增加 sessionIdCookieSameSite 参数

modules/core/src/main/java/com/jeesite/common/shiro/filter/FormAuthenticationFilter.java

@@ -21,6 +21,7 @@ import org.apache.shiro.session.Session;
 import org.apache.shiro.subject.Subject;
 import org.apache.shiro.web.servlet.Cookie;
 import org.apache.shiro.web.servlet.SimpleCookie;
+import org.apache.shiro.web.servlet.Cookie.SameSiteOptions;
 import org.apache.shiro.web.util.WebUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -69,6 +70,8 @@ public class FormAuthenticationFilter extends org.apache.shiro.web.filter.authc.
 		rememberUserCodeCookie.setName(REMEMBER_USERCODE_PARAM);
 		rememberUserCodeCookie.setPath(Global.getProperty("session.sessionIdCookiePath"));
 		rememberUserCodeCookie.setSecure(Global.getPropertyToBoolean("session.sessionIdCookieSecure", "false"));
+		rememberUserCodeCookie.setHttpOnly(Global.getPropertyToBoolean("session.sessionIdCookieHttpOnly", "true"));
+		rememberUserCodeCookie.setSameSite(SameSiteOptions.valueOf(Global.getProperty("session.sessionIdCookieSameSite", "LAX")));
         instance = this;
 	}
 	

modules/core/src/main/resources/config/jeesite-core.yml

@@ -455,9 +455,10 @@ session:
   # 共享的SessionId的Cookie名称，保存到跟路径下，第三方应用获取。同一域名下多个项目时需设置共享Cookie的名称。
   #shareSessionIdCookieName: ${session.sessionIdCookieName}
 
-  # 仅在 HTTPS 下通信 Cookie 数据
+  # 其它 SimpleCookie 参数（v4.2.3）
-  #session.sessionIdCookieSecure: false
+  #sessionIdCookieSecure: false
-  #session.sessionIdCookieHttpOnly: true
+  #sessionIdCookieHttpOnly: true
+  #sessionIdCookieSameSite: LAX
   
   # 设置接收SessionId请求参数的名称
   sessionIdParamName: __sid