Cookie same name problem (pseudo-title)

2010-08-13  来源:本站原创  分类:Web  人气:178 

CSDN out of school yesterday with two weeks without landing, Cookie achieved through the actual steps are as follows:

1. Landfall generate Cookie, set the expiration time for the two weeks. Tapestry corresponding code is as follows:

@Inject
        private Request request;

        @Inject
        private RequestGlobals requestGlobals;

       Object onSubmitFromloginForm() {
               saveLoginInfo();
               user=?  //get user from database
        }       

        private void saveLoginInfo() {
                Cookie cookie = new Cookie("user", "true");
                String contextPath = request.getContextPath();
                cookie
                                .setPath(contextPath != null && contextPath.length() > 0 ? contextPath
                                                : "/");
                cookie.setMaxAge(60*60*24*7*2);
                cookie.setSecure(request.isSecure());
                requestGlobals.getHTTPServletResponse().addCookie(cookie);
        }

Course focuses on saveLoginInfo method. By the way, Tapestry of the injection function is indeed a powerful and convenient.

2. When the jump to the Login page is to check whether the Cookie expires, if not, then skip the landing.

@Inject
        private Cookies cookies;

        Object onActivate() {
                String userId=cookies.readCookieValue("user");
                if(userId==null){
                        return null;   //If no login Cookie, keep on Login page
                }

                if(user==null){
                        user = ?   //get user from database.
                        if (user != null l) {
                                return null;
                        }
                }
                return Main.class;  // or else, go to main page.
        }

In fact, this step has already completed two weeks without landing request.

However, there is a cancellation of my site feature is the deleted cookie. Code is as follows

cookies.removeCookieValue("user")

Now what happened was depressed, no matter how I point Log out, always Zhu Xiao can not seem to this user Cookie is always there, no way to remove. Finally, I tried a new tactic, clear your browser history (actually clear the Cookie ), the results of my Log out in force!

Analysis of the following reasons: the user Cookie's name too common, there may be some other site with the domain also has the Cookie, as long as that page does not turn off the Cookie has been effective. Of course, this is just speculation. Did not prove that the problem can not reproduce, so you can guess right.

Anyway, I decided to use a less common cookie name .... also asked a similar experience brothers, talk about your opinions.

-------------------------------------------------- ---

-------------------------------------------------- ---

Further study found that the problem is not the same name Cookie. But Tapesty5 the Bug, because Cookie is not really deleted. After my test, this

cookies.removeCookieValue("user");

Only the root directory of the site the situation is to take effect, such as http://localhost:8080/Main, if not in force into http://localhost:8080/MySystem/Main. This is why I did not use the jetty development and debugging problems, but to deploy to the server have the problem. Tapestry of Wiky found in the method. Use the following code to delete Cookie.

private void delLoginInfo() {
                // cookies.removeCookieValue(“user”);
                Cookie cookie = new Cookie(
                                Start.loginCookie,
                                null);
                String contextPath = request.getContextPath();
                cookie
                                .setPath(contextPath != null && contextPath.length() > 0 ? contextPath
                                                : "/");
                cookie.setMaxAge(0);
                cookie.setSecure(request.isSecure());
                requestGlobals.getHTTPServletResponse().addCookie(cookie);
        }
相关文章
  • Cookie same name problem (pseudo-title) 2010-08-13

    CSDN out of school yesterday with two weeks without landing, Cookie achieved through the actual steps are as follows: 1. Landfall generate Cookie, set the expiration time for the two weeks. Tapestry corresponding code is as follows: @Inject private R

  • Open IE UTF-8 encoded page title in Chinese is displayed a blank page 2010-08-27

    When doing site encountered this problem solved itself! , Perhaps people have left this issue we have enclosed a simple solution: the page file <head> </ head> tag in the definition of a certain character should be <meta http-equiv="Co

  • Cookie和Session的工作原理及Cookie欺骗(二) 2013-08-21

    cookie欺骗原理 正如我们所知道的,在网络词汇中,cookie是一个特殊的信息,虽然只是服务器存于用户计算机上的一个文本文件,但由于其内容的不寻常性(与服务器有一定的互交性,且常会存储用户名,甚至口令,或是其它一些敏感信息,例如在江湖或是一些社区中,常会用cookie来保存用户集分,等级等等).因而成为一些高手关注的对象,借此来取得特殊权限,甚至攻克整个网站.以下是自己在xp,2003上做过的测试关于javascrīpt中对cookie的应用. 一.cookie的建立 在讲如何建立cooki

  • selenium webdriver(6)-cookie相关操作 2015-01-05

    介绍selenium操作cookie之前,先简单介绍一下cookie的基础知识 cookie cookie一般用来识别用户身份和记录用户状态,存储在客户端电脑上.IE的cookie文件路径(win7): "C:\Users\用户名\AppData\Roaming\Microsoft\Windows\Cookies" 如果windows下没有cookies文件夹,需要把隐藏受保护的系统文件夹前面的勾去掉:chrome的cookie路径(win7): "C:\Users\用户名\

  • 老生常谈session,cookie的区别,安全性 2015-05-07

    一,为什么session,cookie经常会有人提到 做web开发的人基本上都会用session和cookie,但是仅仅只是会用,并不知道session和cookie的真正的工作原理,都只是凭着感觉来猜测.web开发者只要利用它们来完成工作就行了,所以每个人的理解基本都会有大同小异,我想这就是session,cookie经常会被讨论的原因.本文也是根据个人经验,以及个人所学,对session,cookie的一些看法,纯属个人见解,希望得到大家的更正和建议. 二,什么cookie cookie分为

  • php session across pages missing issues 2010-08-18

    php session loss PHP dynamic page 433 comments 0 2009-10-16 11:47:02 read font size: small medium and large Use the session cookie set aside PHP SESSION not cross-page delivery of solutions to the problem Had been used in the PHP SESSION's friends en

  • The session fully PHP5 articles 2011-06-01

    session cookie and what's the use? Common usage, such as members of some sites to download things to be logged. http protocol itself is stateless, and no way of knowing whether the customer has logged in, how should we do? cookie and the session can

  • JSP built-in objects Xiang Jie - rpm 2010-03-23

    jsp nine built-in objects: request, reponse, out, session, application, config, pagecontext, page, exception. 1. Request object: This object encapsulates the information submitted by users, by calling the appropriate method of the object can access t

  • zju 1520 Duty Free Shop 2010-03-24

    http://acm.zju.edu.cn/onlinejudge/showProblem.do?problemCode=1520 DP problem. This title means that to find a solution closest to M, then the rest of the comparison with L. Since, M, L less than 1000, and n <M + L <2000, so direct use of the array w

  • Linux File Find command find, xargs details 2010-04-22

    Linux File Find command find, xargs details <! - Begin content -> Summary: zhy2111314 From: LinuxSir.Org Order: North South North Abstract: This paper is a detailed description of the command find, valuable is for the parameters cited many instances

  • Java Properties file to read the six methods 2010-07-08

    Properties file using the J2SE API to read the six methods 1. Using the java.util.Properties class load () method example: InputStream in = lnew BufferedInputStream (new FileInputStream (name)); Properties p = new Properties (); p.load (in); 2. Use j

  • send a GET or POST request python to do some interesting 2010-08-18

    An article is not about hacking or security topic! 2 Use the script to send GET or POST, which is the simplest and most common one of the most frequent things; then why do I have to YY again? Not only is practice makes perfect, cooked a lot of things

  • The demand for product management in priority to sort? 2010-11-04

    There is such a problem, the title is: Suppose now that you are responsible for the design of a product, please note that this premise, there are a number of needs listed here, please look at the order of discharge. A, marketing partner to provide yo

  • FLEX custom components to do the calculator interface 2010-11-05

    package components { import mx.containers.VBox; import mx.containers.Tile; import mx.controls.TextInput; import mx.controls.Button; import mx.events.FlexEvent; import flash.events.Event; import flash.events.MouseEvent; public class NumericDisplay ext

  • AY: Comprehensive Analysis of site factors and remedial measures to be K 2010-12-03

    Web site to listen to a lot of friends that recently has been Baidu K, after scolding the grievances of Baidu, all I do not know, perhaps because they are doing seo optimization process is Baidu which does not comply with the rules and the ranking al

  • Java properties file to read [transfer] 2010-12-29

    Java properties file to read] [switch Use J2SE API methods to read documents in the six Properties 1. Using the java.util.Properties class load () method example: InputStream in = lnew BufferedInputStream (new FileInputStream (name)); Properties p =

  • Demand for product management in priority to sort? 2010-11-04

    There is a problem, the title is: Suppose you are responsible for the design of a product, please note that this premise, there are a number of needs listed here, please look at the order of discharge. A, the market partners to provide you with the d

  • ASP小偷程序如何利用XMLHTTP实现表单的提交 2015-04-11

    [原创]ASP小偷程序如何利用XMLHTTP实现表单的提交以及cookies或session的发送 利用XMLHTTP来制作小偷的具体细节落伍很多人都发过和讨论过了,但是在制作ASP小偷的过程中,很多人就发现ASP小偷不如PHP小偷的那么强 大了.确实,如果在原网站如果存在表单提交或cookies的验证,对于ASP来说,不使用基于SOCKET的组件就难以完成,其实,XMLHTTP的另外两 个方法被我们忽略了,而这正是问题的关键. 下面首先来说说这个方法 1..send() 由于流行的小偷是使用的

  • HttpClient cookie problem 2010-04-05

    Today, analog web log write stress test code, first thought was to do stress testing httpclient not necessary because the simulation page operation, as long as the server caused by loading on the line. The company's system architecture is SSH, my ide

  • Page with the title character sets defined the location of the problem led to a blank IE page 2010-07-08

    When the character set defined in the title after the time, ie may appear white pages, white pages such as this occur custom google search page source: <html><head> <title>Google Search </title> <meta HTTP-EQUIV="content-ty