diff --git a/modules/core/src/main/java/com/jeesite/common/shiro/filter/FormAuthenticationFilter.java b/modules/core/src/main/java/com/jeesite/common/shiro/filter/FormAuthenticationFilter.java
index a293ee9e..5581f20e 100644
--- a/modules/core/src/main/java/com/jeesite/common/shiro/filter/FormAuthenticationFilter.java
+++ b/modules/core/src/main/java/com/jeesite/common/shiro/filter/FormAuthenticationFilter.java
@@ -65,9 +65,10 @@ public class FormAuthenticationFilter extends org.apache.shiro.web.filter.authc.
*/
public FormAuthenticationFilter() {
super();
- rememberUserCodeCookie = new SimpleCookie(REMEMBER_USERCODE_PARAM);
- rememberUserCodeCookie.setHttpOnly(true);
- rememberUserCodeCookie.setMaxAge(Cookie.ONE_YEAR);
+ rememberUserCodeCookie = new SimpleCookie();
+ rememberUserCodeCookie.setName(REMEMBER_USERCODE_PARAM);
+ rememberUserCodeCookie.setPath(Global.getProperty("session.sessionIdCookiePath"));
+ rememberUserCodeCookie.setSecure(Global.getPropertyToBoolean("session.sessionIdCookieSecure", "false"));
instance = this;
}
diff --git a/modules/core/src/main/resources/config/jeesite-core.yml b/modules/core/src/main/resources/config/jeesite-core.yml
index 753e8c65..211a7168 100644
--- a/modules/core/src/main/resources/config/jeesite-core.yml
+++ b/modules/core/src/main/resources/config/jeesite-core.yml
@@ -371,6 +371,7 @@ shiro:
isAllowExternalSiteIframe: true
# 是否允许跨域访问 CORS,如果允许,设置允许的域名。当设置'*'号全部域名时,accessControlAllowCredentials应该设置为false。
+ # v4.2.3 开始支持多个域名和模糊匹配,例如:http://*.jeesite.com,http://*.jeesite.net
# accessControlAllowOrigin: http://demo.jeesite.com
# accessControlAllowOrigin: '*'
@@ -454,6 +455,10 @@ session:
# 共享的SessionId的Cookie名称,保存到跟路径下,第三方应用获取。同一域名下多个项目时需设置共享Cookie的名称。
#shareSessionIdCookieName: ${session.sessionIdCookieName}
+ # 仅在 HTTPS 下通信 Cookie 数据
+ #session.sessionIdCookieSecure: false
+ #session.sessionIdCookieHttpOnly: true
+
# 设置接收SessionId请求参数的名称
sessionIdParamName: __sid
diff --git a/modules/core/src/main/resources/views/error/400.html b/modules/core/src/main/resources/views/error/400.html
index e9c1a5f7..edfc0347 100644
--- a/modules/core/src/main/resources/views/error/400.html
+++ b/modules/core/src/main/resources/views/error/400.html
@@ -50,7 +50,7 @@ else {
<% } %>
diff --git a/modules/core/src/main/resources/views/error/403.html b/modules/core/src/main/resources/views/error/403.html
index 0b5e80b8..36615970 100644
--- a/modules/core/src/main/resources/views/error/403.html
+++ b/modules/core/src/main/resources/views/error/403.html
@@ -37,7 +37,7 @@ else {
<% } %>
diff --git a/modules/core/src/main/resources/views/error/404.html b/modules/core/src/main/resources/views/error/404.html
index 9f577e07..0ddccaf2 100644
--- a/modules/core/src/main/resources/views/error/404.html
+++ b/modules/core/src/main/resources/views/error/404.html
@@ -39,7 +39,7 @@ else {
<% } %>
diff --git a/modules/core/src/main/resources/views/error/500.html b/modules/core/src/main/resources/views/error/500.html
index cc831d4a..63cc7df1 100644
--- a/modules/core/src/main/resources/views/error/500.html
+++ b/modules/core/src/main/resources/views/error/500.html
@@ -45,7 +45,7 @@ else {
<% if (@Global.getPropertyToBoolean('error.page.printErrorInfo', 'true')
diff --git a/modules/core/src/main/resources/views/modules/sys/forgetPwd.html b/modules/core/src/main/resources/views/modules/sys/forgetPwd.html
index 02123553..37e37a94 100644
--- a/modules/core/src/main/resources/views/modules/sys/forgetPwd.html
+++ b/modules/core/src/main/resources/views/modules/sys/forgetPwd.html
@@ -95,7 +95,7 @@
<% } %>
diff --git a/modules/core/src/main/resources/views/modules/sys/registerUser.html b/modules/core/src/main/resources/views/modules/sys/registerUser.html
index a5cdc8d6..4c84bea2 100644
--- a/modules/core/src/main/resources/views/modules/sys/registerUser.html
+++ b/modules/core/src/main/resources/views/modules/sys/registerUser.html
@@ -91,7 +91,7 @@
<% } %>
diff --git a/modules/core/src/main/resources/views/modules/sys/sysDesktop.html b/modules/core/src/main/resources/views/modules/sys/sysDesktop.html
index a332816c..a0880bd5 100644
--- a/modules/core/src/main/resources/views/modules/sys/sysDesktop.html
+++ b/modules/core/src/main/resources/views/modules/sys/sysDesktop.html
@@ -714,7 +714,8 @@
<% } %>
diff --git a/modules/core/src/main/resources/views/modules/sys/sysLogin.html b/modules/core/src/main/resources/views/modules/sys/sysLogin.html
index d54244de..0f2ca550 100644
--- a/modules/core/src/main/resources/views/modules/sys/sysLogin.html
+++ b/modules/core/src/main/resources/views/modules/sys/sysLogin.html
@@ -98,7 +98,7 @@
<% } %>
diff --git a/web/src/main/resources/config/application.yml b/web/src/main/resources/config/application.yml
index 6eed37f9..83e4c931 100644
--- a/web/src/main/resources/config/application.yml
+++ b/web/src/main/resources/config/application.yml
@@ -484,6 +484,7 @@ shiro:
# isAllowExternalSiteIframe: true
#
# # 是否允许跨域访问 CORS,如果允许,设置允许的域名。当设置'*'号全部域名时,accessControlAllowCredentials应该设置为false。
+# # v4.2.3 开始支持多个域名和模糊匹配,例如:http://*.jeesite.com,http://*.jeesite.net
## accessControlAllowOrigin: http://demo.jeesite.com
## accessControlAllowOrigin: '*'
#