After user authentication, subsequent requests from the user do not need to be re-authenticated. This is achieved using JSESSIONID.But I'm not sure how the JSESSIONID goes? As a header field or as a cookie field. Or the application developer may choose one approach or another.
Can someone explain how this works when spring-security is used for authentication and authorization.
JSESSIONID , , . , JSESSIONID HttpServletRequest HttpServletResponse. , .
, .
- JSESSIONID, , , .
JSESSIONID, cookie, , cookie, , .
JSESSIONID - cookie, J2EE, cookie HTTP cookie, [cookie1] = [value1]; [Cookie2] = [2];...
:
Cookie: userLocale=en; userTimezone=Europe/Berlin; JSESSIONID=DCFE1E7FB2C6BFFDD5153B7C79B9CEED; _ga=GA1.1.1774863087.1561033937
It will be sent as
Cookies: JSESSIONID = CFU; customCookie = SOMEOTHERTHIG
In a hat
Source: https://habr.com/ru/post/1681962/More articles:Redux submit actions after requesting a React Apollo request - javascriptPostman: more descriptive tv4 check error message - jsonJavaConfig Spring Web Flow returns 404 not found (JSP) - javaR: addPolygons по группам - rParse time on Android - javaWhy can't using block safely initialize var? - kotlinКак Eclipse показывает интерфейс запуска так быстро - javaПочему переменная не может быть правильно инициализирована в встроенной функции, как в java? - variablesSaving image blob - javascriptjava attach zip to send by email - javaAll Articles