Java Spring Session在请求之间不持久

时间:2019-06-18 11:33:53

标签: java spring session

我有这个控制器

FAILED: postAPITest
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)

访问@Controller @RequestMapping(value = "/login") public class Login{ @RequestMapping public ModelAndView mainPage(HttpServletRequest request){ request.getSession().setAttribute("testSession", "Session test"); return new ModelAndView("/login"); } @RequestMapping(value = "/check") public View check(HttpServletRequest request){ System.out.println(request.getSession(false)); //null return new RedirectView("/login"); } } 时,我创建一个会话并向其中添加属性/login"testSession"

request.getSession().setAttribute("testSession", "Session test");页上有此/login

<form action="/login/check" method="post">上,我尝试在/login/check上创建会话,但是它为空。

为什么会话在请求之间不持久?

P.S .:我的应用程序在Tomcat和Apache作为反向代理的远程服务器上运行,我通过/login

访问我的应用程序

更新

我创建了一个控制器来测试会话:

https://mydom.com

每次向@Controller @RequestMapping(value = "/sess") public class TestSession{ @RequestMapping(method = RequestMethod.GET) public void mainPage(HttpServletRequest request, HttpServletResponse response) throws IOException{ //get or create session HttpSession session = request.getSession(); response.setContentType("text/html"); response.getWriter().println(session.getId()); } } 发送请求时,都会打印另一个ID。

2 个答案:

答案 0 :(得分:5)

真正的问题出在JSessionID路径上。

JSessionID的路径为/myapp。那是Tomcat的结果,因为我的应用程序通常在mydom.com:8080/myapp

下运行

但是使用Apache作为反向代理,我直接从mydom.com/运行我的应用,这使JSessionID无效,因为我不在mydom.com/myapp上。

所以我在Apache的虚拟主机中添加了一行(设置了反向代理)来更改cookie的路径:

ProxyPassReverseCookiePath /myapp /

这是我最后的VirtualHost,现在会话在请求之间保持不变。

<VirtualHost *:80>

    ServerName mydom.com

    ProxyRequests Off
    ProxyPreserveHost On
    ProxyPass / http://127.0.0.1:8080/myapp/
    ProxyPassReverse / http://127.0.0.1:8080/myapp/
    ProxyPassReverseCookiePath /emrahub-1.0.0 /

</VirtualHost>

答案 1 :(得分:0)

您是否正在使用Spring Security?也许你可以设置 http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER)(如果您要自己管理会话)

参考:https://www.baeldung.com/spring-security-session