1、前端:axios增加属性withCredentials:true
const service = axios.create({
baseUrl: 'http://xxxxxxxx',
withCredentials: true,
timeout: 60000
})
2、后端1:修改配置文件,设置addAllowedOriginPattern,addAllowedHeader,setAllowCredentials属性
@Configuration
public class VeWebMvcConfigurer implements WebMvcConfigurer {
@Bean
public CorsFilter corsFilter() {
CorsConfiguration config = new CorsConfiguration();
config.addAllowedMethod(HttpMethod.GET);
config.addAllowedMethod(HttpMethod.POST);
config.addAllowedMethod(HttpMethod.DELETE);
config.addAllowedMethod(HttpMethod.PUT);
config.addAllowedMethod(HttpMethod.OPTIONS);
config.addAllowedOriginPattern("*");
config.addAllowedHeader("*");
config.setAllowCredentials(true);
UrlBasedCorsConfigurationSource corsConfigurationSource = new UrlBasedCorsConfigurationSource();
corsConfigurationSource.registerCorsConfiguration("/**", config);
return new CorsFilter(corsConfigurationSource);
}
}
3、后端2:在继承了WebSecurityConfigurerAdapter的类中的configure方法里设置属性sessionManagement().sessionFixation().changeSessionId().disable()
重启前后端项目看看jsessionid是不是固定了