根据浏览器的保护规则,跨域的时候我们创建的sessionId是不会被浏览器保存下来的,这样,当我们在进行跨域访问的时候,我们的sessionId就不会被保存下来,也就是说,每一次的请求,服务器就会以为是一个新的人,而不是同一个人,为了解决这样的办法,下面这种方法可以解决这种跨域的办法。
我们自己构建一个过滤器,对需要跨域访问的request头部重写
过滤器:
package com.kude.filter; import javax.servlet.*; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; public class AjaxFilter implements Filter { @Override public void init(FilterConfig filterConfig) throws ServletException { } @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletResponse res = (HttpServletResponse) servletResponse; HttpServletRequest request=(HttpServletRequest)servletRequest; res.setContentType("textml;charset=UTF-8"); res.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin")); res.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); res.setHeader("Access-Control-Max-Age", "0"); res.setHeader("Access-Control-Allow-Headers", "Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With,userId,token"); res.setHeader("Access-Control-Allow-Credentials", "true"); res.setHeader("XDomainRequestAllowed","1"); filterChain.doFilter(servletRequest,servletResponse); } @Override public void destroy() { } }在spring mvc配置文件中进行配置:
<!-- 全局的跨域访问配置 --> <mvc:cors> <!-- /** 表示所有请求都将支持跨域方法 --> <mvc:mapping path="/**" allow-credentials="true" allowed-origins="*" allowed-methods="GET,POST,PUT,DELETE"/> </mvc:cors>在web.xml中配置过滤器:
<filter> <filter-name>AjaxFilter</filter-name> <filter-class>com.kude.filter.AjaxFilter</filter-class> </filter> <filter-mapping> <filter-name>AjaxFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>在后台对与请求的处理我们已经做完了,接下来就是要在ajax请求的时候携带一些信息:
$.ajax({ url:url, //加上这句话 xhrFields: { withCredentials: true }, crossDomain: true, success:function(result){ alert("test"); }, error:function(){ } });