ログイン後にjsessionidを再生産する方法

1493 ワード

  • store the old session
  • invalidate the old session
  • generate a new session
  • copy the data of the old session into the new session

  •  
    public class RenewSessionValve implements Valve{
    
     public void invoke(Request request, Response response)
        throws IOException, ServletException {
    
     	// check for the login URI, only after a login
    	// we want to renew the session
    	if (req.getRequestURI().
    		contains("/portal/j_security_check")) {
    
     	  // step 1: save old session
    	  Session oldSession = req.getSessionInternal(true);
    	  SavedRequest saved = (SavedRequest) oldSession.
    				getNote(Constants.FORM_REQUEST_NOTE);
    
    	  // step 2: invalidate old session
    	  req.getSession(true).invalidate();
    	  req.setRequestedSessionId(null);
    	  req.clearCookies();
    
    	  // step 3: create a new session and set it to the request
    	  Session newSession = req.getSessionInternal(true);
    	  req.setRequestedSessionId(newSession.getId());
    
    	  // step 4: copy data pointer from the old session
    	  // to the new one
    	  if (saved != null) {
    	    newSession.setNote(Constants.FORM_REQUEST_NOTE, saved);
    	  }
    
    	}
    
     }
    
    }

     
    reference: http://www.koelnerwasser.de/?p=11