HttpSession
对 sessionid(base64)
进行编码,但 WebSession
不进行编码。我们有什么方法可以在 websession
中对会话 id 进行编码吗?
HttpSession
有以下代码,允许我们在设置cookie时控制编码
DefaultCookieSerializer serializer = new DefaultCookieSerializer();
serializer.setUseBase64Encoding(true);
return serializer;
websession
是否允许任何自定义或属性来启用类似于httpsession
的编码?
你可以像这样定义一个
WebSessionIdResolver
bean
@Component
public class CustomWebSessionIdResolver extends CookieWebSessionIdResolver {
private boolean useBase64Encoding = true;
private final ServerProperties serverProperties;
public CustomWebSessionIdResolver(ServerProperties serverProperties) {
this.serverProperties = serverProperties;
String cookieName = serverProperties.getReactive().getSession().getCookie().getName();
if (StringUtils.hasText(cookieName)) {
setCookieName(cookieName);
}
addCookieInitializer(this::initializeCookie);
}
@Override
public List<String> resolveSessionIds(ServerWebExchange exchange) {
MultiValueMap<String, HttpCookie> cookieMap = exchange.getRequest().getCookies();
List<HttpCookie> cookies = cookieMap.get(getCookieName());
if (cookies == null) {
return Collections.emptyList();
}
return cookies.stream().map(cookie -> (this.useBase64Encoding ? base64Decode(cookie.getValue()) : cookie.getValue())).toList();
}
@Override
public void setSessionId(ServerWebExchange exchange, String id) {
super.setSessionId(exchange, (this.useBase64Encoding ? base64Encode(id) : id));
}
private void initializeCookie(ResponseCookie.ResponseCookieBuilder builder) {
Cookie cookie = this.serverProperties.getReactive().getSession().getCookie();
PropertyMapper map = PropertyMapper.get().alwaysApplyingWhenNonNull();
map.from(cookie::getDomain).to(builder::domain);
map.from(cookie::getPath).to(builder::path);
map.from(cookie::getHttpOnly).to(builder::httpOnly);
map.from(cookie::getSecure).to(builder::secure);
map.from(cookie::getMaxAge).to(builder::maxAge);
map.from(getSameSite(cookie)).to(builder::sameSite);
}
private String getSameSite(Cookie properties) {
Cookie.SameSite sameSite = properties.getSameSite();
return (sameSite != null) ? sameSite.attributeValue() : null;
}
private String base64Encode(String value) {
byte[] encodedCookieBytes = Base64.getEncoder().encode(value.getBytes());
return new String(encodedCookieBytes);
}
private String base64Decode(String base64Value) {
try {
byte[] decodedCookieBytes = Base64.getDecoder().decode(base64Value);
return new String(decodedCookieBytes);
}
catch (Exception ex) {
return null;
}
}
}