1、瀏覽器第一次請求
瀏覽器cookie中沒有jsessionid,所以http請求包cookie中無jsessionid的值
tomcat收到http請求,取出cookie中的jsessionid,沒有取到值所以生成sessionid並保存到tomcat中, 且添加到request中,request.getSession().getId()可以獲取sessionid。
response返回結果時會告訴瀏覽器設置jsessionid
2、瀏覽器第二次訪問時
瀏覽器cookie中有jsessionid,所以http請求包cookie中會帶上jsessionid的值,
tomcat收到http請求,取出cookie中jsessionid,和tomcat中保存的sessionid對比,如果一致則不處理,如果不一致則重新生成一個sessionid並保存到tomcat,且添加到request中的sessionid。
注:此時request.getSession().getId()取到的sessionid是tomcat新生成的id,
從cookie中取到的id是瀏覽器發送請求是request帶過來的id。
Cookie[] cookies = (Cookie[]) request.getCookies();
// 從Cookie數據中遍歷查找, 並取jsessionid
if (null != cookies && cookies.length > 0) {
for (Cookie cookie : cookies) {
if ("JSESSIONID".equals(cookie.getName())) {
//有, 直接返回
return cookie.getValue();
}
}
}
wireshark抓包:
HTTP/1.1
Host: 10.26.201.210
Connection: keep-alive
Accept: application/json, text/javascript, /; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36
Referer: http://10.26.201.210/antimoneylaundering/login/loginIn
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: JSESSIONID=2A799C85B95F18D2E89854D99B95B8A3; CSESSIONID=a43ed30a1f81411d95fa1a8b251ef81b; user_Name=
HTTP/1.1 200 OK
Server: nginx/1.14.0
Date: Tue, 26 Jun 2018 07:56:26 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 54
Connection: keep-alive
Set-Cookie: JSESSIONID=e107642b95724c61aeb242d8dcf4f07b; Path=/
X-Content-Type-Options: nosniff
{"errorNo":"0","user_Name":"18368868043","switch":"0"}GET /antimoneylaundering/query/searchHomePage HTTP/1.1