- Front-end
- HTML| CSS| JavaScript| Vue.js
Latest Recommendations
-
Php8, I'm coming too
84669 person learning
- native foundation
- HTML| CSS| HTML5| CSS3| JavaScript
Latest Recommendations
-
Learn website layout in 30 minutes
152542 person learning
- Introduction to Fundamentals
- MySQL| SQL Server
Latest Recommendations
-
Shangguan Oracle Beginner to Proficient Video Tutorial
20005 person learning
Latest Recommendations
-
Your first line of UNI-APP code
5487 person learning
-
Flutter from scratch to app launch
7821 person learning
- Tool usage
- PhpStudy| Git| Other tools
Latest Recommendations
-
Brother Lian New Linux Video Tutorial
359900 person learning
Latest Recommendations
-
AXURE 9 Video Tutorial (Suitable for Product Manager Interactive Product Design UI)
3350 person learning
-
Zero Basic Proficiency PS Video Tutorial
180660 person learning
-
16 day UI video tutorial to get you started
48569 person learning
-
PS Techniques and Slicing Techniques Video Tutorial
18603 person learning
- Class Library Classification
- HTTP| TCP/IP| basic programming
Latest Recommendations
-
Alibaba Cloud Environment Construction and Project Launch Video Tutorial
40936 person learning
-
Overview of Computer Networks - Basic Knowledge that Programmers Must Master
1549 person learning
-
Essential Tutorial for Programmers - HTTP Protocol Explanation
1183 person learning
-
Websocket Video Tutorial
32909 person learning
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
Done, I checked the respective Request (implementation of HttpServletRequest) of Tomcat and Jetty, and both set the session id through a setRequestedSessionId(String). If I use reflection to obtain and call this method, set the sessionId before getSession. After the experiment works on Jetty, I will try Tomcat again. These two containers are what I commonly use, and I will check them out when I encounter other containers.
The code is simple:
Haha!
It should be noted that it must be executed before the current request calls getSession for the first time. Pay special attention to whether there is a Filter in the upper layer that uses Session
2016/05/21 Updated experimental results
The SessionID can be replaced in the above method, but the Session cannot be taken out, because the Session will be verified when taking it out, and the source code of Jetty will be tracked to find out that the Session object is set when the Request is initialized, as shown below:
At this time, I haven’t progressed to Servlet and Filter yet, so I can’t start, so it seems that resetting is not that simple.
The above was only tested on Jetty, and the result failed. There is no experiment on Tomcat. If you look at the source code, there is a changeSessionId(String) method. It should be possible based on the logic.
Results updated again on 2016/05/21
After constant tossing, the sessionId was successfully reset using the following code:
Nothing needs to be changed in the program executed after this. You can use request.getSession() to read and write the Session normally. This method is written for Jetty.
2015/05/22 Tomcat actual measurement update
I was bored after breakfast, so I tracked the Tomcat code, using Tomcat 7 and 8 versions, and found that the Request object handed to the user Servlet is a proxy class called RequestFacade, which only implements the methods of the HttpServletRequest interface. , hiding his Request object, so methods such as setRequestedSessionId of org.apache.catalina.connector.Request cannot be called.
It seems that this Hack can only be implemented for Jetty.
Although the results are not optimistic, and Jetty may hide those methods in future versions, this experimental process has given us a better understanding of these two application containers. Whether it's Cookie, URL Path Parameter, or GET/POST parameters, they just carry Session Token in different locations of the request data. It may be more convenient to simply encapsulate the connection on the client side.
Use token and put the token in the request header. The front-end is required to bring this token when making requests