应用使用Struts2、Ajax构建,其中某一业务需要使用Token,限制用户提交一次有效,Token后端是放Redis中,使用SESSIONID作为Key(相当于放SESSION中),前端使用一个JS变量来接收生成的Token。在后续提交业务请求时,需要将此JS中的Token值传递到后端,用来校验,但现在发现很多请求没有Token值,求解。
JS里的Token变量是在加载页面(index.jsp)时由一个Action转发过来的,这个过程中会写入Token值到JS变量中
<script >
var token = "${token}" ;
</script>后面的业务使用Ajax提交,提交时参数使用token变量作为参数之一提交到后端进行校验,后端日志发现大量请求没有Token值,是什么原因,求解!
伊谢尔伦2017-04-17 17:45:12
To simplify the question, depending on the meaning of the question, the subsequent token processing part should be ignored. Currently, there is no token in the ajax request. Then, first you need to confirm whether the token on the page has been output. You can do a simple stress test to see the results. If there is no problem with the js code, then the value will be sent as long as it exists. So it seems that there may be a problem with the previous token, causing this value not to be output on the page.
ringa_lee2017-04-17 17:45:12
Token is not recommended to be hard-coded into js code. It is recommended to write it in a hidden domain. Then js gets the value again.
