- 场景分析描述:chrom浏览器环境下当前网站被第三方iframe嵌套,如何保证cookie值成功写入
1、请求地址协议:
保证请求的url必须是https协议。
2、response头部设置
response.setHeader("Set-Cookie","Path=*; SameSite=None; Secure");
3、提供如下方式进行设置:
Cookie cookie = new Cookie("usertoken", token);
cookie.setPath("/");
cookie.setMaxAge(12*60*60);
StringBuffer url = request.getRequestURL();
String tempContextUrl = url.delete(url.length() - request.getRequestURI().length(), url.length()).toString();
response.addCookie(cookie);
if(tempContextUrl.contains("http://www.xxx.com")){
String ut="usertoken="+token+";";
response.setHeader("Set-Cookie",ut+"Path=*; SameSite=None; Secure");
tempContextUrl = tempContextUrl.replaceAll("http","https");
}
response.sendRedirect(tempContextUrl+"/aaa/bbb?ccc=true&ddd="+tempid);
add_header 'Set-Cookie' 'Path=*;SameSite=None;Secure';