我正在编写一个Java桌面应用程序,该应用程序与通过不同代理程序运行的同一网站具有不同的HTTP连接。这些线程都使用HttpURLConnection发布到一个网站,但旨在显示为不同的用户,所有用户都使用不同的会话cookie。我编写了一个基本的cookie管理器,允许每个线程有不同的会话,通过迭代http响应头并存储带有键" Set-Cookie"的那些。相关代码如下:
private void addCookie(String cookie) { //adds received cookie to cookie string
if (cookies.contains(cookie)) return; //we have this exact cookie
processor.printSys("New Cookie: " + cookie);
cookies += (cookie + "; "); //add the new cookie followed by a semicolon
}
private void storeCookies(URLConnection con) { //iterates through headers, adding new cookies
String headerName = null;
for (int i = 0; i < con.getHeaderFields().size(); i ++) { //print headers for analysis
System.out.println(con.getHeaderFieldKey(i) + ": " + con.getHeaderField(i));
}
for (int i=1; (headerName = con.getHeaderFieldKey(i)) != null; i++) if (headerName.equals("Set-Cookie")) addCookie(con.getHeaderField(i));
}
private void setCookies(URLConnection conn) { //add stored cookies to next HttpURLConnection
if (cookies.isEmpty()) {conn.setRequestProperty("Cookie", ""); return;}
conn.setRequestProperty("Cookie", cookies);
processor.printSys("Cookies Set: " + cookies);
}
这个cookie管理器之前完美运行并且能够正确地存储cookie,在调用storeCookies(con)时为每个线程打印到控制台下面的文本。
null: HTTP/1.1 200 OK
Server: nginx
Date: Sun, 10 Jan 2016 20:57:16 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 977
Connection: keep-alive
Status: 200 OK
X-XHR-Current-Location: /shop/169618/add
X-UA-Compatible: IE=Edge,chrome=1
ETag: "3a5199771b11612b34cba523cd4af312"
Set-Cookie: cart=FOO; path=/; expires=Mon, 11-Jan-2016 20:57:16 GMT
Set-Cookie: pure_cart=BAR; path=/; expires=Mon, 11-Jan-2016 20:57:16 GMT
Set-Cookie: _supreme_session=BAZ; path=/; expires=Mon, 11-Jan-2016 20:57:16 GMT; HttpOnly
X-Request-Id: 20ef370b74e478b6484bb8d507a33a3a
X-Runtime: 0.021299
X-Rack-Cache: invalidate, pass
Accept-Ranges: bytes
X-Varnish: 2380939932
Age: 0
Via: 1.1 varnish
Cache-Control: private, max-age=0, must-revalidate
Order 1: New Cookie: cart=FOO; path=/; expires=Mon, 11-Jan-2016 20:57:16 GMT (3:57:16 PM)
Order 1: New Cookie: pure_cart=BAR; path=/; expires=Mon, 11-Jan-2016 20:57:16 GMT (3:57:16 PM)
Order 1: New Cookie: _supreme_session=BAZ; path=/; expires=Mon, 11-Jan-2016 20:57:16 GMT; HttpOnly (3:57:16 PM)
但是,我在不同的线程中在我的UI中实现了一个JFX WebView,立即注意到了一个变化。所有线程都存储相同的会话cookie,即使我明确地将cookie设置为空白,这也被覆盖了。 WebView的实现如下所示
Platform.runLater(() -> {
webView = new WebView();
webView.setZoom(.5);
jfxPanel.setScene(new Scene(webView));
webView.getEngine().load(url);
});
此WebView会导致相同的storeCookies(con)调用打印:
null: HTTP/1.1 200 OK
Server: nginx
Date: Sun, 10 Jan 2016 20:57:16 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 977
Connection: keep-alive
Status: 200 OK
X-XHR-Current-Location: /shop/169618/add
X-UA-Compatible: IE=Edge,chrome=1
ETag: "3a5199771b11612b34cba523cd4af312"
Set-Cookie: cart=FOO; path=/; expires=Mon, 11-Jan-2016 20:57:16 GMT
Set-Cookie: pure_cart=BAR; path=/; expires=Mon, 11-Jan-2016 20:57:16 GMT
Set-Cookie:
X-Request-Id: 20ef370b74e478b6484bb8d507a33a3a
X-Runtime: 0.021299
X-Rack-Cache: invalidate, pass
Accept-Ranges: bytes
X-Varnish: 2380939932
Age: 0
Via: 1.1 varnish
Cache-Control: private, max-age=0, must-revalidate
Order 1: New Cookie: cart=FOO; path=/; expires=Mon, 11-Jan-2016 20:57:16 GMT (3:57:16 PM)
Order 1: New Cookie: pure_cart=BAR; path=/; expires=Mon, 11-Jan-2016 20:57:16 GMT (3:57:16 PM)
Order 1: New Cookie:
使用WireShark进行数据包分析后,我确定这些字段不是空白,_supreme_session cookie仍然存在,它无法再用Java访问。更糟糕的是,JFX WebView的会话cookie作为通过HttpUrlConnection发布的每个帖子的会话cookie传入。显然,后台正在进行某些操作并覆盖我的cookie管理器,为任何HttpURLConnection设置和存储所有cookie。当我注释掉WebView时,问题就解决了,所以我只需要知道后台发生了什么以及如何禁用它。谢谢,Ben