我正在编写一个处理来自Android客户端的请求的servlet。每次我执行HttpGet时,servlet都会根据HttpSession session = request.getSession(true);的结果分配一个sessionID。
问题是,在每次请求时,request.getSession(true);总是会分配一个新的会话值。即使请求来自同一客户端,.getSession(true)仅在没有现有会话时才返回新的会话ID。此外,在测试HttpSession是否为条件if (session.isNew()) { // do something }的新内容时,即使请求来自同一客户端,也始终为真。从浏览器执行相同的URL时,一切都很好。
如果会话永远不会被识别为旧,我没有实际的方法为我的会话设置租约(到期)时间。
代码,Android方面:
private class LongRunningGetIO extends AsyncTask<String, Void, Object> {
private String URL = "http://server:port/path/servlet?";
private String functionType = "function=";
private String statement = "&statement=";
private String text = "&text=";
private String language = "&language=";
protected String getASCIIContentFromEntity(HttpEntity entity) throws IllegalStateException, IOException {
InputStream in = entity.getContent();
StringBuffer out = new StringBuffer();
int n = 1;
while (n > 0) {
byte[] b = new byte[4096];
n = in.read(b);
if (n > 0) out.append(new String(b, 0, n));
}
return out.toString();
}
@Override
protected Object doInBackground(String... params) {
String command = params[0];
HttpClient httpClient = new DefaultHttpClient();
HttpContext localContext = new BasicHttpContext();
HttpGet httpGet = new HttpGet(URL + command);
System.out.println("Sent URL: " + URL + command);
String text = null;
try {
HttpResponse response = httpClient.execute(httpGet, localContext);
HttpEntity entity = response.getEntity();
text = getASCIIContentFromEntity(entity).toString();
} catch (Exception e) {
return e.getLocalizedMessage();
}
return text;
}
}
代码,Servlet方:
protected JSONObject validateID(HttpServletRequest request, JSONObject JSONObj, String lang) throws JSONException, SQLException {
// Get the current session object, create one if new
HttpSession session = request.getSession(true);
boolean validID = request.isRequestedSessionIdValid();
System.out.println("sessionID is valid : " + validID);
Date daysAgo = new Date(System.currentTimeMillis() - 10 * 1000);
Date created = new Date(session.getCreationTime());
long sessionAge = (System.currentTimeMillis() - created.getTime());
System.out.println("sessionAge : " + sessionAge);
// In case of relogin without logout
if (!session.isNew() && lastID != null) {
System.out.println("sessionID is " + sessionAge + "ms OLD... received ID : " + lastID);
if (lastID.equals(lastID)) {
JSONObj.remove("LoggedIn");
JSONObj.put("LoggedIn", lastID); // already LoggedIn with this sessionID
} else {
JSONObj.remove("LoggedIn");
JSONObj.put("LoggedIn", "Invalid"); // corrupted sessionID
}
}
// Invalidating a session if it's older than 24h
if (!session.isNew()) { // skip new sessions
if (created.before(daysAgo)) {
session.invalidate();
System.out.println("sessionID EXPIRED... invalidating ID : " + lastID);
languageConns.remove(lastID);
connections.remove(lastID);
lastID = null;
JSONObj.put("LoggedIn", "Expired"); //if sessionID expired
}
} else if (session.isNew()) {
session = request.getSession(false); //get a new session
lastID = session.getId();
System.out.println("sessionID is NEW or INVALID... generated ID : " + lastID);
JSONObj.remove("LoggedIn");
JSONObj.put("LoggedIn", lastID); // return a secure sessionID
connections.remove(lastID);
connections.put(lastID, conn);
languageConns.remove(lastID);
languageConns.put(lastID, lang);
System.out.println("languageConns : " + languageConns);
System.out.println("connections : " + connections);
}
session.setMaxInactiveInterval(86400);
System.out.println("JSONObj after validatingID : " + JSONObj);
return JSONObj;
}
的问题:
在此代码中,当请求来自Android客户端时,会导致sessionID仅被识别为新的,但在浏览器中运行时,相同的请求会按预期执行吗?
我希望这很清楚。