Chrome浏览器正在登录页面上发出此请求。
请求Request URL: http://app.country-region-9.elasticbeanstalk.com/admin/login
Request Method: POST
Status Code: 302 Found
Remote Address: 99.99.99.99:80
Referrer Policy: no-referrer-when-downgrade
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: keep-alive
Content-Language: en-US
Content-Length: 0
Date: Thu, 15 Nov 2018 04:23:19 GMT
Expires: 0
Location: /home;jsessionid=15884DA40ECAD4F5CBA6CD138B4B4105
Pragma: no-cache
Server: nginx/1.12.1
Set-Cookie: JSESSIONID=15884DA40ECAD4F5CBA6CD138B4B4105; Path=/; HttpOnly
我已经在application.properties中拥有此设置。
server.session.tracking-modes=cookie
那为什么Spring Boot将;jsessionid附加到重定向位置?它正在中断应用程序,因为Spring Security抱怨分号。它可以在我的本地计算机上运行,并且不会追加会话。仅在部署到AWS时失败。
这是控制器中重定向的动作:
@RequestMapping(value = "/admin/login", method = RequestMethod.POST)
public String doLogin(HttpServletRequest request, HttpServletResponse response) {
...
request.getSession().setAttribute("user", user);
return "redirect:/home";
我也通过curl确认了
$ curl -i http://app.country-region-9.elasticbeanstalk.com/admin/login -d username=xxxx -d password=xxxxxxxxxxx
HTTP/1.1 302 Found
...
Location: /home;jsessionid=5A1009B5F3C59ED0F794E625B5E36EA0
但它不是在本地进行的。
$ curl -i http://localhost:8080/admin/login -d username=xxxxx -d password=xxxxxxxxxx
HTTP/1.1 302
Set-Cookie: JSESSIONID=4B8930CCC8CE85167089CEBEB47657D4; Path=/; HttpOnly
...
Location: http://localhost:8080/home