如何从 JSESSIONID 加载 Java HttpSession?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3092363/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How can i load Java HttpSession from JSESSIONID?
提问by Tushar Ahirrao
I want to get Java HttpSessionby JSESSIONID. Is it possible? If yes, how?
我想HttpSession通过 JSESSIONID获取 Java 。是否可以?如果是,如何?
采纳答案by BalusC
You need to collect them all in a Mapusing a HttpSessionListeneryourself.
你需要收集所有在Map用HttpSessionListener你自己。
public class HttpSessionCollector implements HttpSessionListener {
private static final Map<String, HttpSession> sessions = new HashMap<String, HttpSession>();
@Override
public void sessionCreated(HttpSessionEvent event) {
HttpSession session = event.getSession();
sessions.put(session.getId(), session);
}
@Override
public void sessionDestroyed(HttpSessionEvent event) {
sessions.remove(event.getSession().getId());
}
public static HttpSession find(String sessionId) {
return sessions.get(sessionId);
}
}
Just register it in web.xmlas follows to run it:
只需web.xml按如下方式注册即可运行它:
<listener>
<listener-class>com.example.HttpSessionCollector</listener-class>
</listener>
Then, anywhere you want just do HttpSessionCollector.find(sessionId)to get the HttpSessionin question.
然后,在任何你想做的地方都HttpSessionCollector.find(sessionId)可以得到有HttpSession问题的。
That said, this is a hugesmell. There are certainly better ways to solve the actualfunctional requirement than this ;) As I commented in your follow-up question:
也就是说,这是一种巨大的气味。肯定有比这更好的方法来解决实际的功能需求;) 正如我在您的后续问题中所评论的:
This is the 2nd time that you asked a question which in real world should never be practiced. Honestly said, this all smells. What is it, the problem for which you think that getting the
HttpSessionassociated with JSESSONID in server side and getting the JSESSIONID value in client side is "the" solution? Elaborate about this in a new question, you'll get answers how to do it the right way.
这是您第二次提出在现实世界中永远不应该练习的问题。老实说,这都是臭味。它是什么,您认为
HttpSession在服务器端获取与 JESSIONID 相关联并在客户端获取 JSESSIONID 值的问题是“解决方案”?在一个新问题中详细说明这一点,您将获得如何以正确的方式进行操作的答案。
Take it serious. We're not teasing you, we're just trying to help you in the right direction to avoid that your project/webapp will break due to security holes and bad practices and/or that you will get fired.
认真点。我们不是在取笑您,我们只是想帮助您朝着正确的方向发展,以避免您的项目/web 应用程序因安全漏洞和不良做法而崩溃和/或您被解雇。
回答by skaffman
No, the API does not permit this.
不,API 不允许这样做。
I'd say more, but that's about all there is to it.
我想说更多,但这就是它的全部内容。
回答by user207421
You can do it as per BalusC's answer, but the existence of such a facility is a prima faciesecurity breach between different users. You shouldn't be building things like this into your application.
您可以按照 BalusC 的回答进行操作,但这种设施的存在是不同用户之间的初步安全漏洞。你不应该在你的应用程序中构建这样的东西。
