You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@servicecomb.apache.org by GitBox <gi...@apache.org> on 2020/01/16 09:13:46 UTC

[GitHub] [servicecomb-java-chassis] whuxiari opened a new issue #1542: 为什么服务端读出的cookie会丢失内容？

whuxiari opened a new issue #1542: 为什么服务端读出的cookie会丢失内容？
URL: https://github.com/apache/servicecomb-java-chassis/issues/1542
 
 
   背景：
   1、由于题主的微服务前端是嵌入在某个框架上的，需要用到框架的cookie来做相关的认证。因此，cookie是由别的框架写入的，题主的的微服务二级域名和框架的二级域名相同，因此不会产生跨域问题。
   2、在题主微服务后端的Nginx查看，cookie中的authInfo字段内容是有到Nginx的，但在服务端解析时，却丢失了这部分内容。
   3、题主试过对authInfo字段进行URL编码，通过工具发送请求到服务端，服务端是可以获取到authInfo这部分内容的。
   
   nginx截图：
   ![image](https://user-images.githubusercontent.com/9291379/72509956-887d3680-3883-11ea-8da6-e3662c438f89.png)
   
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

[GitHub] [servicecomb-java-chassis] whuxiari commented on issue #1542: 为什么服务端读出的cookie会丢失内容？

Posted by GitBox <gi...@apache.org>.

whuxiari commented on issue #1542: 为什么服务端读出的cookie会丢失内容？
URL: https://github.com/apache/servicecomb-java-chassis/issues/1542#issuecomment-575960365
 
 
   是Cookie的一部分，不过从F12上看也是在请求头上。
   
   ![image](https://user-images.githubusercontent.com/9291379/72673660-c27b5200-3aa8-11ea-9218-33a5cc942e6f.png)
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

[GitHub] [servicecomb-java-chassis] whuxiari commented on issue #1542: 为什么服务端读出的cookie会丢失内容？

Posted by GitBox <gi...@apache.org>.

whuxiari commented on issue #1542: 为什么服务端读出的cookie会丢失内容？
URL: https://github.com/apache/servicecomb-java-chassis/issues/1542#issuecomment-575962304
 
 
   可以确认是框架解析cookie的时候因为某些机制过滤了authInfo的字段，参考下面两个截图，从请求头中直接获取cookie是可以拿到authInfo字段的。
   
   ![image](https://user-images.githubusercontent.com/9291379/72674041-1daf4380-3aad-11ea-9b64-2979fe9d62ac.png)
   
   
   ![image](https://user-images.githubusercontent.com/9291379/72674037-1425db80-3aad-11ea-82ca-cfd4371c0c4f.png)
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

[GitHub] [servicecomb-java-chassis] liubao68 commented on issue #1542: 为什么服务端读出的cookie会丢失内容？

Posted by GitBox <gi...@apache.org>.

liubao68 commented on issue #1542: 为什么服务端读出的cookie会丢失内容？
URL: https://github.com/apache/servicecomb-java-chassis/issues/1542#issuecomment-575426995
 
 
   看你的描述没太理解里面的过程。 Nginx -> 服务端； 工具 -> 服务端 这两个过程看起来场景是一样的，不应该存在不一样的情况。 
   
   不过使用java-chassis需要有个主意的地方，如果经过多跳到达服务端：比如 Nginx -> Edge service -> 微服务， 或者Nginx -> 微服务A -> 微服务B， 那么后面的微服务可能是获取不到在“契约”以外的数据的，包括你说的cookie。 因为java-chassis设计的时候， 没有完全假设底层运行的是HTTP协议，而是任何可能的协议。所以关注的数据是“契约”描述的数据。 
   
   早起的一些应用场景，比如通过cookie， HTTP Header等认证的情况， 可以尝试配套 HttpServerFilter和InvocationContext来实现。 首先自定义HttpServerFilter，将需要获取的数据设置到InvocationContext里面， 业务代码需要使用的地方，通过InvocationContext获取。 这个流程你可以通过[servicecomb-fence](https://github.com/apache/servicecomb-fence)看到一些代码示例
   
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

[GitHub] [servicecomb-java-chassis] whuxiari closed issue #1542: 为什么服务端读出的cookie会丢失内容？

Posted by GitBox <gi...@apache.org>.

whuxiari closed issue #1542: 为什么服务端读出的cookie会丢失内容？
URL: https://github.com/apache/servicecomb-java-chassis/issues/1542
 
 
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

[GitHub] [servicecomb-java-chassis] whuxiari commented on issue #1542: 为什么服务端读出的cookie会丢失内容？

Posted by GitBox <gi...@apache.org>.

whuxiari commented on issue #1542: 为什么服务端读出的cookie会丢失内容？
URL: https://github.com/apache/servicecomb-java-chassis/issues/1542#issuecomment-575549989
 
 
   Nginx -> 服务端； 工具 -> 服务端 这两个过程看起来场景是一样的，不应该存在不一样的情况。
   >>这里的区别主要是，工具 -> 服务端这种场景，我将authInfo这段进行了URL编码；而Nginx -> 服务端没有进行编码。当然如果是工具 -> 服务端这种场景，不编码的话，服务端也获取不到authInfo这个cookie
   
   我当前的实现就是基于HttpServerFilter实现的，在afterReceiveRequest 方法中尝试去获取cookie，但是在不对authInfo进行编码的情况，就获取不到这个cookie。
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

[GitHub] [servicecomb-java-chassis] liubao68 commented on issue #1542: 为什么服务端读出的cookie会丢失内容？

Posted by GitBox <gi...@apache.org>.

liubao68 commented on issue #1542: 为什么服务端读出的cookie会丢失内容？
URL: https://github.com/apache/servicecomb-java-chassis/issues/1542#issuecomment-575953612
 
 
   看你的截图， authInfo是HTTP Header，而不是cookie的一部分？ 并且可能包含特殊字符？ 需要主意HTTP Header是有字符集约束的，如果包含一些特殊字符，语义会发生变化，可能最终的含义表示的不是某个header，因此进行编码是必要的。看你的描述，很像是这方面的问题。 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

[GitHub] [servicecomb-java-chassis] liubao68 commented on issue #1542: 为什么服务端读出的cookie会丢失内容？

Posted by GitBox <gi...@apache.org>.

liubao68 commented on issue #1542: 为什么服务端读出的cookie会丢失内容？
URL: https://github.com/apache/servicecomb-java-chassis/issues/1542#issuecomment-576067390
 
 
   生成authinfo的时候，你需要先转码，然后设置为cookie的内容。 应该就是上面说的原因了。 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services