一:springsession简介 1 2 3 4 Spring Session是Spring的项目之一,GitHub地址:https://github.com/spring-projects/spring-session Spring Session把servlet容器实现的httpSession替换为spring-session,专注于解决session管理问题。 Spring Session提供了集群Session(Clustered Sessions)功能,默认采用外置的Redis来存储Session 数据,以此来解决Session共享的问题。
二:springsesion的配置 1 2 3 4 5 6 7 8 # session配置 server: session: timeout: 30 cookie: secure: true http-only: true store-type: redis # 使用redis存储session
三:springsession配置cookie相关属性 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 package com.tohours.bdboot.config;import org.springframework.beans.factory.annotation.Value;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.session.web.http.CookieSerializer;import org.springframework.session.web.http.DefaultCookieSerializer;@Configuration public class SpringSessionConfig { @Value("${server.servlet.context-path}") private String contextPath; @Value("${server.session.cookie.secure}") private Boolean secure; @Value("${server.session.cookie.http-only}") private Boolean httpOnly; @Bean public CookieSerializer cookieSerializer () { DefaultCookieSerializer serializer = new DefaultCookieSerializer (); serializer.setCookieName("JSESSIONID" ); serializer.setCookiePath(contextPath); serializer.setCookieMaxAge(3600 ); serializer.setSameSite("None" ); serializer.setUseHttpOnlyCookie(httpOnly); serializer.setUseSecureCookie(secure); return serializer; } }
*************感谢您的阅读*************
springboot之tomcat容器配置http-only和secure
数据库WEB管理工具-treesoft
