JSESSIONID cookie未存储 [英] JSESSIONID cookie not stored

问题描述

我有一个用angular编写的前端，它运行在localhost：3002上。
我有一个用Spring-boot写的后端，它运行在localhost：8080。

I have a frontend written in angular which runs on localhost:3002. I have a backend written with Spring-boot which runs on localhost:8080.

我添加了一个过滤器来处理CORS（我在SO上找到并改编了我的需要）：

I added a filter to handle CORS (which I found on SO and adapted to my need) :

@Component
public class CORSFilter implements Filter {

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        HttpServletResponse response = (HttpServletResponse) res;
        response.setHeader("Access-Control-Allow-Origin", "http://localhost:3002");
        response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE, PUT");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Credentials", "true");
        response.setHeader("Access-Control-Allow-Headers", "x-requested-with");
        chain.doFilter(request, response);
    }

    public void destroy() {}
}

当我进行身份验证时，我可以看到服务器发送了一个cookie：

When I authenticate, I can see that the server sends a cookie :

此cookie不会随以下请求一起发送。这导致401回复：

This cookie is not sent with the following requests. This results in 401 responses :

< img src =https://i.stack.imgur.com/8KPHm.pngalt =在此输入图像说明>

我看了在Chrome控制台的资源面板上发现没有存储cookie。

I looked at the "resources" panel of the chrome console and found out that no cookie were stored.

有什么想法吗？

推荐答案

在配置 $ httpProvider 的文件中，添加此行以指定您要发送包含跨站点请求的凭据：

In the file where you configure your $httpProvider, add this line to specify you want to send credentials with cross-site requests:

$httpProvider.defaults.withCredentials = true;

通常，AngularJS会自动发送这些带有请求的cookie（针对同源请求）但是因为您的请求是跨站点然后你必须手动配置它。

Typically, AngularJS will automatically send these cookies with requests (for same-origin requests) but since your requests are cross-site then you have to manually configure this.

这篇关于JSESSIONID cookie未存储的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！