Fatal编程技术网

Google chrome CORS筛选器无法维护会话

google-chrome session struts2 cors

Google chrome CORS筛选器无法维护会话,google-chrome,session,struts2,cors,Google Chrome,Session,Struts2,Cors,我有一个基于Struts2的应用程序,它接收来自另一个应用程序(跨域)的请求。为此,我在struts2过滤器之前的my web.xml中添加了CORS过滤器: <filter> <filter-name>CorsFilter</filter-name> <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>

我有一个基于Struts2的应用程序,它接收来自另一个应用程序(跨域)的请求。为此,我在struts2过滤器之前的my web.xml中添加了CORS过滤器:

    <filter>
        <filter-name>CorsFilter</filter-name>
        <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
        <init-param>
            <param-name>cors.allowed.origins</param-name>
            <param-value>*</param-value>
        </init-param>
        <init-param>
            <param-name>cors.allowed.methods</param-name>
            <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
        </init-param>
        <init-param>
            <param-name>cors.allowed.headers</param-name>
            <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,X-Test-Header
            </param-value>
        </init-param>
        <init-param>
            <param-name>cors.exposed.headers</param-name>
            <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials
            </param-value>
        </init-param>
        <init-param>
            <param-name>cors.support.credentials</param-name>
            <param-value>true</param-value>
        </init-param>
        <init-param>
            <param-name>cors.preflight.maxage</param-name>
            <param-value>1000</param-value>
        </init-param>
    </filter>
     <filter-mapping>
        <filter-name>CorsFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
   <filter>
        <filter-name>struts2</filter-name>
        <filter-class>
            org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter
        </filter-class>
    </filter>
    <filter-mapping>
        <filter-name>struts2</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
上述方法通常很好,但在这里,会话可能会以某种方式失效。 我正在Chrome浏览器中使用Allow控件Allow Origin:*启用扩展来测试此功能。以下是我的POST请求标头在控制台中的外观:

Accept:*/*
Accept-Encoding:gzip, deflate, br
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Content-Length:9
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Host:localhost:7070
Origin:http://evil.com/
Referer:http://testdevsvr:8989/SmartAdministration/home
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
我想知道我是否在配置中遗漏了一些东西,或者是其他一些错误阻碍了我进一步的工作

根据给出的建议,我最终通过执行以下两个步骤来维持会话:

1.)在我的所有ajax调用中包括以下代码段:

  xhrFields: {withCredentials: true}
2.)将此配置包括在my web.xml中:

     <session-config>
        <session-timeout>30</session-timeout> 
            <cookie-config>
                <http-only>false</http-only>
            </cookie-config>
    </session-config>


30
假的
您缺少struts过滤器配置。@Roman C:为了简洁起见,我没有在这里添加。。我确实包括了struts2过滤器。更新了我的问题。 
     <session-config>
        <session-timeout>30</session-timeout> 
            <cookie-config>
                <http-only>false</http-only>
            </cookie-config>
    </session-config>