先说结论:
response.addCookie(cookie); 写在 filterChain.doFilter(request, response); 之前导致的
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
log.info("Filter1 begin");
Cookie cookie = new Cookie("testKey", "testVal");
cookie.setDomain(request.getRemoteAddr());
cookie.setPath("/");
cookie.setMaxAge(2 * 60 * 60);
cookie.setHttpOnly(true);
// 写在doFilter前,Cookie“正常”返回客户端
response.addCookie(cookie);
filterChain.doFilter(request, response);
// 写在doFilter后,Cookie“无法”返回客户端
response.addCookie(cookie);
log.info("Filter1 end");
}
response.addCookie(cookie);在执行时,会判断response是否committed,如果为true,则不再写入Cookie。
在filterChain.doFilter(request, response);之后执行,这个时候response的committed状态为true。
committed值是在Controller处理完请求后设置的,在filterChain.doFilter之内执行的