在Tomcat中,我们可以这样做:
<Context useHttpOnly="true" sessionCookiePath="/"sessionCookieDomain=".XXXX.com"/>
我想用Spring Boot分享二级域名的cookie,怎么做?
答案 0 :(得分:12)
Spring Boot嵌入的服务器的设置可用作应用程序属性(# EMBEDDED SERVER CONFIGURATION和命名空间server.servlet.session.cookie.*下的listed here)。
上面的Tomcat配置的等价物应该是:
# properties in /src/resources/application.properties
server.servlet.session.cookie.domain=.XXXX.com
server.servlet.session.cookie.http-only=true
server.servlet.session.cookie.path=/
答案 1 :(得分:1)
(这适用于撰写本文时的Spring 1.5.x)
要添加到@radrocket81的回复,这里是一个示例代码。此外,如果您通过@EnableRedisHttpSession 启用Redis会话作为应用程序属性server.session将无法应用,那么您可以设置Spring启动cookie的
@Bean
public <S extends ExpiringSession> SessionRepositoryFilter<? extends ExpiringSession> springSessionRepositoryFilter(SessionRepository<S> sessionRepository, ServletContext servletContext) {
SessionRepositoryFilter<S> sessionRepositoryFilter = new SessionRepositoryFilter<S>(sessionRepository);
sessionRepositoryFilter.setServletContext(servletContext);
CookieHttpSessionStrategy httpSessionStrategy = new CookieHttpSessionStrategy();
httpSessionStrategy.setCookieSerializer(this.cookieSerializer());
sessionRepositoryFilter.setHttpSessionStrategy(httpSessionStrategy);
return sessionRepositoryFilter;
}
private CookieSerializer cookieSerializer() {
DefaultCookieSerializer serializer = new DefaultCookieSerializer();
serializer.setCookieName("CUSTOM_SESSION_KEY");
serializer.setDomainName("domain.com");
serializer.setCookiePath("/");
serializer.setCookieMaxAge(10); //Set the cookie max age in seconds, e.g. 10 seconds
return serializer;
}
答案 2 :(得分:0)
我的解决方案是定义一个CookieSerializer bean并提供适合我的设置的域模式。