Nigix behind with the two Tomcat is linked to the presence Redis springMVC session item
However, on-line data is added after the reaction user A, user B becomes, the online search scheme is as follows:
Solution, Nginx proxy_hide_header provide instructions can be removed in response to the associated header information in the following configuration file nginx.conf:
proxy_hide_header Set-Cookie;
server { listen 8080; server_name www.abc.com; #charset koi8-r; #access_log logs/host.access.log main; location / { proxy_pass http://www.abc.com; proxy_hide_header Set-Cookie; } }
In addition, because j2ee applications may default when the user first visits, rewrite links, plus jsessionid = ..., can lead to string session,
You need to add in web.xml:
<tracking-mode>COOKIE</tracking-mode>
<session-config>
<session-timeout>120</session-timeout>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
Also additional configuration details about the session-conifg
In many cases, you can use HTTP session directly in Java EE, you do not need to add to the display configuration. However, they may be arranged in the deployment descriptor, and for security purposes should be disposed. Using the <session-config> tag arranged session deployment descriptor.
Sample
<session-config> <session-timeout>30</session-timeout> <cookie-config> <name>JSESSIONID</name> <domain>example.org</domain> <path>/shop</path> <comment> <!-- some information --> </comment> <http-only>true</http-only> <secure>false</secure> <max-age>1800</max-age> </cookie-config> <tracking-mode>COOKIE</tracking-mode> <tracking-mode>URL</tracking-mode> <tracking-mode>SSL</tracking-mode> </session-config>
Learn Session Properties Group
All tags <session-config> and <cookie> are optional, but if the use of these labels, it must be added to the deployment descriptor of the present embodiment in the order (except for the label to be ignored). Tag <session-timeout> specifies an invalid session before, you may remain inactive time in minutes. If the value is less than or equal to 0, the session will never expire.
<tracking-mode> is used to indicate which technology should be used to track the session ID of the container, its legal values are:
URL ---- vessel will only be embedded session ID in the URL. Do not use a cookie or SSL session ID. This approach is very unsafe.
COOKIE ----- container will use the session cookie to track the session ID. This technique is very safe.
---- container uses SSL SSL session ID as an HTTP session ID. This method is the safest way, but all requests must be required to use HTTPS requests.
May be configured as a plurality of values <tracking-mode>, the container can represent various strategies.
Only use a COOKIE in tracking mode, you can only use <cookie-config> tag.
You can customize the name of the custom session cookie via the tag <name>. The default value JSESSIONID
tag <domain> and <path> Domain corresponds to the cookie and Path properties. Web container have set the correct default values, so usually do not need to customize them.
Tags <comment> Comment added session ID cookie in characteristics, which may be added in any text. This is often used to explain the purpose of a cookie and privacy policy tells users of the site.
Tag <http-only> and <secure>
Finally, a tag <max-age> Max-Age specifies the characteristics of the cookie, the cookie expires controls when. By default, cookie no expiration date, which means it will expire when the browser is closed. You can customize this value, in seconds (<session-timeout> in minutes).