环境:jdk1.8+springboot2.7.6 + sa-token1.37.0
1.项目中未使用(权限认证框架:Sa-Token)
application.yml文件内增加配置
server:servlet.session.cookie.http-only=true
server.servlet.session.cookie.secure=true (此条配置建议也加上)
如下:
server:
servlet:
session:
cookie:
http-only: true
secure: true
2.项目中集成了sa-token
使用Sa-Token会使“server.servlet.session.cookie.http-only=true”配置失效,因为sa-token框架会重写cookie,此时在sa-token的配置中增加httpOnly的相关配置:
# Sa-Token 配置
sa-token:
# Cookie 相关配置
cookie:
secure: true
httpOnly: true
效果:
标签:springboot,SaToken,servlet,server,session,cookie,sa,true,httpOnly From: https://www.cnblogs.com/yunlongwork/p/18646754