Recently, the company's security team raised a bug, requiring us to have inconsistent cookies before and after logging in, which is a weird bug.
The requirements are as follows:
Idea Analysis:
My solution: Delete the JSESSIONID in the cookie on the login page, and you can achieve inconsistency between cookies. This approach is to treat the symptoms but not the root cause, which is simple and crude, but it still meets the needs.
//Delete JSESSIONIDdocument.cookie in the cookie = "JSESSIONID=0;path=/;expires="+(new Date(0)).toGMTString();
Another solution: Replace sessionid (request.getSession().invalidate()); first backup the key and value in the session, and then set it to a new session) can also meet the needs; (I don’t know why I can’t implement it, sessionid will not change, it is still the same as before, but other systems of the company can implement it. My implementation principle is the same as his, that is, the framework is different. Is it the reason for the framework? If you have any other solutions, you can give me some advice, thank you!)
The above is all the content of this article. I hope that the content of this article will be of some help to everyone’s study or work. I also hope to support Wulin.com more!