我正在使用网络逻辑10.3。 我已经设置了Cookie安全,我开始在URL中获取jsession id。
在我的JPF控制器中,我们使用注释:@jpf.Controller(loginRequired = true)
当我修改weblogic.xml文件时
对于URL-Rewriting false,我的应用程序无法跟踪会话。
来自控制器NotLoggedInException的方法来了,应用程序没有注销,
错误来了没有登录用户。
任何人都可以请求帮助,以便我可以从URL中删除jsession id并且cookie保持安全吗?
答案 0 :(得分:0)
When we set our cookies as secure,
it will be no longer shareable on HTTP so framework will create a jsession id and append this id to URL so that session tracking can be done.
But when we think about to disable URL Re-writing means to remove jsession Id from URl.
In this case just try to redirect your application on HTTPS from HTTP.
On HTTPS secure cookies will be shareable.
To redirect http to https you need to implement a tg in web.xml
<security-constraint>
..................
..................
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL<transport-guarantee>
<user-data-constraint>
<security-constraint>