Using Servlet Sessions in GWT

在 GWT 中使用 Servlet 会话

In the remote service implementation class:

在远程服务实现类中：

String jSessionId=this.getThreadLocalRequest().getSession().getId();

In the client code:

在客户端代码中：

String jSessionId=Cookies.getCookie("JSESSIONID");

Enabling_Sessions

启用_会话

appengine-web.xml

appengine-web.xml

<sessions-enabled>true</sessions-enabled>

No, you shouldn't be rolling your own.

不，你不应该自己滚动。

The session ID needs to be cryptographically random (not guessable from known sources). It's difficult to get this right yourself.

会话 ID 需要加密随机（无法从已知来源猜测）。自己很难做到这一点。

Ideally you should be relying on the underlying framework's session management features. Servlets & JSPs, Struts and Spring have this support, which you should use.

理想情况下，您应该依赖底层框架的会话管理功能。Servlets & JSPs、Struts 和 Spring 有这种支持，你应该使用它。

In the extremely rare case that you are writing your own framework with no underlying session management features to rely on, you could start with the java.security.SecureRandom class to begin with. Of course, don't reinvent the wheel here, for broken session management is the same as broken authentication.

在极少数情况下，您正在编写自己的框架而没有可依赖的底层会话管理功能，您可以从 java.security.SecureRandom 类开始。当然，不要在这里重新发明轮子，因为断开的会话管理与断开的身份验证相同。

Update

更新

Given that you are using Google App Engine, you should rely on the session management features provided by the engine. It seems that it is not switched on by default.

鉴于您使用的是 Google App Engine，您应该依赖引擎提供的会话管理功能。好像默认没有开启。