1. 技术文章
  2. CORS Filter unable to maintain session

CORS Filter unable to maintain session

二次信任 提交于 2020-01-03 03:50:05

问题


I have an application based on Struts2 which receives requests from another application (cross domain). For this I have added the CORS filter in my web.xml just before the struts2 filter:

    <filter>
        <filter-name>CorsFilter</filter-name>
        <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
        <init-param>
            <param-name>cors.allowed.origins</param-name>
            <param-value>*</param-value>
        </init-param>
        <init-param>
            <param-name>cors.allowed.methods</param-name>
            <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
        </init-param>
        <init-param>
            <param-name>cors.allowed.headers</param-name>
            <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,X-Test-Header
            </param-value>
        </init-param>
        <init-param>
            <param-name>cors.exposed.headers</param-name>
            <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials
            </param-value>
        </init-param>
        <init-param>
            <param-name>cors.support.credentials</param-name>
            <param-value>true</param-value>
        </init-param>
        <init-param>
            <param-name>cors.preflight.maxage</param-name>
            <param-value>1000</param-value>
        </init-param>
    </filter>
     <filter-mapping>
        <filter-name>CorsFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
   <filter>
        <filter-name>struts2</filter-name>
        <filter-class>
            org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter
        </filter-class>
    </filter>
    <filter-mapping>
        <filter-name>struts2</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

The first request to the application which creates the new session works fine. But then in the subsequent requests, when i try to access the same session in my action class i get null. Here's what i am doing to get it:

HttpSession session = ServletActionContext.getRequest().getSession(false);

The above works fine usually but here the session is getting invalidated somehow maybe. I am testing this in Chrome browser with the Allow-Control-Allow-Origin: * extension enabled. Here's how my POST Request header looks in the console:

Accept:*/*
Accept-Encoding:gzip, deflate, br
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Content-Length:9
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Host:localhost:7070
Origin:http://evil.com/
Referer:http://testdevsvr:8989/SmartAdministration/home
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

I would like to know if I am missing something in the configuration or something else is wrong which is blocking me from proceeding further.


回答1:


I finally got to maintain the session by doing these two steps based on suggestions given here:

1.) Include the below snippet in all my ajax calls:

  xhrFields: {withCredentials: true}

2.) Include this configuration in my web.xml:

     <session-config>
        <session-timeout>30</session-timeout> 
            <cookie-config>
                <http-only>false</http-only>
            </cookie-config>
    </session-config>


来源:https://stackoverflow.com/questions/42950937/cors-filter-unable-to-maintain-session

标签
google-chrome
session
struts2
cors
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!