Tip: After the article is written, the table of contents can be automatically generated. For how to generate it, please refer to the help document on the right

Article Directory

• Foreword
• Second, the solution
• • 1. Option 1: Modify browser configuration
  • 2. Option 2: Use Nginx
  • 3. Option 3: If the server is Tomcat, the following methods can be used (Tomcat8.5.x or later)

Foreword

Chrome has a so-called same-origin policy issue since version 70.Version 80 starts to default SameSite=Lax, which results in restrictions on cross-domain cookie transmission.

The problem we encountered is: when jumping back from another website, JSESSIONID=XXXXXXXXX appears in the address bar based on the normal address, causing the original session to fail.

Second, the solution

1. Option 1: Modify browser configuration

This method is rude, directly setting the browser's SameSite property back to the previous None state.But the disadvantage is that each client machine needs to be configured, which is suitable for scenarios where the user scope is controllable.

It is said that since version 91, this method is invalid and has not been tested....

1) Enter chrome://flags in the chrome address bar
2) By disabling the "SameSite by default cookies" and "Cookies without SameSite must be secure" feature switches
3) Restart the browser

Methods 2 and 3 are to set samesite=none, and explicitly declare secure=true, and only support https and samesite=none to carry cookies across domains.

2. Option 2: Use Nginx

# Set a variable to determine whether to add the SameSite=None attributeset $cookiePathMagicFlag '';# Chrome between 00~69, set to -evil'if ($http_user_agent ~ "Chrome/([0-6][0-9].)"){set $cookiePathMagicFlag '-evil';}location / {# nginx other configuration# xxxxxxxxx# Add SameSite=None, secure configurationproxy_cookie_path /$cookiePathMagicFlag "/; httponly; secure; SameSite=None";}

3. Option 3: If the server is Tomcat, you can use the following methods (Tomcat8.5.x or later)

Modify conf/context.xml

WEB-INF/web.xml${catalina.base}/conf/web.xml

Let me introduce myself first. The editor graduated from Shanghai Jiaotong University in 2013. I worked in a small company and went to big factories such as Huawei and OPPO. I joined Alibaba in 2018, until now.I know that most junior and intermediate java engineers want to upgrade their skills, they often need to explore their own growth or sign up to study, but for training institutions, the tuition fee is nearly 10,000 yuan, which is really stressful.Self-learning that is not systematic is very inefficient and lengthy, and it is easy to hit the ceiling and the technology stops.Therefore, I collected a "full set of learning materials for java development" for everyone. The original intention is also very simple. I hope to help friends who want to learn by themselves but don't know where to start, and at the same time reduce everyone's burden.Add the business card below to get a full set of learning materials