出于安全考虑,登录成功后,我需要更改JSESSIONID。我有以下的东西。但似乎JSESSIONID在成功登录后被更改。但是当我导航到其他页面时,JSESSIONID再次被更改。我无法弄清楚出了什么问题。
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
String _LOC = "[Redirect Filter: doFilter]";
SB_UtilityLocal UTIL = createSB_UtilityLocal();
boolean authorized = false;
String user_sys_id = null;
HttpSession oldsession = null;
HttpSession session = null;
if (request instanceof HttpServletRequest) {
oldsession = ((HttpServletRequest) request).getSession(false);
if (oldsession != null) {
// make a copy of the session content
Map<String, Object> temp = new ConcurrentHashMap<String, Object>();
Enumeration e = oldsession.getAttributeNames();
while (e != null && e.hasMoreElements()) {
String name = (String) e.nextElement();
Object value = oldsession.getAttribute(name);
temp.put(name, value);
}
// kill the old session and create a new one
oldsession.invalidate();
session = ((HttpServletRequest) request).getSession();
// copy back the session content
for (Map.Entry<String, Object> stringObjectEntry : temp.entrySet()) {
session.setAttribute(stringObjectEntry.getKey(),
stringObjectEntry.getValue());
}
if (session != null) {
user_sys_id = (String) session.getAttribute("user_sys_id");
if (user_sys_id != null) {
authorized = true;
}
}
}
}
}