如果登录成功,则更改JSESSIONID cookie

时间:2016-01-19 07:42:54

标签: java redirect session-cookies jsessionid

出于安全考虑,登录成功后,我需要更改JSESSIONID。我有以下的东西。但似乎JSESSIONID在成功登录后被更改。但是当我导航到其他页面时,JSESSIONID再次被更改。我无法弄清楚出了什么问题。

public void doFilter(ServletRequest request, ServletResponse response,
        FilterChain chain) throws IOException, ServletException {
    String _LOC = "[Redirect Filter: doFilter]";

    SB_UtilityLocal UTIL = createSB_UtilityLocal();

    boolean authorized = false;

    String user_sys_id = null;
    HttpSession oldsession = null;
    HttpSession session = null;     

    if (request instanceof HttpServletRequest) {
        oldsession = ((HttpServletRequest) request).getSession(false);

        if (oldsession != null) {
            // make a copy of the session content
            Map<String, Object> temp = new ConcurrentHashMap<String, Object>();
            Enumeration e = oldsession.getAttributeNames();
            while (e != null && e.hasMoreElements()) {
                String name = (String) e.nextElement();
                Object value = oldsession.getAttribute(name);
                temp.put(name, value);
            }

            // kill the old session and create a new one
            oldsession.invalidate();
            session = ((HttpServletRequest) request).getSession();

            // copy back the session content
            for (Map.Entry<String, Object> stringObjectEntry : temp.entrySet()) {
                session.setAttribute(stringObjectEntry.getKey(),
                        stringObjectEntry.getValue());
            }           

            if (session != null) {
                user_sys_id = (String) session.getAttribute("user_sys_id");
                if (user_sys_id != null) {
                    authorized = true;
                }
            }
        }
    }
}

0 个答案:

没有答案