由于某种原因,我的JSESSIONID没有存储,而仅存在于响应头文件Set-Cookie中。我已经按照我在Stackoverflow上阅读的说明进行操作,并设置了credentials: 'include':
fetch(url + "/user/me", {
credentials: 'include',
method: 'GET',
headers: new Headers({
Authorization: 'Basic ' + Base64.encode(user.username + ":" + this.md5(user.password))
})}).
then(response => response.json()).then((response) => {
if (response.accountName === self.state.username) {
LoginInfos.authenticate(() => {
self.setState({redirectToReferrer: true});
localStorage.setItem('user', user.username);
localStorage.setItem('session', self.md5(user.password));
});
}
});
我的请求如下:
Host: XXXXXX
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:65.0) Gecko/20100101 Firefox/65.0
Accept: */*
Accept-Language: de,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://XXXXXX/?username=system&password=system
authorization: Basic XXXXXX
Origin: http://XXXXXX
Connection: keep-alive
我的回应:
HTTP/1.1 200
Access-Control-Allow-Origin: http://XXXXX
Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE, PUT
Access-Control-Max-Age: 3600
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization
Access-Control-Expose-Headers: Set-Cookie
Set-Cookie: JSESSIONID=XYZXYZXYZXYZXYZXYZXYZ; Max-Age=43200; Expires=Thu, 14-Feb-2019 20:52:21 GMT; Path=/; Secure; HttpOnly
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Thu, 14 Feb 2019 08:52:21 GMT
如您所见,后端返回JSESSIONID,我也使用credentials: 'include'。但是,仍然没有在该调用后设置cookie。在使用fetch之前,我使用过superagent,但这也不起作用。
其他可能相关的事实:
Set-Cookie的{{1}}标头仅在Firefox中返回。我在Chrome或Safari中的响应消息中都看不到此标头。 JSESSIONID,这似乎是处理cookie的过时方法,因此无效。credentials: 'same-origin'个问题。问题:我的方法有什么问题/为什么所有这些都不奏效?