前言
出现这种情况问题无非就是:后端、前端,只要我们处理好前后端后,基本没有其他问题。
情况一:Path设置
当JSESSIONID设置的Path=/user/info.html页面时,你访问其他页面/account/info.html,JSESSIONID会发生变化,可以设置Path=/ 根目录下解决此问题。
情况二:跨域问题
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
/**
* 处理跨域
* @author tyg
* @date 2019年9月7日下午3:10
*/
@WebFilter(filterName = "CORSFilter", urlPatterns = { "/*" })
@Order(value = 1)
@Configuration
public class CorsFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
// 响应标头指定 指定可以访问资源的URI路径
response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
// 响应标头指定响应访问所述资源到时允许的一种或多种方法
response.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE");
// 设置 缓存可以生存的最大秒数
response.setHeader("Access-Control-Max-Age", "3600");
// 设置 受支持请求标头
response.setHeader("Access-Control-Allow-Headers", "token,number,Cookie,Set-Cookie");
// 指示的请求的响应是否可以暴露于该页面。当true值返回时它可以被暴露
response.setHeader("Access-Control-Allow-Credentials", "true");
filterChain.doFilter(servletRequest, servletResponse);
}
@Override
public void destroy() {}
}
或者是:
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
/**
* 处理跨域请求
* 注:微信小程序中使用时,allowedOrigins("*")里面的*号不能使用,现在不能确定是微信小程序、还是vue项目的问题。
* 这个注解可以使用在类上和方法上 @CrossOrigin(origins = {}, allowedHeaders = {}, methods = {RequestMethod.DELETE, RequestMethod.GET, RequestMethod.POST, RequestMethod.OPTIONS, RequestMethod.PUT})
* @author tyg
* @date 2021-04-29 16:57
*/
@Configuration
public class CorsConfig implements WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedOrigins("*").allowedMethods("*").allowedHeaders("*").allowCredentials(true);
}
}
前端:
// ajax请求:
$.ajax({
xhrFields: {
withCredentials: true
},
crossDomain: true
});
// VUE请求:
import axios from "axios"
axios.defaults.withCredentials=true;
情况三:负载均衡-会话保持
这个是我遇到最坑的一个问题,具体情况:我们公司整理服务器,将原来的项目移到新的服务器上,将负载均衡(阿里云的)的ip绑定到新的服务器,当服务在新服务器上启动后,JSESSIONID总是不一致,当时代码没变,APP也没有变,唯一变的就是服务器和负载均衡,当时找了很久,终于找到了答案,是负载均衡设置了会话保持,设置了会话保持会多返回一个Set-Cookie,导致APP获取的时候出现的问题。
加了会话保持的示例:
HTTP/1.1 200
Date: Thu, 22 Jul 2021 09:13:02 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 299
Connection: keep-alive
Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, DELETE
Access-Control-Max-Age: 3600
Access-Control-Allow-Headers: token,number,Cookie,Set-Cookie
Access-Control-Allow-Credentials: true
Set-Cookie: JSESSIONID=2E825183B9490CE52894B0BE7E00F5AF; Path=/; HttpOnly
Set-Cookie: SERVERID=035d95e5956e3f8164931edb9720bf24|1626945182|1626945182;Path=/
取消会话保持后的示例:
HTTP/1.1 200
Date: Fri, 23 Jul 2021 02:34:57 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 299
Connection: keep-alive
Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, DELETE
Access-Control-Max-Age: 3600
Access-Control-Allow-Headers: token,number,Cookie,Set-Cookie
Access-Control-Allow-Credentials: true
Set-Cookie: JSESSIONID=9AC7BC2A4212D421A3B4E071AAA8EC6A; Path=/; HttpOnly
情况四:账号冲突
这个情况不一定:在同一个浏览器上,同一个域名,登录多个账号,后登录的账号会覆盖前面登录的账号。
如果还有其他情况,欢迎补充。