如何有效预防并解决sessionfixationattack的长期风险问题?
- 内容介绍
- 文章标签
- 相关推荐
本文共计97个文字,预计阅读时间需要1分钟。
Spring Boot集成Security与Redis进行分布式会话管理时遇到错误:Servlet容器未更改新创建的会话ID。错误信息如下:- Your servlet container did not change the session ID when a new session was created.- You
Springboot集成Securityredis进行分布式会话报错YourservletcontainerdidnotchangethesessSpringboot集成Securityredis进行分布式会话报错
Your servlet container did not change the session ID when a new session was created. You will not be adequately protected against session-fixation attacks
解决办法
HttpSession htsession request.getSession();
htsession.invalidate();
HttpSession newsession request.getSession(true);
security.sessionManagement().sessionFixation().none();
亲测有效。
本文共计97个文字,预计阅读时间需要1分钟。
Spring Boot集成Security与Redis进行分布式会话管理时遇到错误:Servlet容器未更改新创建的会话ID。错误信息如下:- Your servlet container did not change the session ID when a new session was created.- You
Springboot集成Securityredis进行分布式会话报错YourservletcontainerdidnotchangethesessSpringboot集成Securityredis进行分布式会话报错
Your servlet container did not change the session ID when a new session was created. You will not be adequately protected against session-fixation attacks
解决办法
HttpSession htsession request.getSession();
htsession.invalidate();
HttpSession newsession request.getSession(true);
security.sessionManagement().sessionFixation().none();
亲测有效。