【发布时间】:2021-03-20 19:58:02
【问题描述】:
我有一个重定向到支付提供商的 Spring MVC 应用程序,但在返回时会创建一个新会话。我有一个 HttpSessionListener,我可以看到旧会话没有被删除,而是创建了一个新会话。
应用程序使用 Spring MVC、Spring WebFlow 和 Spring Security。
谁能帮我解决这个问题?
谢谢。
1 在导航到支付提供商之前
请求
GET /my-web/registration/create/new?execution=e1s5 HTTP/1.1
Host: localhost:61611
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: http://localhost:61611/my-web/registration/create/new?execution=e1s4
Accept-Encoding: gzip, deflate, br
Accept-Language: en-IE,en-US;q=0.9,en;q=0.8,la;q=0.7
Cookie: JSESSIONID=tramjzpvaxingk1wg4cnard
回应
HTTP/1.1 200 OK
Content-Language: en
Content-Type: text/html; charset=utf-8
Cache-Control: no-store
Transfer-Encoding: chunked
Server: Jetty(6.1.26)
2 在支付提供商页面上
请求
POST /payment HTTP/1.1
Host: payment-web-sogenactif.test.sips-atos.com
Connection: keep-alive
Content-Length: 7632
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://localhost:61611
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: http://localhost:61611/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-IE,en-US;q=0.9,en;q=0.8,la;q=0.7
Cookie: JSESSIONID=mp4ukQkbRL1dKvvvg9FtqSQWDYWCs30f_zGHIdld.11v;
PAYPAGE_SESSIONID=mp4ukQkbRL1dKvvvg9FtqSQWDYWCs30f_zGHIdld.11v
回应
HTTP/1.1 302 Found
Date: Thu, 10 Dec 2020 18:27:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Location: https://payment-web-sogenactif.test.sips- atos.com/en/payment/card/capturecarddetails/ppc0
Content-Length: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Set-Cookie: TS0170356f=013ca44a14a8f201e44f6f74d9c0ace0601b54972bf23c249719fac2d994b1425d459d88e58dd7e559b8e931405f2107ea54a0003c; Path=/; Secure; HTTPOnly
3 支付服务商退货时
请求
POST /my-web/payment/paypage/manual/response/L2lyLXdlYi9yZWdpc3RyYXRpb24vY3JlYXRlL25ldz9leGVjdXRpb249ZTFzNQ==/YWI3ZGEyOTMtMzhjOC00YjgwLWJlNTYtZDAxYjc3OGQ4MTJl HTTP/1.1
Host: localhost:61611
Connection: keep-alive
Content-Length: 3760
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: null
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-IE,en-US;q=0.9,en;q=0.8,la;q=0.7
回应
Content-Length: 0
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Location: http://localhost:61611/my-web/registration/create/new?cacheKey=YWI3ZGEyOTMtMzhjOC00YjgwLWJlNTYtZDAxYjc3OGQ4MTJl
Server: Jetty(6.1.26)
Set-Cookie: JSESSIONID=12ev6ciac4on91rondlvyrlycq;Path=/my-web;HttpOnly
初始请求
一般
Request URL: http://localhost:61611/my-web/
Request Method: GET
Status Code: 302 Found
Remote Address: [::1]:61611
Referrer Policy: strict-origin-when-cross-origin
响应标头
HTTP/1.1 302 Found
Location: http://localhost:61611/my-web/home
Content-Length: 0
Server: Jetty(6.1.26)
请求标头
GET /my-web/ HTTP/1.1
Host: localhost:61611
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: http://localhost:61611/my-web/loginPortal
Accept-Encoding: gzip, deflate, br
Accept-Language: en-IE,en-US;q=0.9,en;q=0.8,la;q=0.7
Cookie: JSESSIONID=1qh2n4brclop3we7t5q7vyhfg
我认为这是问题所在:
当重定向起作用时,这是响应:
HTTP/1.1 302 Found
Location: http://localhost:61611/my-web/registration/create/new? cacheKey=ZGEzYjkxZjEtZGUwNi00MDQyLWIxN2ItYmVkYmNjMjI2YmE0
Content-Length: 0
Server: Jetty(6.1.26)
当它失败时,响应有一个新的 JSESSIONID
HTTP/1.1 302 Found
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Location: http://localhost:61611/my-web/registration/create/new?cacheKey=YmU5MjA4YWYtYzdhNy00ZDVjLTlmYTktNDYxNjI1N2FhMDRj
Set-Cookie: JSESSIONID=cmfsckwzljs5lme1csuragqu;Path=/ir-web;HttpOnly
Content-Length: 0
Server: Jetty(6.1.26)
【问题讨论】:
标签: spring spring-mvc spring-security