找到你要的答案

Q:Chrome App does not remove session cookies (JSessionId) unless all instances are closed

Q:Chrome应用程序不会删除会话cookie(jsessionid)除非所有实例关闭

I see a serious design issue with how chrome apps are closed and how JSession or other http cookies are maintained.

In our current Chrome App, we are hitting a Restful site (Site B) to fetch some information after authentication. Site B returns the Http only JSESSIONID cookie in the response.

Now there is no way that I can simple logout or reload or close=>open the Chrome App and use a different authentication to access Site B, because Chrome App sends the same JSESSIONID again which is received during previous authentication. More worse even if I pass authentication header with wrong userid/password, that is also allowed because as per the Java Spec JSessionId is given the preference over the authentication header.

There is no way in Chrome App that I can delete this Http only JSessionID or restrict the Ajax call (XHR request) to avoid sending the JSession Id. Even if you pass a wrong JSESSIONID with the URL, that does not work because as per the Java Spec, the JSESSIONID from the cookie is given precedence over the one in the URL.

Even If I considered all the above behaviour is per the Java Specs, then at least one would expect that the session cookies are automatically deleted when the Chrome App is close or reloaded. But it seems that the session cookies are not deleted because the corresponding chrome.exe instance is still running in the background. Once you close all the chrome browser instances and/or manually kill all the chrome instances from the Task Manager and reload the app, only then it works because now the session cookies are removed.

Can someone help me find out the chrome app APIs or settings which
1) remove the session cookies when the Chrome app is closed and reloaded. 2) kill the chrome.exe instance when the Chrome app is closed.

I am not looking for any kind of manual process.

Thanks in advance. Kanchan

我看到一个严重的设计问题,怎样的Chrome应用程序关闭,如何jsession或其他HTTP cookies保存。

在我国目前的Chrome应用程序,我们正在到达一个宁静的站点(站点B)获取一些信息认证后。网站B返回HTTP响应中只有JSESSIONID cookie。

Now there is no way that I can simple logout or reload or close=>open the Chrome App and use a different authentication to access Site B, because Chrome App sends the same JSESSIONID again which is received during previous authentication. More worse even if I pass authentication header with wrong userid/password, that is also allowed because as per the Java Spec JSessionId is given the preference over the authentication header.

没有办法,我可以在Chrome应用程序删除此HTTP是jsessionid或者限制Ajax调用(XHR请求)来避免发送jsession ID。即使你的URL传递一个错误的JSESSIONID,无法工作,因为按照java规范,从饼干的JSESSIONID的优先级高于在URL一个。

即使我认为上述行为是按照java规范,那么至少有一个期望,会话cookie被自动删除,当Chrome应用程序是关闭或重新加载。但似乎会话cookie不会被删除,因为相应的Chrome.exe实例仍在后台运行。一旦你关闭所有的Chrome浏览器实例和/或手动杀死所有的铬实例从任务管理器和重新加载应用程序,只有它的工作原理,因为现在会话cookie被删除。

Can someone help me find out the chrome app APIs or settings which
1) remove the session cookies when the Chrome app is closed and reloaded. 2) kill the chrome.exe instance when the Chrome app is closed.

我不是在寻找任何一种手工过程。

Thanks in advance. Kanchan

answer1: 回答1:

I'm afraid you're hitting something that's known to be missing from Chrome Apps platform.

Namely, there are no methods for managing cookies for XHRs originating from a Chrome App. Here's a related issue, see comment #11 specifically.

As mentioned in the issue, it's extremely clumsy but you could try and use a <webview> tag and make requests from within it. The cookies in it do not persist and can be manually cleared.

我担心你击中的东西是已知的铬应用平台失踪。

即,没有方法管理饼干源自Chrome应用XHRs。这是一个相关的问题,看评论# 11具体。

在这个问题中所提到的,这是非常笨拙,但你可以尝试使用<;WebView >;标签和提出要求的。它中的Cookie不持久,可以手动清除。

google-chrome-app