.append(anchor); sb.append(query); return (sb.toString()); } }
Tomcat部署应用,客户端阻止cookie时,成功登录后,还是出现登录失败的问题解决
标签:
原文地址:http://blog.csdn.net/asiaasia666/article/details/45873707