Question

当我只发送重定向时，如何阻止Tomcat发送JSESSIONID cookie？我根本无法访问.getSession()。

@RequestMapping(value = "/*")
public void doUrlRequest(final HttpServletRequest request, HttpServletResponse response) {
  ...
  if (redirect != null) response.sendRedirect(redirect);

控制台

$ curl -i localhost:8080/aaa                                                                                                                                                                               HTTP/1.1 302
Set-Cookie: JSESSIONID=A38FE0B0703F4241414BD8DEF646A2BA; Path=/; HttpOnly
Location: http://localhost:8080/errorNonMobile
Content-Length: 0
Date: Thu, 17 May 2018 19:55:49 GMT

我试过

request.getServletContext().setSessionTrackingModes(Collections.singleton(SessionTrackingMode.URL));

但它错了

java.lang.IllegalStateException：上下文运行时无法设置context []的会话跟踪模式

我需要另一条路径的会话。我不能为整个应用程序关闭它。我只想为这个请求处理程序关闭它。

Answer 1

我通过在控制器上评论@Scope标记来关闭它。

@Controller
//@Scope("session")
@ApiIgnore
public class MyUrlController implements ErrorController {

https://docs.spring.io/spring/docs/current/javadoc-api/org/springframework/context/annotation/Scope.html

https://docs.spring.io/spring/docs/current/javadoc-api/org/springframework/web/context/WebApplicationContext.html#SCOPE_SESSION

$ curl -i localhost:8080/aaa
HTTP/1.1 302
Location: http://localhost:8080/errorNonMobile
Content-Length: 0
Date: Thu, 17 May 2018 21:26:25 GMT

当我只发送重定向时，如何在Tomcat / Spring Boot中关闭JSESSIONID？

1 个答案: