方法一 application.yml 里设置
server:
port: 80
servlet:
session:
tracking-modes: cookie
cookie:
http-only: true
方法二 启动类继承SpringBootServletInitializer 类,重写 onStartup 方法
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration;
import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.SessionCookieConfig;
import javax.servlet.SessionTrackingMode;
import java.util.Collections;
@SpringBootApplication(exclude = DataSourceAutoConfiguration.class)
public class NdaDemoApplication extends SpringBootServletInitializer {
public static void main(String[] args) {
SpringApplication.run(NdaDemoApplication.class, args);
}
public void onStartup(ServletContext servletContext)throws ServletException {
super.onStartup(servletContext);
servletContext.setSessionTrackingModes(Collections.singleton(SessionTrackingMode.COOKIE));
SessionCookieConfig sessionCookieConfig = servletContext.getSessionCookieConfig();
sessionCookieConfig.setHttpOnly(true);
}
}