- 参考资料:https://www.chromium.org/updates/same-site/incompatible-clients
新版本处理方式如下针对Chrome版本67及以上话不多说,代码如下:
@Configuration
public class SpringSessionConfig {
@Bean
public CookieSerializer httpSessionIdResolver() {
DefaultCookieSerializer cookieSerializer = new DefaultCookieSerializer();
cookieSerializer.setUseHttpOnlyCookie(false);
cookieSerializer.setSameSite("None");
cookieSerializer.setCookiePath("/");
cookieSerializer.setUseSecureCookie(true);
return cookieSerializer;
}
}
注意,这个里面的SameSite不能设为null,设空的话,还是会走默认值Lax其中,SameSite的值可以填3个:Strict,Lax,None.
缺省的值为Lax,而且当你设置其为空时,在新的Chrome中还是会给予默认值Lax.
chrome版本(51~66)在这些版本中,浏览器不接受SameSite=None.如果套用上面的代码会发现无法登录
解决方法1
在配置类中设置SameSite=null
@Configuration
public class SpringSessionConfig {
@Bean
public CookieSerializer httpSessionIdResolver() {
DefaultCookieSerializer cookieSerializer = new DefaultCookieSerializer();
...
cookieSerializer.setSameSite(null);
...
}
}
然后在登录完成后的获取用户信息接口中,对session进行重新赋值:
String userAgent = request.getHeader("user-agent");
Browser browser = UserAgent.parseUserAgentString(userAgent).getBrowser();
if(!CommonUtils.isEmpty(browser)&&browser.getName().contains("Chrome")){
Version version = browser.getVersion(userAgent);
if(!CommonUtils.isEmpty(version.getMajorVersion())){
try{
int majorVersion = Integer.parseInt(version.getMajorVersion());
// 如果是谷歌并且版本大于等于67,则重赛COOKIE
if(majorVersion>=67){
List<String> cookieValues = CookieSetUtil.readCookieValues(request);
cookieValues.forEach(cookieValueStr -> {
CookieSerializer.CookieValue cookieValue = new CookieSerializer.CookieValue(request, response, cookieValueStr);
CookieSetUtil.writeCookieValue(cookieValue);
});
}
}catch (Exception e ){
e.printStackTrace();
}
}
}
这里用到了获取浏览器版本的包,需要在pom.xml中配置:
<dependency>
<groupId>eu.bitwalker</groupId>
<artifactId>UserAgentUtils</artifactId>
<version>1.20</version>
</dependency>
这里的CookieSetUtil类,就是复制的DefaultCookieSerializer类,主要用到了其中的2个方法:readCookieValues和writeCookieValue,并且我们需要修改SameSite的值:
sb.append("; SameSite=").append("None");
解决方法2
复写DefaultCookieSerializer类中的writeCookieValue方法.
复制DefaultCookieSerializer类源代码
新建一个类MyDefaultCookieSerializer粘贴刚刚复制的代码
修改writeCookieValue方法
修改配置类@Configuration
public class SpringSessionConfig {
@Bean
public CookieSerializer httpSessionIdResolver() {
MyDefaultCookieSerializer cookieSerializer = new CookieSerializer();
}
}
依赖包说明
项目里面用到了session共享,所以需要增加依赖:
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-data-redis</artifactId>
</dependency>
这个包里面已经有了spring-session-core的依赖如果没有用到的话,CookieSerializer这个类是在spring-session-core这个包里面:
<!-- https://mvnrepository.com/artifact/org.springframework.session/spring-session-core -->
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-core</artifactId>
<version>2.1.4.RELEASE</version>
</dependency>