tomcat jsession原理

一、浏览器第一次请求

浏览器cookie中没有jsessionid,因此http请求包cookie中无jsessionid的值

tomcat收到http请求，取出cookie中的jsessionid,没有取到值因此生成sessionid并保存到tomcat中, 且添加到request中，request.getSession().getId()能够获取sessionid。

response返回结果时会告诉浏览器设置jsessionid

二、浏览器第二次访问时

浏览器cookie中有jsessionid，因此http请求包cookie中会带上jsessionid的值，

tomcat收到http请求，取出cookie中jsessionid，和tomcat中保存的sessionid对比，若是一致则不处理，若是不一致则从新生成一个sessionid并保存到tomcat，且添加到request中的sessionid。

注：此时request.getSession().getId()取到的sessionid是tomcat新生成的id，

从cookie中取到的id是浏览器发送请求是request带过来的id。

Cookie[] cookies = (Cookie[]) request.getCookies();

// 从Cookie数据中遍历查找, 并取jsessionid

if (null != cookies && cookies.length > 0) {

for (Cookie cookie : cookies) {

if ("JSESSIONID".equals(cookie.getName())) {

//有, 直接返回

return cookie.getValue();

}

}

}

wireshark抓包：

HTTP/1.1

Host: 10.26.201.210

Connection: keep-alive

Accept: application/json, text/javascript, /; q=0.01

X-Requested-With: XMLHttpRequest

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36

Referer: http://10.26.201.210/antimoneylaundering/login/loginIn

Accept-Encoding: gzip, deflate

Accept-Language: zh-CN,zh;q=0.9

Cookie: JSESSIONID=2A799C85B95F18D2E89854D99B95B8A3; CSESSIONID=a43ed30a1f81411d95fa1a8b251ef81b; user_Name=

HTTP/1.1 200 OK

Server: nginx/1.14.0

Date: Tue, 26 Jun 2018 07:56:26 GMT

Content-Type: text/html;charset=UTF-8

Content-Length: 54

Connection: keep-alive

Set-Cookie: JSESSIONID=e107642b95724c61aeb242d8dcf4f07b; Path=/

X-Content-Type-Options: nosniff

{"errorNo":"0","user_Name":"18368868043","switch":"0"}GET /antimoneylaundering/query/searchHomePage HTTP/1.1