后端ssm 前端ajax 跨域问题解决与引起的新的问题多次请求的sessionId不同

后端

跨域代码

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * @author jjl
 * @create 2020-05-08 10:29
 */

public class SimpleCORSFilter implements Filter {
    private boolean isCross = false;

    public void destroy() {
        isCross = false;
    }

    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {
        if (isCross) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) request;
            HttpServletResponse httpServletResponse = (HttpServletResponse) response;
            System.out.println("拦截请求: " + httpServletRequest.getServletPath());
            httpServletResponse.setHeader("Access-Control-Allow-Origin", request.getHeader("origin"));
            httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
            httpServletResponse.setHeader("Access-Control-Max-Age", "0");
            httpServletResponse.setHeader("Access-Control-Allow-Headers",
                    "Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With,userId,token");
            httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
            httpServletResponse.setHeader("XDomainRequestAllowed", "1");
        }
        chain.doFilter(request, response);
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        String isCrossStr = filterConfig.getInitParameter("IsCross");
        isCross = isCrossStr.equals("true") ? true : false;
        System.out.println(isCrossStr);
    }
}

配置springMVC.xml

其它配置省略

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:mvc="http://www.springframework.org/schema/mvc"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="
        http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/mvc
        http://www.springframework.org/schema/mvc/spring-mvc.xsd
        http://www.springframework.org/schema/context
        http://www.springframework.org/schema/context/spring-context.xsd">
 <!--     其它配置省略-->
 <!--     接口跨域配置-->
    <mvc:cors>
        <mvc:mapping path="/**"  allowed-origins="*"
                     allowed-methods="POST, GET, OPTIONS, DELETE, PUT"
                     allowed-headers="Content-Type,  Content-Length, Authorization, Accept, X-Requested-With, yourHeaderFeild"
                     allow-credentials="true" />
    </mvc:cors>
    
</beans>

前端ajax

xhrFields: { withCredentials: true },
crossDomain: true

$.ajax({
        type:type,
        url:baseUrl+url,
        data: JSON.stringify(data),
        //关闭默认的contentType(默认的形式是表单)
        contentType: false,
        /设置新的contentType
        contentType:'application/json; charset=utf-8',
        //预期服务器返回数据的类型
        dataType: 'json',  
        xhrFields: { withCredentials: true },
        crossDomain: true,
        success:function(data){
        },
        error:function(jqXHR){ 
        }
});

如果只是这里是可以解决跨域的，但是chrome 浏览器会因其新的问题 就是多次请求的sessionId 不一样

解决办法如下：

Chrome升级到80版本之后cookie的SameSite属性默认值由None变为Lax，这也就造成了一些访问跨域cookie无法携带的问题。
解决：
打开谷歌浏览器在Chrome中访问chrome://flags/，搜索SameSite并设置为disabled即可。

到目前为止跨域与多次请求session不一致的问题就解决了