1.发送请求
-
后端产生的唯一的 session id,服务器会通过 HTTP 响应头中的
Set-Cookie
字段将Session ID
发送到客户端。 -
客户端(浏览器)收到响应后,会将
Session ID
存储为cookie
。
但由于跨域了 不自动携带 cookie
2.加 withCredentials
所以在前端加上了:myAxios.defaults.withCredentials = true
3.出现了跨域的错误,
CORS请求默认不发送Cookie和HTTP认证信息。如果要把Cookie发到服务器,要服务器同意,指定Access-Control-Allow-Credentials字段。
-
解决:配置一个过滤器
-
package com.wdc.config; import lombok.extern.slf4j.Slf4j; import org.springframework.stereotype.Component; import javax.servlet.*; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; @Component @Slf4j public class SimpleCORSFilter implements Filter { @Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletResponse response = (HttpServletResponse) res; response.setHeader("Access-Control-Allow-Origin", "你的前端地址"); response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE, HEAD,PUT"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "access-control-allow-origin, authority, content-type, version-info, X-Requested-With"); response.setHeader("Access-Control-Allow-Credentials", "true"); HttpServletRequest request = (HttpServletRequest)req; if ("OPTIONS".equals(request.getMethod())) { response.setStatus(HttpServletResponse.SC_OK); return; } chain.doFilter(req, res); } @Override public void init(FilterConfig filterConfig) {} @Override public void destroy() {} }