Solve the problem of inconsistent cookies before and after Java background login

2019-08-09 • Java

Recently, the company's security group raised a bug that requires us to log in with inconsistent cookies. This is a wonderful bug.

The requirements are as follows:

Train of thought analysis:

My solution: delete the jsessionid in the cookie on the login page to realize the inconsistency of the cookie. This approach is a symptom rather than a root cause. It is simple and rough, but it still meets the needs.

Another solution: replace sessionid (request. Getsession()) in the Java background invalidate(); First back up the key and value in the session, and then re set into a new session); (I don't know why I can't implement it. Sessionid won't change. It's still the same as before, but other systems in the company can implement it. I'm consistent with his implementation principle, that is, the framework is different. Is it the reason for the framework? If you have any other solutions, please give me some advice, thank you!)

The above is the whole content of this article. I hope the content of this article can bring some help to your study or work. At the same time, I also hope to support a lot of programming tips!

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.

THE END

Java

二维码

Detailed explanation of java thread (thread, runnable, callable) examples

< <上一篇

Android determines which mobile operator the SIM card belongs to. Details and examples

下一篇>>

搜索内容

Solve the problem of inconsistent cookies before and after Java background login

热门文章