JWorld@TW the best professional Java site in Taiwan
      註冊 | 登入 | 全文檢索 | 排行榜  

» JWorld@TW » Servlet/JSP 討論區  

按列印兼容模式列印這個話題 列印話題    把這個話題寄給朋友 寄給朋友   
reply to postflat modego to previous topicgo to next topic
本主題所含的標籤
無標籤
作者 Re:在不同的網站間分享session [Re:ymshin]
aladdin

老婆不准我用兒子照片



發文: 175
積分: 3
於 2003-12-10 15:21 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
ymshin wrote:
其餘我不想爭辯, java 的 session id 是由 browser 給的?! 如果您是從書上得到的資訊也請您引言, 實在是覺得很不可思議. session 是用 cookie 傳送 session id?!!! well~


請告訴我,沒有cookie,如何讓server這一端在不同的http request之間使用同一個session的資料?

指引你一條簡單的路:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnasp/html/aspwsm.asp
一篇1997的文章。

另一篇
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnduwon/html/d5sessmgmt.asp

裡面有一段文字

Cookies
A cookie is a piece of information stored on the client on behalf of the server. A cookie can contain all the session information, or just the session ID. The information stored in the cookie originates on the server, and is returned to the client as part of the server's response to an HTTP request. The browser packages the cookie with every HTTP request to the server and gets the cookie as the HTTP response from the server.

Because the browser attaches the cookie with each new HTTP header request before sending it to the server, cookies are an ideal way to identify a series of HTTP requests that come from the same user. When a request is received, the session ID is extracted and the user is identified. When a request is received with no cookie, or with a cookie that does not contain the unique identifier, the request is assumed to be from a new user. In that case, a new unique identifier is generated before the response is sent back to the client.

The disadvantages of maintaining session state with cookies include the security and size limitations presented. The maximum allowable size of a cookie is 4,096 bytes. Because the cookie is stored in a known location, the information stored in the cookie is not secure and can potentially be sniffed. Though cookies impose a security risk for sensitive information, they can be used for storing non-sensitive information. Another problem with cookies is that not all browsers support them, and some browsers that do support cookies allow users to disable them. If your application needs to be responsive to browsers that don't support cookies or to browsers with cookies disabled, you should consider other session management techniques.


知道了嗎?HttpServletRequest.getSession()在做什麼?

這裡還有:
http://java.sun.com/blueprints/qanda/web_tier/session_state.html

How does the web tier maintain session state?

A web container provides session management to the JSP pages and servlets it contains by way of interface HttpSession. Typically, the container will try to use a cookie to save user session state on the client. If the client refuses to accept the cookie for some reason (the user has disabled cookies, an intervening firewall filters cookies, etc.), the container will usually try to implement session management by using URL rewriting. URL rewriting works in cases where cookies will not, even in browsers that don't implement cookies, but suffer from other problems. Rewritten URLs tend to be long and ugly, are expensive to produce for pages with many links, and usually don't "bookmark" well. Furthermore, rewritten URLs usually can't be used with legacy web pages, because the URLs in the links in those pages are static.

In general, it's preferable to save custom session state in the HttpSession object itself, using its methods getAttribute() and setAttribute(). Using these methods allows the web container to maintain that session state in a way most effective for your particular application and server.


這一切的源頭,RFC 2109,有如下的一段文字:

4. OUTLINE

We outline here a way for an origin server to send state information
to the user agent, and for the user agent to return the state
information to the origin server. The goal is to have a minimal
impact on HTTP and user agents. Only origin servers that need to
maintain sessions would suffer any significant impact, and that
impact can largely be confined to Common Gateway Interface (CGI)
programs, unless the server provides more sophisticated state
management support. (See Implementation Considerations, below.)

4.2 Origin Server Role

4.2.1 General

The origin server initiates a session, if it so desires. (Note that
"session" here does not refer to a persistent network connection but
to a logical session created from HTTP requests and responses. The
presence or absence of a persistent connection should have no effect
on the use of cookie-derived sessions). To initiate a session, the
origin server returns an extra response header to the client, Set-
Cookie. (The details follow later.)

A user agent returns a Cookie request header (see below) to the
origin server if it chooses to continue a session. The origin server
may ignore it or use it to determine the current state of the
session. It may send back to the client a Set-Cookie response header
with the same or different information, or it may send no Set-Cookie
header at all. The origin server effectively ends a session by
sending the client a Set-Cookie header with Max-Age=0.

Servers may return a Set-Cookie response headers with any response.
User agents should send Cookie request headers, subject to other
rules detailed below, with every request.

An origin server may include multiple Set-Cookie headers in a
response. Note that an intervening gateway could fold multiple such
headers into a single header.


aladdin edited on 2003-12-10 16:00
reply to postreply to post
話題樹型展開
人氣 標題 作者 字數 發文時間
51245 [精華] 在不同的網站間分享session aladdin 2004 2003-12-05 14:29
47601 Re:在不同的網站間分享session moszap 151 2003-12-05 14:45
47298 Re:在不同的網站間分享session aladdin 1180 2003-12-05 17:10
47049 Re:在不同的網站間分享session jini 1437 2003-12-05 19:20
46836 Re:在不同的網站間分享session aladdin 823 2003-12-05 20:20
46916 Re:在不同的網站間分享session aladdin 337 2003-12-10 18:15
45683 Re:在不同的網站間分享session sdargon 143 2003-12-10 16:41
45742 Re:在不同的網站間分享session aladdin 1585 2003-12-10 16:50
45533 Re:在不同的網站間分享session jog 37 2003-12-10 17:35
45666 Re:在不同的網站間分享session jini 1322 2003-12-11 00:05
45110 Re:在不同的網站間分享session jcwang6188 475 2003-12-12 13:59
44967 Re:在不同的網站間分享session Thinker 749 2003-12-12 16:12
44409 Re:在不同的網站間分享session chency 2580 2003-12-21 02:15
46346 Re:在不同的網站間分享session snpshu 176 2003-12-11 00:31
45240 Re:在不同的網站間分享session jini 302 2003-12-11 00:40
45202 Re:在不同的網站間分享session saijone 791 2003-12-11 05:09
45207 Re:在不同的網站間分享session aladdin 1755 2003-12-11 09:13
44960 Re:在不同的網站間分享session Forth 39 2003-12-11 12:44
45892 Re:在不同的網站間分享session im1000 1201 2003-12-11 19:06
44860 Re:在不同的網站間分享session aladdin 336 2003-12-12 10:14
45093 Re:在不同的網站間分享session snpshu 368 2003-12-11 08:58
44969 Re:在不同的網站間分享session jog 207 2003-12-11 11:09
44835 Re:在不同的網站間分享session aladdin 461 2003-12-12 09:11
45054 Re:在不同的網站間分享session ming215 734 2003-12-11 17:16
45034 Re:在不同的網站間分享session im1000 803 2003-12-11 18:59
44951 Re:在不同的網站間分享session aladdin 2284 2003-12-12 10:07
44820 Re:在不同的網站間分享session Biologic 854 2003-12-12 10:32
44747 Re:在不同的網站間分享session saijone 710 2003-12-12 12:56
44715 Re:在不同的網站間分享session subbug 246 2003-12-12 11:49
44675 Re:在不同的網站間分享session koji 90 2003-12-12 12:18
44586 Re:在不同的網站間分享session subbug 111 2003-12-12 13:13
44692 Re:在不同的網站間分享session popcorny 248 2003-12-15 00:52
44394 Re:在不同的網站間分享session 沒有人 487 2003-12-15 05:00
44305 Re:在不同的網站間分享session Biologic 590 2003-12-15 08:42
46106 Re:在不同的網站間分享session jini 106 2003-12-05 15:22
46315 Re:在不同的網站間分享session aladdin 116 2003-12-05 15:46
43542 Re:在不同的網站間分享session good 537 2004-01-27 11:47
46211 Re:在不同的網站間分享session jini 643 2003-12-05 15:28
46199 Re:在不同的網站間分享session aladdin 214 2003-12-05 15:48
45955 Re:在不同的網站間分享session saijone 1697 2003-12-07 01:03
45820 Re:在不同的網站間分享session jini 724 2003-12-07 01:26
46039 Re:在不同的網站間分享session Forth 80 2003-12-07 01:36
45960 Re:在不同的網站間分享session jini 1683 2003-12-07 12:25
44573 Re:在不同的網站間分享session Thinker 1809 2003-12-12 15:38
44506 Re:在不同的網站間分享session jini 643 2003-12-12 21:12
44506 Re:在不同的網站間分享session Thinker 598 2003-12-13 01:35
44655 Re:在不同的網站間分享session im1000 1338 2003-12-13 02:31
44475 Re:在不同的網站間分享session Thinker 2298 2003-12-13 11:49
44434 Re:在不同的網站間分享session saijone 2006 2003-12-13 23:05
44631 Re:在不同的網站間分享session Thinker 1933 2003-12-14 11:48
46250 Re:在不同的網站間分享session ingramchen 87 2003-12-06 03:33
45949 Re:在不同的網站間分享session jini 1281 2003-12-06 04:03
46621 Re:在不同的網站間分享session ingramchen 1420 2003-12-06 06:52
45901 Re:在不同的網站間分享session jini 582 2003-12-06 13:31
45920 Re:在不同的網站間分享session aladdin 1652 2003-12-06 13:51
45814 Re:在不同的網站間分享session Forth 137 2003-12-06 14:19
45934 Re:在不同的網站間分享session aladdin 1399 2003-12-06 14:50
45865 Re:在不同的網站間分享session jini 868 2003-12-06 14:41
45988 Re:在不同的網站間分享session ingramchen 768 2003-12-06 16:30
45870 Re:在不同的網站間分享session aladdin 187 2003-12-06 15:24
45800 Re:在不同的網站間分享session jini 297 2003-12-06 16:39
45874 Re:在不同的網站間分享session aladdin 871 2003-12-06 16:51
45842 Re:在不同的網站間分享session jini 1162 2003-12-06 19:43
45755 Re:在不同的網站間分享session Forth 125 2003-12-06 21:11
46012 Re:在不同的網站間分享session aladdin 3936 2003-12-08 11:16
45680 Re:在不同的網站間分享session Biologic 433 2003-12-08 12:28
45290 Re:在不同的網站間分享session Millerlai 0 2003-12-10 15:48
45191 Re:在不同的網站間分享session aladdin 610 2003-12-10 15:59
45101 Re:在不同的網站間分享session Millerlai 290 2003-12-10 16:12
45103 Re:在不同的網站間分享session Millerlai 273 2003-12-10 16:26
45925 Re:在不同的網站間分享session aladdin 3123 2003-12-08 15:25
45676 Re:在不同的網站間分享session ymshin 1194 2003-12-08 16:18
45788 Re:在不同的網站間分享session aladdin 2245 2003-12-08 17:42
45604 Re:在不同的網站間分享session ymshin 1375 2003-12-08 18:05
45166 Re:在不同的網站間分享session sdargon 0 2003-12-10 10:56
45308 Re:在不同的網站間分享session ymshin 1176 2003-12-10 11:17
45367 Re:在不同的網站間分享session aladdin 1268 2003-12-10 12:00
45166 Re:在不同的網站間分享session ymshin 283 2003-12-10 12:16
45288 Re:在不同的網站間分享session aladdin 1591 2003-12-10 13:39
45151 Re:在不同的網站間分享session ymshin 1403 2003-12-10 14:35
45387 Re:在不同的網站間分享session aladdin 5567 2003-12-10 15:21
45079 Re:在不同的網站間分享session Biologic 136 2003-12-10 15:31
45150 Re:在不同的網站間分享session aladdin 124 2003-12-10 15:44
44922 Re:在不同的網站間分享session Biologic 167 2003-12-10 20:15
45118 Re:在不同的網站間分享session ymshin 1076 2003-12-10 16:15
45117 Re:在不同的網站間分享session aladdin 1290 2003-12-10 16:45
45124 Re:在不同的網站間分享session ymshin 2038 2003-12-10 17:39
45034 Re:在不同的網站間分享session aladdin 545 2003-12-10 18:03
44948 Re:在不同的網站間分享session ymshin 218 2003-12-10 19:43
45219 Re:在不同的網站間分享session Biologic 1128 2003-12-10 12:52
45201 Re:在不同的網站間分享session aladdin 132 2003-12-10 12:56
45217 Re:在不同的網站間分享session anthonychen 232 2003-12-10 11:17
44974 Re:在不同的網站間分享session anthonychen 421 2003-12-10 19:58
45522 Re:在不同的網站間分享session jog 342 2003-12-09 01:57
45454 Re:在不同的網站間分享session Biologic 460 2003-12-09 10:28
45597 Re:在不同的網站間分享session aladdin 2955 2003-12-09 10:31
45595 Re:在不同的網站間分享session im1000 567 2003-12-10 04:26
45744 Re:在不同的網站間分享session aladdin 516 2003-12-10 11:11
» JWorld@TW »  Servlet/JSP 討論區

reply to postflat modego to previous topicgo to next topic
  已讀文章
  新的文章
  被刪除的文章
Jump to the top of page

JWorld@TW 本站商標資訊

Powered by Powerful JuteForum® Version Jute 1.5.8