Java 当client=android时,request.getSession(true)总是返回一个新会话
我正在编写一个servlet来处理来自android客户端的请求。每次执行HttpGet时,servlet都会根据Java 当client=android时,request.getSession(true)总是返回一个新会话,java,android,servlets,Java,Android,Servlets,我正在编写一个servlet来处理来自android客户端的请求。每次执行HttpGet时,servlet都会根据HttpSession session=request.getSession(true)的结果分配一个sessionID 问题是在每个请求中,request.getSession(true)始终分配新的会话值。即使请求来自同一客户机,.getSession(true)仅在没有现有会话的情况下返回新的sessionID。另外,当测试HttpSession是否是新的,并且有一个条件if(
HttpSession session=request.getSession(true)的结果分配一个sessionID
问题是在每个请求中,request.getSession(true)始终分配新的会话值。即使请求来自同一客户机,.getSession(true)
仅在没有现有会话的情况下返回新的sessionID。另外,当测试HttpSession
是否是新的,并且有一个条件if(session.isNew()){//do something}
时,即使请求来自同一个客户端,它也总是正确的。从浏览器执行相同的URL时,一切正常
如果会话从未被识别为旧会话,我就没有实际的方法为会话设置租约(到期)时间
代码,Android端:
private class LongRunningGetIO extends AsyncTask<String, Void, Object> {
private String URL = "http://server:port/path/servlet?";
private String functionType = "function=";
private String statement = "&statement=";
private String text = "&text=";
private String language = "&language=";
protected String getASCIIContentFromEntity(HttpEntity entity) throws IllegalStateException, IOException {
InputStream in = entity.getContent();
StringBuffer out = new StringBuffer();
int n = 1;
while (n > 0) {
byte[] b = new byte[4096];
n = in.read(b);
if (n > 0) out.append(new String(b, 0, n));
}
return out.toString();
}
@Override
protected Object doInBackground(String... params) {
String command = params[0];
HttpClient httpClient = new DefaultHttpClient();
HttpContext localContext = new BasicHttpContext();
HttpGet httpGet = new HttpGet(URL + command);
System.out.println("Sent URL: " + URL + command);
String text = null;
try {
HttpResponse response = httpClient.execute(httpGet, localContext);
HttpEntity entity = response.getEntity();
text = getASCIIContentFromEntity(entity).toString();
} catch (Exception e) {
return e.getLocalizedMessage();
}
return text;
}
}
protected JSONObject validateID(HttpServletRequest request, JSONObject JSONObj, String lang) throws JSONException, SQLException {
// Get the current session object, create one if new
HttpSession session = request.getSession(true);
boolean validID = request.isRequestedSessionIdValid();
System.out.println("sessionID is valid : " + validID);
Date daysAgo = new Date(System.currentTimeMillis() - 10 * 1000);
Date created = new Date(session.getCreationTime());
long sessionAge = (System.currentTimeMillis() - created.getTime());
System.out.println("sessionAge : " + sessionAge);
// In case of relogin without logout
if (!session.isNew() && lastID != null) {
System.out.println("sessionID is " + sessionAge + "ms OLD... received ID : " + lastID);
if (lastID.equals(lastID)) {
JSONObj.remove("LoggedIn");
JSONObj.put("LoggedIn", lastID); // already LoggedIn with this sessionID
} else {
JSONObj.remove("LoggedIn");
JSONObj.put("LoggedIn", "Invalid"); // corrupted sessionID
}
}
// Invalidating a session if it's older than 24h
if (!session.isNew()) { // skip new sessions
if (created.before(daysAgo)) {
session.invalidate();
System.out.println("sessionID EXPIRED... invalidating ID : " + lastID);
languageConns.remove(lastID);
connections.remove(lastID);
lastID = null;
JSONObj.put("LoggedIn", "Expired"); //if sessionID expired
}
} else if (session.isNew()) {
session = request.getSession(false); //get a new session
lastID = session.getId();
System.out.println("sessionID is NEW or INVALID... generated ID : " + lastID);
JSONObj.remove("LoggedIn");
JSONObj.put("LoggedIn", lastID); // return a secure sessionID
connections.remove(lastID);
connections.put(lastID, conn);
languageConns.remove(lastID);
languageConns.put(lastID, lang);
System.out.println("languageConns : " + languageConns);
System.out.println("connections : " + connections);
}
session.setMaxInactiveInterval(86400);
System.out.println("JSONObj after validatingID : " + JSONObj);
return JSONObj;
}
问题:
private class LongRunningGetIO extends AsyncTask<String, Void, Object> {
private String URL = "http://server:port/path/servlet?";
private String functionType = "function=";
private String statement = "&statement=";
private String text = "&text=";
private String language = "&language=";
protected String getASCIIContentFromEntity(HttpEntity entity) throws IllegalStateException, IOException {
InputStream in = entity.getContent();
StringBuffer out = new StringBuffer();
int n = 1;
while (n > 0) {
byte[] b = new byte[4096];
n = in.read(b);
if (n > 0) out.append(new String(b, 0, n));
}
return out.toString();
}
@Override
protected Object doInBackground(String... params) {
String command = params[0];
HttpClient httpClient = new DefaultHttpClient();
HttpContext localContext = new BasicHttpContext();
HttpGet httpGet = new HttpGet(URL + command);
System.out.println("Sent URL: " + URL + command);
String text = null;
try {
HttpResponse response = httpClient.execute(httpGet, localContext);
HttpEntity entity = response.getEntity();
text = getASCIIContentFromEntity(entity).toString();
} catch (Exception e) {
return e.getLocalizedMessage();
}
return text;
}
}
protected JSONObject validateID(HttpServletRequest request, JSONObject JSONObj, String lang) throws JSONException, SQLException {
// Get the current session object, create one if new
HttpSession session = request.getSession(true);
boolean validID = request.isRequestedSessionIdValid();
System.out.println("sessionID is valid : " + validID);
Date daysAgo = new Date(System.currentTimeMillis() - 10 * 1000);
Date created = new Date(session.getCreationTime());
long sessionAge = (System.currentTimeMillis() - created.getTime());
System.out.println("sessionAge : " + sessionAge);
// In case of relogin without logout
if (!session.isNew() && lastID != null) {
System.out.println("sessionID is " + sessionAge + "ms OLD... received ID : " + lastID);
if (lastID.equals(lastID)) {
JSONObj.remove("LoggedIn");
JSONObj.put("LoggedIn", lastID); // already LoggedIn with this sessionID
} else {
JSONObj.remove("LoggedIn");
JSONObj.put("LoggedIn", "Invalid"); // corrupted sessionID
}
}
// Invalidating a session if it's older than 24h
if (!session.isNew()) { // skip new sessions
if (created.before(daysAgo)) {
session.invalidate();
System.out.println("sessionID EXPIRED... invalidating ID : " + lastID);
languageConns.remove(lastID);
connections.remove(lastID);
lastID = null;
JSONObj.put("LoggedIn", "Expired"); //if sessionID expired
}
} else if (session.isNew()) {
session = request.getSession(false); //get a new session
lastID = session.getId();
System.out.println("sessionID is NEW or INVALID... generated ID : " + lastID);
JSONObj.remove("LoggedIn");
JSONObj.put("LoggedIn", lastID); // return a secure sessionID
connections.remove(lastID);
connections.put(lastID, conn);
languageConns.remove(lastID);
languageConns.put(lastID, lang);
System.out.println("languageConns : " + languageConns);
System.out.println("connections : " + connections);
}
session.setMaxInactiveInterval(86400);
System.out.println("JSONObj after validatingID : " + JSONObj);
return JSONObj;
}
在这段代码中,当请求来自android客户端,但同一个请求在浏览器中运行时会按预期执行时,什么会导致sessionID仅被识别为新的
我希望这足够清楚。您必须存储第一个请求中的cookie,并将其发送到以下请求的标题中。我不使用cookie来保留状态。这是一种URL重写策略。在任何一种情况下,来自同一客户机的访问/请求,无论是否带有cookie,在运行会话时都应被标识为具有相同的会话ID。isNew()那么,在代码中,您在哪里向URL添加jsessionid,以便服务器知道该请求属于哪个会话?如果你不发送任何cookie,也不重写URL,很明显,服务器无法知道会话ID是什么。事实上,放弃我的第一条评论。你手头有没有利用URL重写来跟踪会话的资源(或代码片段);jsessionid=位于URL的末尾(在查询字符串之前)。见本手册第7.1.3节。