现象
访问
http://172.22.65.1:59324/context,跳转到登录界面,输入用户名密码,form表单提交到:
http://172.22.65.1:59324/context/j_spring_security_check,验证通过,重定向到:
Location:
http://172.22.65.1:59324/context
并且设置 session cookie:
Set-Cookie:
JSESSIONID=2B541AC3753C42EA6278DAF3787981C4; Path=/context/; HttpOnly
但是重定向后的地址没有访问该session cookie(Cookie Path不同)的权限,登录失败。
原因
https://bz.apache.org/bugzilla/show_bug.cgi?id=58765
解决方案
1、设置tomcat context参数
This issue can also be corrected by changing the context parameter sessionCookiePathUsesTrailingSlash=false, however this has a potentially negative security impact so I don't think this default should be changed.
2、重定向
如果访问的是:http://172.22.65.1:59324/context 自动重定向到 http://172.22.65.1:59324/context/