set-cookie为什么不起作用？

Question

Welcome To Ask or Share your Answers For Others

set-cookie为什么不起作用？

asked Jan 27, 2021 in Technique[技术] by 深蓝 (71.8m points)

set-cookie为什么不起作用？

发了两个请求
第一个是这样的：
`GET /getCSRFToken HTTP/1.1
Host: localhost:7001
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Accept: application/json, text/plain, /
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36
X-Custom-Header: dolphinFrontend
Origin: http://localhost:8080
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost:8080/
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,zh-TW;q=0.7,ar;q=0.6`
返回了：
`HTTP/1.1 200 OK
set-cookie: csrfToken=pEf-u_cZN7ukwtVu4n2a2260; path=/
Access-Control-Allow-Origin: http://localhost:8080
Access-Control-Allow-Headers: Content-Type, Content-Length, Authorization, Accept, X-Requested-With, X-Custom-Header
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,PATCH
Access-Control-Allow-Credentials: true
content-type: application/json; charset=utf-8
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-readtime: 1
keep-alive: timeout=5
content-length: 51
Date: Mon, 12 Oct 2020 01:37:00 GMT
Connection: keep-alive`

第二个是这样的：
`POST /user/login?_csrf=Infinity HTTP/1.1
Host: localhost:7001
Connection: keep-alive
Content-Length: 138
Accept: application/json, text/plain, /
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36
X-Custom-Header: dolphinFrontend
Content-Type: application/json;charset=UTF-8
Origin: http://localhost:8080
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost:8080/
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,zh-TW;q=0.7,ar;q=0.6
Cookie: DSESSIONID=eyJpZCI6MSwidXNlcklkIjoxLCJfZXhwaXJlIjoxNjA1MDU4MTQ0MTM2LCJfbWF4QWdlIjoyNTkyMDAwMDAwfQ==; DSESSIONID.sig=hij8zHCFj22aTWX1XNs3Odbv2BgFkF3dYgnbFRLkc5I`

返回了：
`HTTP/1.1 403 Forbidden
set-cookie: csrfToken=IX77SFzirlbGCtFDuAjGuQ4L; path=/
content-type: application/json; charset=utf-8
content-length: 32
Date: Mon, 12 Oct 2020 01:40:17 GMT
Connection: keep-alive`

两次请求的返回都有set-cookie头
但是只有第二次生效了第一次没有设置cookie

为什么如何解决？

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

1 Answer

深蓝 · Answer 1 · 2021-01-26T20:46:10+0000

解决了
在请求中设置
{ withCredentials: true }

withCredentials不仅会在发送时候带上cookie，还会被用做响应中cookies 被忽视的标示

参考

Categories

set-cookie为什么不起作用？

set-cookie为什么不起作用？

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags