url中的jsessionid解释 - sizhefang - ITeye博客
博客分类：
这是一个保险措施
因为Session默认是需要Cookie支持的
但有些客户浏览器是关闭Cookie的
这个时候就需要在URL中指定服务器上的session标识,也就是5FCBE13C4C
用一个方法(忘了方法的名字)处理URL串就可以得到这个东西
这个方法会判断你的浏览器是否开启了Cookie,如果他认为应该加他就会加上去
链接1：wapbrowse.jsp?curAlbumID=9 ；
链接2:wapbrowse.jsessionid=5ACD5D1FDF5D41E9F2FD960?curAlbumID=9；
这两个链接是从模拟器运行时生成的source中拷贝过来的，两个链接都是指向wapbrowse.jsp,链接1由于不包含jsessionid,所以在wapbrowse.jsp中变量为null,通过链接2打开wapbrowse.jsp可以正常访问session 变量
URL重写功能,为了防止一些用户把Cookie禁止而无法使用session而设置的功能.jsessionid后面的一长串就是你服务器上的session的ID号,这样无需cookie也可以使用session.
http本身是无session的，无法跟踪客户端的信息，换句话说：http协议不管是谁联接自己。
为了实现session，必须有浏览器支持。浏览器可以用cookie存储session，这是最通用的做法。
但是，如果我自己写一个完全符合http协议的浏览器，但是不配合服务器的session要求，那么服务器就无法产生session。
好在现在的浏览器都支持session要求，即使关闭了cookie，浏览器也会向服务器传递sessionid，这个id是存储在浏览器的内存空间中的，不保存在硬盘cookie中。
sessionid是作为一个临时cookie放在浏览器端的。
session的具体信息放在服务器端。
每次浏览器发出的请求，都会在http header里 带上 sessionid来标识自己。
既然用Struts，顺便再把JSTL用上，
下面一个非常有用的标签：
清单 12. 操作的语法
&&& var="name" scope="scope"&
&
URL 重写是由 操作自动执行的。如果 JSP 容器检测到一个存储用户当前会话标识的 cookie，那么就不必进行重写。但是，如果不存在这样的 cookie，那么 生成的所有 URL 都会被重写以编码会话标识。注：如果在随后的请求中存在适当的 cookie，那么 将停止重写 URL 以包含该标识。
参考：http://www-/developerWorks/cn/java/j-jstl0318/index.shtml
方法一：url中紧跟servlet/jsp文件名加;jsessionid=sessionId，其中sessionId由HttpSession.getId()得到，如http://localhost:8080/aaa/bbb.jsessionid=saldjfsdflsaeir234?para=1?2=2
方法二：在application(ServletContext)里保存一个session管理器HashMap:sessionId---sessionRef，这样可以在所有的servlet/jsp里调用，这需要在url里将sessionId以参数形式传递，如http://localhost:8080/aaa/bbb.jsp?sessionId=saldjfsdflsaeir234?para=1?2=2，在服务器端用request.getParameter("sessionId")获取
session是在服务器端保存。服务器根据url请求中的session_id来查找对应的session。
以一个bbs为例，网站需要根据每个请求url获取用户的信息，如果以cookie方式，用户信息全部是存放在cookie中的，这样可能会不安全；如果以session方式，用户信息可以存放在服务器端，服务器只要从http请求中得到session_id，就可以得到存放在session中的用户信息了，这样安全性比较高。session在服务器中的表现方式依服务器而定，可能是写到临时文件中，也可能直接放在内存中。
服务器从http请求中得到session_id的方式有两种：cookie和url重写。如果客户端启用cookie，那么session_id可以保存在cookie中；如果禁用cookie，就用url重写方式，在url中添加.jsessionid=xxxxx参数部分，服务器会试图从url中得到.jsessionid参数作为session_id.
cookie 是保存在客户端的文本格式数据，session是客户端登录到应用，由服务器为该客户端建立的唯一的标识，可以在session里面保存该客户端的数据比如说用户帐号。
一般cookie可以用来保存你的登录帐号和密码，在你登录到应用服务上，自动添加到登录界面或直接发送到服务器上进行登录，这就是你经常能在论坛上看到的你的登录信息保存一年的选项 的实现方式
在http的报文格式里面cookie和session是在同一个包文位置上的
如果ie发现包文里面包含cookie/session的信息的话，他会根据安全级别来决定是否保存相关信息，比如，如果安全机制允许使用cookie那么ie将把cookie的信息保存到临时文件里面，每次在请求服务器文件的时候会把收到的session的信息加入到请求的报文里面，这就是session保存信息的原理。如果安全机制不允许使用cookie的话，虽然ie收到了cookie和session的信息，那么cookie的信息不会被写入临时文件，当ie再次请求服务器文件的时候，也不会把收到的session的信息加入到请求报文里面，服务器就无法知道session的信息了。
浏览 78047
浏览: 195486 次
来自: 天津
ttp://localhost:8080/aaa/bbb.js ...
楼主，sticky_session是否可以这么理解：我配置了w ...
请教您一个问题，我在请求串后面加上jsessionid，但后台 ...
请问ls，关注过apache能否将session sticky ...Session& Cookie& jsessionid& and Url Rewriting
Session, Cookie, jsessionid, and Url Rewriting
Fault Description:
Personnel management system (A) embedded in the permissions system (B), B system through the Servlet simulated landing, and landing information cached in Session A system has to ensure that the system Sessino A check is successful. Individual users from the B system for the first time to jump through to access Servlet A system, A system of Session efficacy failure. Browser Internate Options -& Privacy is set to low, A System Session efficacy success.
Failure Analysis:
Symptoms and privacy options on your browser. According to the description of the browser privacy options, the option and system related Cookie by HttpLook to get caught, that B system through the Servlet jump, the lack jsessionid information. In addition, the system configuration through HttpSessionListener A listener found that under normal circumstances, only to create a Session, exceptional circumstances, the repeated creation and destruction of Session. Failure problems and the preliminary determination Cookie, jsessionid, Session related.
First, IE privacy options:
Help protect your privacy on the Web
You may already know the Web site may collect information through the use of Cookie Web browsing habits of your information. Internet Explorer 6 can help protect your privacy, it gives you some tools to collect this information to find Web sites and Internet Explorer without your explicit consent in the case of the types of acceptable Cookie.
Internet Explorer 6 can use the following methods to help you protect your privacy:
? Management Cookie. What is a Cookie and learn how to use the Internet Explorer privacy settings to control the Web site without first obtaining your consent to place on your computer which Cookie.
? Check Web site privacy policies. What is the privacy policy and how to use it to help protect your privacy online.
What is a Cookie?
It is not the meaning of the literal. These are Virtual Cookie-This is the Web site on your computer to create a small text file, the files used to store collected information about your site access information, including access to the site, perform the operation and to provide any personal information . Web sites also may allow other Web sites (for example, its advertisers) to place on your computer Cookie (referred to as third-party Cookie).
Cookie is required to use Web Parts. Cookie Web sites use the information to provide personalized content (local news and weather, the hot-selling products, etc.), to complete the transaction (for example, for online banking or shopping), and the collection of statistical data. However, Web site only has access to your
or you only record the operation performed by the site, thus allowing you to remain anonymous.
Told how to manage Internet Explorer Cookie
Internet Explorer gives you a lot of management options for Cookie - from receiving all sent to you to stop all Cookie Cookie (Web use may increase the difficulty.)
The first time when installing Internet Explorer, Internet Explorer settings to moderate level of privacy. The privacy settings allow the use of Cookie, but there are some restrictions - for example, it prevents some third-party Cookie. However, Internet Explorer control to you, so you can further restrict the use of the Cookie, or instructions to accept Internet Explorer Cookie relaxing kind of range.
Privacy settings only affect Web sites in the Internet zone, Internet zone is a place for all Web sites Internet Explorer security zone (unless otherwise specified.) Read about security zones and settings.
1. In Internet Explorer &Tools& menu, click &Internet Options.&
2. Click the &Privacy& tab, and drag the slider to a higher level of privacy (the restrictions on the Cookie greater), or drag the slider to get a lower level of privacy.
&Internet Options& box
Be careful! If you choose to block all Cookie, you may not use the site customization features, and even can not access certain Web sites.
Then the Session, Cookie, jsessionid relationship
On the JSESSIONID cookie and the difference and contact SESSION
In some occasions, like voting, we often required because of the principle of fairness can only cast one vote per person, in a number of WEB development of a similar situation, we usually use this time to achieve COOKIE, such as the following code:
&% Cookie [] cookies = request.getCookies ();
if (cookies.lenght == 0 | | cookies == null) {
doStuffForNewbie ();
/ / Not visited
doStuffForReturnVisitor (); / / already visited the
It is very easy to understand the truth, the existence of detection COOKIE, if that has been written to run the code COOKIE, however, after running the above code, whenever the result is the implementation of doStuffForReturnVisitor (), through the control panel-Internet Options - Settings - View Files has always generated the cookie file can not see, strangely enough, the code is clearly not a problem, but since there are cookie, it would show up to see.
cookie [] cookies = request.getCookies ();
if (cookies.lenght == 0 | | cookies == null)
out.println (&Has not visited this website&);
for (int i = 0; i &cookie. i + +) {
out.println (&cookie name:& + cookies [i]. getName () + &cookie value:& +
cookie [i]. getValue ());
The result:
cookie name: JSESSIONID cookie value: KWJHUG6JJM65HS2K6
Why Huiyou cookie does, we all know, http is stateless protocol, the customer will always read a web page, the server open a new session, but the server does not automatically maintain customer context information, then how can be achieved to online store shopping cart does, session context information is a kind of preservation mechanism, it is per user, the variable's value is stored on the server side, through the SessionID to differentiate between different clients, session cookie or URL rewriting is based, default cookie to implement, the system will create a file named output JSESSIONID cookie, which we call a session cookie, to distinguish between persistent cookies, that is, we usually refer to the cookie, note session cookie is stored in the browser memory , and not written to disk, and this is what we just saw JSESSIONID, we usually can not see JSESSIONID love, but when we ban your browser's cookie after, web server URL rewriting by the way transfer Sessionid, we can see in the address bar like sessionid = KWJHUG6JJM65HS2K6 string.
Understand the principles, we can easily distinguish the persistent cookies and the differences between a session cookie, both those on-line discussion of security also becomes clear, session cookie for a first session, the session will end session cookie vanish, while the persistent cookie is only present in the client section of the text on the hard disk (usually encrypted), and may have been deceived, and cookie for cookie cross-site scripting attacks, natural as session cookie safe.
Session cookie is not usually used across the window, when you open a new browser window to enter the same page, the system will give you a new sessionid, so the purpose of sharing information on our reach, and this time we can put sessionid stored in persistent cookie, and then read out in a new window, you can get a window on the SessionID, and this session cookie and persistent cookie through the combination of our window to achieve a cross-session tracking (session tracking).
Web development in a number of books, often simply the Session and the http cookie as two parallel ways to transfer information, session cookies on the server side, persistent cookie on the client side, but they are cookie-based session, you know The relationship and difference between the two, we can easily choose the appropriate technology to develop a web service.
session cookie and the differences and similarities between the mechanisms
Specifically, the cookie mechanism is used to maintain the state of the client program. It is the client's session state storage mechanism, he needs the user to open the client's cookie support. The role of cookie HTTP protocol is stateless in order to solve the efforts of the defect.
The session is a mechanism used by the client and the server maintain state solution. We also see, the use of server-side program to maintain state on the client also needs to save a logo, so the session mechanism may need the help to save the cookie mechanism to identify the purpose. The session provides a convenient way of managing global variables
session is for each user, the variable value is stored on the server, with a sessionID to distinguish which user session variable, this value is through the user's browser in the time of the visit back to the server, disable the cookie when the client, this values may be set to return to the server get the ground.
To security, there: When you visit a site that uses session, while in their own machine to create a cookie, the server SESSION proposed mechanism safer. Because it does not any Duqu customers store information.
Orthodox cookie distribution is achieved by extending the HTTP protocol, the server's HTTP response headers by adding a line of special instructions to tips browser cookie follow the instructions to generate the corresponding
Point of view from a network server HTTP requests are independent of all previous requests. Means that each HTTP request response is totally dependent on the information contained in the corresponding state management mechanism to overcome some limitations of HTTP, and allows the network client and server-side relationship between the maintenance request. In the period to maintain this relationship is called the session (session).
Cookies are stored on the server on the local machine's small pieces of text and with each request sent to the same server. IETF RFC 2965 HTTP State Management Mechanism is a universal cookie specification. Web server with the HTTP header sent to the client cookies, the client terminal, the browser parsing the cookies and save them as a local file, it automatically tied to any request the same server on the cookies
cookie and session mechanisms and their connection
Specifically, the cookie mechanism is used to maintain the state of the client program, which uses a session mechanism to maintain state on the server side program. We also see, the use of server-side program to maintain state on the client also needs to save a logo, so the session mechanism may need the help to save the cookie mechanism to identify the purpose, but in fact it also has other options.
cookie mechanism. Orthodox cookie distribution is by extending the HTTP protocol to achieve, the server's HTTP response headers by adding a line of special instructions to follow the instructions to prompt the browser generates the appropriate cookie. But pure client-side scripting such as JavaScript or VBScript can also generate the cookie. The use of cookie by the browser in the background according to certain principles automatically sent to the server. Check all stored browser cookie, if a cookie scope of the declaration to be greater than or equal to the location of the requested resource, put the cookie attached to the head of the requested resource HTTP request sent to the server.
cookie's contents include: name, value, expiration time, path and domain. Cookie path and domain together constitute the scope of action. If not set an expiration time, then the lifetime of this cookie for the browser session, close the browser window, cookie disappears. The life of the browser session cookie is called a session of the cookie. The session cookie stored on the hard disk is generally not stored in memory but, of course, that it is not specification. If you set the expiration time, the browser the cookie will be saved to the hard drive, open the browser again closed, the cookie is still valid until the expiration time exceeds the set. Stored in a cookie on your hard disk in a different browser to be shared between processes, such as two IE windows. Stored in memory and for the cookie, different browsers have different approaches
session mechanism. mechanism is a server-side session mechanism, the server uses a hash table is similar to the structure (and probably is to use a hash table) to save the information.
When the program needs for a client's request to create a session, the server first checks the client's request, whether included in a session ID (known as session id), if you have included it indicates the client has previously been created over this session , the server session by session id to search out the use (search not, it will create a new one), if the client request does not contain a session id, then create a session for this client and generate a session associated with this session id , session id value should neither be a repeat, not easy to find the law to copy the string, the session id will be returned in this response to the client saved.
Save the session id of the ways to use cookie, so that the browser in the interactive process can be automatically identified in accordance with the rules of this play to the server. The cookie's name is generally similar to SEEESIONID. But the cookie can be artificially prohibited, there must be other mechanisms to be disabled in the cookie session id is still able to pass back to the server.
Often used a technique called URL rewriting, the session id is appended to the URL path directly behind. There is also a technique known as hidden form fields. Is that the server will automatically change the form, add a hidden field, so when the form is submitted to the session id is passed back to the server. For example:
&form name=&testform& action=&/xxx&&
&input type=&hidden& name=&jsessionid& value=&ByOK3vjFD75aPnrF7C2HmdnV6QZcEbzWoWiBYEnLerjQ99zWpBng!-&&
&input type=&text&&
What is a Url Rewriting?
Server URL rewriting can also be a way to pass the SessionID value, and thus not entirely dependent on Cookie. Cookie is disabled if the client, the server can automatically rewrite the URL of the way through to save the Session value, and the process transparent to the programmer.
Can try, if not write Cookie, in the use of request.getCookies (); out of the Cookie array length is 1, and the Cookie name is JSESSIONID, there is a long binary string, is the SessionID value.
URL rewriting essentially connected by adding parameters to the URL and the session ID as the value contained in the connection. However, in order to make this effective, you need some of your servlet response to add to each connection session ID.
Url rewrite using the Session How?
JSP implementation The session ID is added to a connection can use a pair of ways to simplify: response.encodeURL () so that URL contains the session ID, if you need to use redirects, you can use response.encodeRedirectURL () to be encoded on the URL. encodeURL () and encodeRedirectedURL () method first to determine whether the br if supported, the parameters are returned as URL, session ID cookies to maintain through.
Code Example:
Do not use Url rewriting: &a href=/servelet/userName=awaysrain& Link &/ a&
Url Rewriting using: HttpServletResponse interface through encodeURL () method of encoding.
String MyURL = response.encodeURL (
&A href = &% = myURL%& _fcksavedurl = &&% = myURL%&& _fcksavedurl = &&% = myURL%&& _fcksavedurl = &&% = myURL%&&&
JSTL implementation
&c:url& URL rewriting for session management
&A href = &&c:url value='/content/sitemap.jsp'/&&& View sitemap &/ a&
Struts implementation:
struts configuration file: set attribute redirect, contextRelative
&Forward name = &listArticlesForBlog&
path = &/ template / listArticlesForBlog.jsp&
redirect = &true&
contextRelative = &true& /&
Finally, a more engaging question:
Then the cookie in the browser to allow the case, close the browser cookie does not require the use of the case
url rewriting how?
Context support cookies parameters. Set cookies = &false&, mandatory only from the url parsing sessionid.
Set to true if you want cookies to be used for session identifierContext
communication if supported by the client (this is the default). Set to
false if you want to disable the use of cookies for session identifier
communication, and rely only on URL rewriting by the application.
Troubleshooting:
Jump to A in the B system, the system in use Servlet response.encodeURL () for URL rewriting, troubleshooting.
Remaining issues:
Why Symptom privacy option in the browser under the same circumstances, there will be some normal and some abnormal situation
Please enable JavaScript to view the
1, Content Management System (CMS) About CMS Content Management System is the acronym meaning &content management system.& CMS has many outstanding design based on templates, you can speed up Web development speed and reduce development costs. C
Many R & D team are hoping to find a suitable long-term development of R & D management systems, because R & D management involves a wide range of processes to manage the details and more, and ERP and CRM such closely integrated with business
Open-source organization rights management system (including the AJAX application framework to achieve EOS) (Updated 071,016) Release Date : 00:00:00 Author: goCom Source: goComDevCenter Language: English Reading Views: 28186 times ========
Rights management system open source organizations (including the AJAX application framework to achieve EOS) (updated 071016) Published : 00:00:00 author: goCom Source: goComDevCenter Language: English Reading Views: 28186 times ===========
Abstract: In order to improve the management of university textbooks confusion and complex situations, to improve materials management efficiency to explain the barcode-based college textbook WEB system management applications. System uses the Code39
Element Management Systems Network Element Management System (EMS) The definition of Network Element Management System (EMS) is the management of a specific type of one or more of the telecommunications network element (NE) system. In general, EMS ma
Beijing Buddha Sheng Long Gym Management System (Standard Edition) V9 Beijing Buddha Sheng Long Gym Management System (Standard Edition) V9, Buddha and dragons software specifically developed a set of time-fee golf course management systems, software
TurboCMS2007 Content Management System Overview: Any number of pages is greater than 10 websites need content management, the simplest is the site Webmaster to complete management tasks, he produced all of the pages, and check one of the connection,
System implements a easy to manage and maintain, flexible and feature set fit the actual needs of the document management system. A strict rights management Support for a group license for a department, a position to authorize support for the negativ
Concise style theme management system CMS Features: 1: Unlimited categories. 2: The three characteristics of the theme display. 3: ubb safe storage, adding features editor. 4: full-featured management and expansion of the background 5: All stations i
Copyright (C) , All Rights Reserved.
版权所有 闽ICP备号
processed in 0.040 (s). 14 q(s)