问题
I am developing an application network where I want to offer multiple applications to my users with them only having to register/login a single time and use all of the applications with the same login.
To achieve this, I created a cookie in which I store the Session ID of the user(which he receives when he logs in). Everytime a user opens up an application, the Launch Module tries to find the cookie and sends a request to the server to check if that session is still valid.
When I tested this on my local dev machine, everything worked fine, but on my pre-live test server, the cookie I created in the one application is not found by the other application.
My Test Server is a Tomcat 7. Apllications deployed via .war-upload
Cookies are initially created using this command: Cookies.setCookie("WebsiteName", result.getSessionId());
Every Help is appreciated!
Edit 1
I got a little bit further on getting everything to work as I wanted it.
Originally I did not implement the HttpServlet Session, but an own Session management System, which stored my own session ID in the cookie. Checking the Server Logs, I found out, that if both applications are deployed under a sub path, the Session Output is the following for application 1:
Test HttpSession ID: 34446C7F3F345F74A0AAB5E292A47021 | Own Session ID: 3a25884692c499d5e72f07bb2b214a40f63f5a4a842852c58f30e1b46cf7bee7bc8a3394a9fe83a04ac4e1dcb4069dbca95a8f0001e012bc643934e08af35ec2
AND for application 2
Test HttpSession ID: 429388DE8F0F76F877B077433FE16B66 | Own Session ID: 4e6b19a7621893de0cd0826b298ea4d8eb5ffecf4a7503f3274f729c2df28f4a1e9ce52179730b4139804f256591149fd712be76ad3afd87bade4f58aab4234f
I had the suspicion that Tomcat generates another Session ID for every web application, so I renamed my main application's .war-File to ROOT.war and deployed it as the Root application. The Output was the following for the ROOT apllication:
Test HttpSession ID: B9F2D14A716C3A06E328F58ED0995D95 | Own Session ID: 039b1c0cd2726dcfa1d8585da589e05984cfb6c971e083423d8456673837ea954ead42728aecf93be358ed13c757e3848ee3eb061a2253350c7d6dc1a14c970c
AND for the apllication at path root/webapp1/:
Test HttpSession ID: BFD836C297B1BF8204D243387401CCA7 | Own Session ID: 039b1c0cd2726dcfa1d8585da589e05984cfb6c971e083423d8456673837ea954ead42728aecf93be358ed13c757e3848ee3eb061a2253350c7d6dc1a14c970c
The own Session ID is stored in the cookie and checked by the server. My conclusion is, that the browsers create Different cookies for each subpath of my domain.
Adding a Domain name to the Cookie finally did the trick, silly me :-)
回答1:
Have you checked the logs? What is the error are you getting in the logs or developer tool console (firebug?)?. A detailed log would be helpful in getting answer.
However the approach you are trying is definitely possible, if you have followed the correct approach.
Step 1 : Create a session
void createSession(String Username)
{
getThreadLocalRequest().getSession().setAttribute("Username", Username);
}
Step 2 : Set the cookie properly
String sessionID = /*(Get sessionID from server's response to your login request.)*/;
final long DURATION = 1000 * 60 * 60 * 24 * 14;
Date expires = new Date(System.currentTimeMillis() + DURATION);
Cookies.setCookie("sessionId", sessionID, expires, null, "/", false);
Step 3 : Validate the user session from the cookie you have set and user credentials.
boolean sessionAndUserValidFlag = false;
String sessionID = Cookies.getCookie("sessionId");
if ( sessionID != null )
{
sessionAndUserValidFlag = validateSession(sessionID);
}
if (sessionAndUserValidFlag)
{
//Continue login
}
else
{
//Display Login Popup
}
Your validateSession method may look something like this
public boolean validateSession(String sessionId)
{
if (getThreadLocalRequest().getSession().getId.equals(sessionId))
{
if ( getThreadLocalRequest().getSession().getAttribute("UserName") != null )
{
return true;
}
}
return false;
}
来源:https://stackoverflow.com/questions/14305654/cannot-use-same-cookie-for-multiple-gwt-applications