起原:
项目访问路径如下图所示:
用户先通过https请求访问F5服务,F5将https请求卸载后转发http请求访问应用服务器。然后session就找不见了。。。。。。
解决办法:
第一步:在jsp页面增加如下代码
<script type="text/javascript">
$(function() {
$.ajaxSetup({crossDomain: true, xhrFields: {withCredentials: true}});
});
</script>
第二步:在后端通过filter拦截器处理response
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) servletResponse;
HttpServletRequest request = (HttpServletRequest)servletRequest;
response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"););
response.setHeader("Access-Control-Allow-Credentials", "true");
}