JSESSIONID未存储为cookie

时间:2019-02-14 09:14:55

标签: reactjs spring-boot cookies cors

由于某种原因,我的JSESSIONID没有存储,而仅存在于响应头文件Set-Cookie中。我已经按照我在Stackoverflow上阅读的说明进行操作,并设置了credentials: 'include'

fetch(url + "/user/me", {
      credentials: 'include',
      method: 'GET',
      headers: new Headers({
        Authorization: 'Basic ' + Base64.encode(user.username + ":" + this.md5(user.password))
      })}).
    then(response => response.json()).then((response) => {
      if (response.accountName === self.state.username) {
        LoginInfos.authenticate(() => {
          self.setState({redirectToReferrer: true});
          localStorage.setItem('user', user.username);
          localStorage.setItem('session', self.md5(user.password));
        });
      }
    });

我的请求如下:

Host: XXXXXX
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:65.0) Gecko/20100101 Firefox/65.0
Accept: */*
Accept-Language: de,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://XXXXXX/?username=system&password=system
authorization: Basic XXXXXX
Origin: http://XXXXXX
Connection: keep-alive

我的回应:

HTTP/1.1 200 
Access-Control-Allow-Origin: http://XXXXX
Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE, PUT
Access-Control-Max-Age: 3600
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization
Access-Control-Expose-Headers: Set-Cookie
Set-Cookie: JSESSIONID=XYZXYZXYZXYZXYZXYZXYZ; Max-Age=43200; Expires=Thu, 14-Feb-2019 20:52:21 GMT; Path=/; Secure; HttpOnly
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Thu, 14 Feb 2019 08:52:21 GMT

如您所见,后端返回JSESSIONID,我也使用credentials: 'include'。但是,仍然没有在该调用后设置cookie。在使用fetch之前,我使用过superagent,但这也不起作用。

其他可能相关的事实:

  • 带有Set-Cookie的{​​{1}}标头仅在Firefox中返回。我在Chrome或Safari中的响应消息中都看不到此标头。
  • 我还尝试设置JSESSIONID,这似乎是处理cookie的过时方法,因此无效。
  • 后端在另一台计算机上运行,​​在此之前,我们遇到了credentials: 'same-origin'个问题。
  • 我们正在开发React的前端和Java + Spring Boot的后端
  • 前端在NGINX中运行

问题:我的方法有什么问题/为什么所有这些都不奏效?

0 个答案:

没有答案