【问题标题】:How do I turn off JSESSIONID in Tomcat/Spring Boot when I am only sending a redirect?当我只发送重定向时,如何在 Tomcat/Spring Boot 中关闭 JSESSIONID?
【发布时间】:2018-05-17 20:13:52
【问题描述】:

当我只发送重定向时,如何阻止 Tomcat 发送 JSESSIONID cookie?我根本不访问.getSession()

@RequestMapping(value = "/*")
public void doUrlRequest(final HttpServletRequest request, HttpServletResponse response) {
  ...
  if (redirect != null) response.sendRedirect(redirect);

控制台

$ curl -i localhost:8080/aaa                                                                                                                                                                               HTTP/1.1 302
Set-Cookie: JSESSIONID=A38FE0B0703F4241414BD8DEF646A2BA; Path=/; HttpOnly
Location: http://localhost:8080/errorNonMobile
Content-Length: 0
Date: Thu, 17 May 2018 19:55:49 GMT

我试过了

request.getServletContext().setSessionTrackingModes(Collections.singleton(SessionTrackingMode.URL));

但它出错了

java.lang.IllegalStateException: 上下文运行时无法设置上下文 [] 的会话跟踪模式

我需要另一条路径的会话。我无法为整个应用程序关闭它。我只想为这个请求处理程序关闭它。

【问题讨论】:

    标签: java spring spring-boot tomcat


    【解决方案1】:

    我通过在控制器上评论 @Scope 标记将其关闭。

    @Controller
    //@Scope("session")
    @ApiIgnore
    public class MyUrlController implements ErrorController {
    

    https://docs.spring.io/spring/docs/current/javadoc-api/org/springframework/context/annotation/Scope.html

    https://docs.spring.io/spring/docs/current/javadoc-api/org/springframework/web/context/WebApplicationContext.html#SCOPE_SESSION

    $ curl -i localhost:8080/aaa
    HTTP/1.1 302
    Location: http://localhost:8080/errorNonMobile
    Content-Length: 0
    Date: Thu, 17 May 2018 21:26:25 GMT
    

    【讨论】:

      猜你喜欢
      • 2018-11-26
      • 1970-01-01
      • 2015-09-09
      • 1970-01-01
      • 2017-09-12
      • 1970-01-01
      • 2015-11-01
      • 2017-12-25
      • 1970-01-01
      相关资源
      最近更新 更多