解决iframe嵌套URL拼接;jsessionId,每次请求sessionId不一样问题
//设置手动关闭 url中追踪sessionId机制
httpServletRequest.getServletContext().getEffectiveSessionTrackingModes().remove(SessionTrackingMode.URL);
...
// 设置SameSite和Secure属性
httpServletResponse.setHeader("Set-Cookie", "JSESSIONID=" + httpSession.getId() + "; SameSite=None; Secure");