我使用的是web逻辑10.3。我已经设置了Cookie的安全性,并开始在URL中获取jsession id。
在我的JPF控制器中,我们使用注释:@jpf.Controller(loginRequired = true)
当我修改weblogic.xml文件时对于URL重写为false,我的应用程序无法跟踪会话。来自控制器CCD_ 2的手段来了并且应用程序没有注销,出现错误时并没有登录用户。
有人能帮忙吗?这样我就可以从URL中删除jsession id,并且cookie保持安全?
When we set our cookies as secure,
it will be no longer shareable on HTTP so framework will create a jsession id and append this id to URL so that session tracking can be done.
But when we think about to disable URL Re-writing means to remove jsession Id from URl.
In this case just try to redirect your application on HTTPS from HTTP.
On HTTPS secure cookies will be shareable.
To redirect http to https you need to implement a tg in web.xml
<security-constraint>
..................
..................
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL<transport-guarantee>
<user-data-constraint>
<security-constraint>