admin管理员组

文章数量:1310108

I've got a simple Single Page Application using jetty websockets for munication between server and client.

Problem: Each time I have reload page my websocket connection is disabled and new is initialized. The problem is that user should relogin on each page refresh.

Question: How can I eliminate the need of relogin on page refresh?

EDITED: Faced the next problem: how to decide when session should be deleted? I've a peer object on the server side which is a nothing else but websocket session container. Peer is deleted on onClose method, which in turn is invoked on droping client side websocket. Here the problem es: when user press F5 -> client side websocket is broken -> server delete appropriate websocket -> client side try to reload a page and check if there is any session AND FIND NOTHING. On the other hand I can't cease removing y peers (sessions) at all.

Question: How can I tell server when to remove my peers?

I've got a simple Single Page Application using jetty websockets for munication between server and client.

Problem: Each time I have reload page my websocket connection is disabled and new is initialized. The problem is that user should relogin on each page refresh.

Question: How can I eliminate the need of relogin on page refresh?

EDITED: Faced the next problem: how to decide when session should be deleted? I've a peer object on the server side which is a nothing else but websocket session container. Peer is deleted on onClose method, which in turn is invoked on droping client side websocket. Here the problem es: when user press F5 -> client side websocket is broken -> server delete appropriate websocket -> client side try to reload a page and check if there is any session AND FIND NOTHING. On the other hand I can't cease removing y peers (sessions) at all.

Question: How can I tell server when to remove my peers?

  • java
  • javascript
  • jakarta-ee
  • websocket
  • single-page-application
Share Improve this question edited Feb 14, 2014 at 14:18 VB_ asked Feb 10, 2014 at 10:55 VB_VB_ 45.7k44 gold badges160 silver badges311 bronze badges 4
  • stackoverflow./a/21675335/884770 – oberstet Commented Feb 10, 2014 at 11:45
  • @oberstet my application should support Chrome and Firefox. As I understand it's impossible at the moment. Am I right? – VB_ Commented Feb 10, 2014 at 11:47
  • 1 Firefox does not (yet) support opening WebSocket connections from Web workers (neither dedicated nor shared). So if Firefox is required, then "no, not possible". bugzilla.mozilla/show_bug.cgi?id=504553 – oberstet Commented Feb 10, 2014 at 12:50
  • @oberstet see updated version of my question please. – VB_ Commented Feb 11, 2014 at 8:25
Add a ment  | 

2 Answers 2

Reset to default 7

To eliminate the need to authenticate a WebSocket connection upon each new connection establishment you can use cookies.

Authenticate the WebSocket connection upon first time, set cookie on the WebSocket connection, and recheck the cookie upon a new connection.

This requires a WebSocket server that allows to read and set cookies on a WebSocket connection.

If the WebSocket connection is served from the same origin as the HTML page containing the JavaScript that opens the WebSocket connection, you could also use a "normal" HTML form based login plus cookie procedure:

  1. User opens "login.html", which contains a HTML form for login
  2. User enters username/password, which submits the HTML form via HTTP/POST to some URL
  3. The server checks the credentials, and when successful, generates a random cookie, stores the cookie, and sets the cookie on the HTML page returned from the HTTP/POST
  4. This latter returned page then opens a WebSocket connection to the server (which is on same origin, and hence the previously set cookie is set)
  5. The WebSocket server in the opening handshake checks if there is a cookie, and if the cookie is stored in the DB for logged-in users
  6. If so, the WebSocket connection succeeds. If not, the WebSocket server does not establish a connection, but redirects the user to 1.

JWT is also a beautiful approach. If WS is embedded with a running application and you can reuse the same JWT token.

You can pass in some other details in the JWT also

本文标签: javaWebsocket maintain user session after page reloadingStack Overflow

版权声明:本文标题:java - Websocket: maintain user session after page reloading - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741853568a2401209.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。