当我发布我的Spring Boot应用程序的登录凭据时,出现以下异常。
/dologin
然后重定向到
/home
与
jsessionid
session
在里面
application.properties
.
server.servlet.session.cookie.http-only=true
server.servlet.session.tracking-modes=cookie
如中所述
https://stackoverflow.com/a/31792535/148844
我补充道
@Bean
public ServletContextInitializer servletContextInitializer() {
return new ServletContextInitializer() {
@Override
public void onStartup(ServletContext servletContext) throws ServletException {
servletContext.setSessionTrackingModes(Collections.singleton(SessionTrackingMode.COOKIE));
SessionCookieConfig sessionCookieConfig=servletContext.getSessionCookieConfig();
sessionCookieConfig.setHttpOnly(true);
}
};
}
但现在它只是发布、设置cookie并重定向回登录屏幕。好像它无法访问会话。
我准备好了
server.session.tracking-modes=cookie
server.servlet...
)而且它现在只使用cookies,但是Chrome浏览器不会在登录后将cookie发送回服务器!
/家
只有在下列情况下,操作才会重新显示登录页
user
会话中的属性为空。
POST /dologin HTTP/1.1
Host: localhost:8080
Origin: http://localhost:8080
Upgrade-Insecure-Requests: 1
Referer: http://localhost:8080/home
HTTP/1.1 302
Set-Cookie: JSESSIONID=3B82AAA40CE94FF490FBF7B4DBD837DD; Path=/; HttpOnly
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Location: http://localhost:8080/home
GET /home HTTP/1.1
Host: localhost:8080
Upgrade-Insecure-Requests: 1
Referer: http://localhost:8080/home
HTTP/1.1 200
Set-Cookie: JSESSIONID=B60BF649068F7E85346691FD2F5D119B; Path=/; HttpOnly
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Content-Length: 2742
Date: Sat, 29 Sep 2018 17:41:55 GMT
注意cookies是不同的,Chrome没有将cookie发送回服务器?为什么?
