我有一个在 tomcat 服务器上运行的服务,它返回一个带有键值对的标头集的Response对象。Set-Cookie当我通过在浏览器中输入服务 URL 直接查询该 url 时,cookie 被存储,并且在并发查询时,cookie 信息被发送到服务器。现在,当我尝试通过提供相同的 URL 来通过 XMLHTTPRequest 发出该服务请求时,cookie 信息不会被存储。js代码如下
function loadXMLDoc() {
var xmlhttp;
if (window.XMLHttpRequest) {
xmlhttp = new XMLHttpRequest();
}
xmlhttp.onreadystatechange = function () {
if (xmlhttp.readyState == 4 && xmlhttp.status == 200) {
document.getElementById("myDiv").innerHTML = xmlhttp.responseText;
}
}
xmlhttp.open("GET", url, true);
xmlhttp.send();
}
标头信息如下
Request URL: url //removed the actual URL
Request Method:GET
Status Code:200 OK
Request Headersview source
Accept:*/*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Host:192.168.11.11:8080
Origin:null
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.62 Safari/537.36
Response Headersview source
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:Origin, Content-Type, Accept, X-Json, Cookie
Access-Control-Allow-Methods:GET, POST, DELETE, PUT, OPTIONS
Access-Control-Allow-Origin:*
Content-Type:application/json
Date:Fri, 06 Sep 2013 10:04:49 GMT
Server:Apache-Coyote/1.1
Set-Cookie:key=value;Version=1 //removed actual cookie content
Transfer-Encoding:chunked
当通过 XHR 调用请求时,我在这里缺少什么导致 cookie 丢失?
提前致谢
编辑 1:我发现在第二种情况下(通过 javascript xmlHttpRequest 调用它),cookie 没有存储在浏览器本身中。关于为什么会发生这种情况的任何指示。当我直接在浏览器中输入服务 URL 时,cookie 被存储。通过 xmlHttpRequest,未存储。请求或响应标头中是否缺少某些内容?
编辑 2:添加 Java 类和 web.xml,以便更加清晰。
package com.gk.rest;
import javax.ws.rs.CookieParam;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.NewCookie;
import javax.ws.rs.core.Response;
import com.sun.jersey.spi.container.ContainerRequest;
import com.sun.jersey.spi.container.ContainerResponse;
import com.sun.jersey.spi.container.ContainerResponseFilter;
@Path("/rest")
public class RestJersey implements ContainerResponseFilter {
@Path("/response")
@GET
@Produces(MediaType.TEXT_PLAIN)
public Response sendResponse(@CookieParam(value = "userId") String userId ){
return Response.ok("Something").cookie(new NewCookie("userId","cookie1")).build();
}
@Override
public ContainerResponse filter(ContainerRequest creq,
ContainerResponse cres) {
cres.getHttpHeaders().add("Access-Control-Allow-Origin", "*");
cres.getHttpHeaders()
.add("Access-Control-Allow-Headers",
"origin, content-type, accept, cookie, x-json");
cres.getHttpHeaders().add("Access-Control-Allow-Credentials", "true");
cres.getHttpHeaders().add("Access-Control-Allow-Methods",
"GET, POST, PUT, DELETE, OPTIONS, HEAD");
cres.getHttpHeaders().add("Access-Control-Max-Age", "1209600");
return cres;
}
}
WEB.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
<display-name>RestJersey</display-name>
<servlet>
<servlet-name>RestJersey</servlet-name>
<servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
<init-param>
<param-name>com.sun.jersey.config.property.packages</param-name>
<param-value>com.gk.rest</param-value>
</init-param>
<init-param>
<param-name>com.sun.jersey.spi.container.ContainerResponseFilters</param-name>
<param-value>com.gk.rest.RestJersey</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>RestJersey</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
</web-app>