From 07ac6b98b1da911aca0ea21138483fa98ab545aa Mon Sep 17 00:00:00 2001 From: thinkgem Date: Tue, 7 Mar 2023 10:42:12 +0800 Subject: [PATCH] =?UTF-8?q?CookieUtils=E5=A2=9E=E5=8A=A0Cookie=E5=8F=82?= =?UTF-8?q?=E6=95=B0=E9=85=8D=E7=BD=AE=EF=BC=8CSameSite=E5=8F=AF=E4=B8=BA?= =?UTF-8?q?=E7=A9=BA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../src/main/java/com/jeesite/common/web/CookieUtils.java | 7 +++++-- .../java/com/jeesite/common/shiro/filter/FormFilter.java | 3 ++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/common/src/main/java/com/jeesite/common/web/CookieUtils.java b/common/src/main/java/com/jeesite/common/web/CookieUtils.java index 1851524d..2a0cb6be 100644 --- a/common/src/main/java/com/jeesite/common/web/CookieUtils.java +++ b/common/src/main/java/com/jeesite/common/web/CookieUtils.java @@ -5,6 +5,7 @@ package com.jeesite.common.web; import com.jeesite.common.codec.EncodeUtils; +import com.jeesite.common.io.PropertiesUtils; import com.jeesite.common.lang.StringUtils; import javax.servlet.http.Cookie; @@ -58,10 +59,12 @@ public class CookieUtils { if (StringUtils.isNotBlank(name)){ name = EncodeUtils.encodeUrl(name); value = EncodeUtils.encodeUrl(value); - Cookie cookie = new Cookie(name, null); + Cookie cookie = new Cookie(name, value); cookie.setPath(path); cookie.setMaxAge(maxAge); - cookie.setValue(value); + PropertiesUtils props = PropertiesUtils.getInstance(); + cookie.setSecure(props.getPropertyToBoolean("session.sessionIdCookieSecure", "false")); + cookie.setHttpOnly(props.getPropertyToBoolean("session.sessionIdCookieHttpOnly", "true")); response.addCookie(cookie); } } diff --git a/modules/core/src/main/java/com/jeesite/common/shiro/filter/FormFilter.java b/modules/core/src/main/java/com/jeesite/common/shiro/filter/FormFilter.java index 8aa4626a..4c25a54c 100644 --- a/modules/core/src/main/java/com/jeesite/common/shiro/filter/FormFilter.java +++ b/modules/core/src/main/java/com/jeesite/common/shiro/filter/FormFilter.java @@ -71,7 +71,8 @@ public class FormFilter extends org.apache.shiro.web.filter.authc.FormAuthentica rememberUserCodeCookie.setPath(Global.getProperty("session.sessionIdCookiePath")); rememberUserCodeCookie.setSecure(Global.getPropertyToBoolean("session.sessionIdCookieSecure", "false")); rememberUserCodeCookie.setHttpOnly(Global.getPropertyToBoolean("session.sessionIdCookieHttpOnly", "true")); - rememberUserCodeCookie.setSameSite(SameSiteOptions.valueOf(Global.getProperty("session.sessionIdCookieSameSite", "LAX"))); + String sameSite = Global.getProperty("session.sessionIdCookieSameSite", "Lax"); // Null、None、Lax、Strict + rememberUserCodeCookie.setSameSite(!"Null".equalsIgnoreCase(sameSite) ? SameSiteOptions.valueOf(StringUtils.upperCase(sameSite)) : null); rememberUserCodeCookie.setMaxAge(Cookie.ONE_YEAR); instance = this; }