我又来问问题了。
前后端分离项目。
前端页面提交账号密码,通过了SpringSecurity验证之后我发现存在session属性只有一个,叫做SPRING_SECURITY_CONTEXT。这里面什么信息都有,唯独sessionid是null。
SPRING_SECURITY_CONTEXT == org.springframework.security.core.context.SecurityContextImpl@45255fd3: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@45255fd3: Principal: org.springframework.security.core.userdetails.User@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ADMIN
很明显SessionId是存在的,只不过没用存进去。
打印如下:
SessionId = 98841769712EB6A3B78D6CB28E3C0A71
但是如果再次提交登陆信息那么原sessionid就会写道SPRING_SECURITY_CONTEXT里面去,但是这个时候页面的sessionid也变化了,
打印如下:
*** Session data ***
SPRING_SECURITY_CONTEXT == org.springframework.security.core.context.SecurityContextImpl@4525caad: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@4525caad: Principal: org.springframework.security.core.userdetails.User@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 127.0.0.1; SessionId: 98841769712EB6A3B78D6CB28E3C0A71; Granted Authorities: ROLE_ADMIN
SessionId = E8EA0D0FE69D4BA6C4CB7E9D8931DF56
我后来设置了http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS); 解决了。
我不太明白springsecurity是什么时候获取的sessionid 还有就是什么时候朝session里面写的SPRING_SECURITY_CONTEXT,在源码里面没有找到。
前后端分离项目。
前端页面提交账号密码,通过了SpringSecurity验证之后我发现存在session属性只有一个,叫做SPRING_SECURITY_CONTEXT。这里面什么信息都有,唯独sessionid是null。
SPRING_SECURITY_CONTEXT == org.springframework.security.core.context.SecurityContextImpl@45255fd3: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@45255fd3: Principal: org.springframework.security.core.userdetails.User@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ADMIN
很明显SessionId是存在的,只不过没用存进去。
打印如下:
SessionId = 98841769712EB6A3B78D6CB28E3C0A71
但是如果再次提交登陆信息那么原sessionid就会写道SPRING_SECURITY_CONTEXT里面去,但是这个时候页面的sessionid也变化了,
打印如下:
*** Session data ***
SPRING_SECURITY_CONTEXT == org.springframework.security.core.context.SecurityContextImpl@4525caad: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@4525caad: Principal: org.springframework.security.core.userdetails.User@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 127.0.0.1; SessionId: 98841769712EB6A3B78D6CB28E3C0A71; Granted Authorities: ROLE_ADMIN
SessionId = E8EA0D0FE69D4BA6C4CB7E9D8931DF56
我后来设置了http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS); 解决了。
我不太明白springsecurity是什么时候获取的sessionid 还有就是什么时候朝session里面写的SPRING_SECURITY_CONTEXT,在源码里面没有找到。
