ログイン後にjsessionidを再生産する方法
public class RenewSessionValve implements Valve{
public void invoke(Request request, Response response)
throws IOException, ServletException {
// check for the login URI, only after a login
// we want to renew the session
if (req.getRequestURI().
contains("/portal/j_security_check")) {
// step 1: save old session
Session oldSession = req.getSessionInternal(true);
SavedRequest saved = (SavedRequest) oldSession.
getNote(Constants.FORM_REQUEST_NOTE);
// step 2: invalidate old session
req.getSession(true).invalidate();
req.setRequestedSessionId(null);
req.clearCookies();
// step 3: create a new session and set it to the request
Session newSession = req.getSessionInternal(true);
req.setRequestedSessionId(newSession.getId());
// step 4: copy data pointer from the old session
// to the new one
if (saved != null) {
newSession.setNote(Constants.FORM_REQUEST_NOTE, saved);
}
}
}
}
reference: http://www.koelnerwasser.de/?p=11