前端後分離Ajax跨域請求保證Session一致

先後端分離的項目，使用Ajax請求通常都出現跨域的問題。
跨域的時候所建立的session是不會被瀏覽器保存下來的。因此每次進行跨域請求時，服務器都認爲不是同一個瀏覽器所發起的請求，session也會不同。如下將介紹如何保證session一致。

前端Ajax請求

$.ajax({
    url:url,
    <! -- 加上此部分 Start-- >
    xhrFields: {
       withCredentials: true
    },
    crossDomain: true,
    <! -- 加上此部分 End-- >
    success:function() {
    },
    error:function() {
    }
});

後端構建一個攔截器，對須要跨域訪問的request頭部重寫
如：

public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
    HttpServletResponse response= (HttpServletResponse) servletResponse;
    HttpServletRequest request=(HttpServletRequest)servletRequest;
    response.setHeader("Access-Control-Allow-Origin", "*");
    response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
    response.setHeader("Access-Control-Max-Age", "3600");
    response.setHeader("Access-Control-Allow-Headers", "x-requested-with");
    response.setHeader("Access-Control-Allow-Credentials", "true");
    response.setHeader("XDomainRequestAllowed","1");
    filterChain.doFilter(servletRequest,servletResponse);
}

另外Spring boot的項目能夠添加攔截配置，如下：

@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class AuthCorsFilter extends CorsFilter {

    public AuthCorsFilter() {
        super(configurationSource());
    }

    private static UrlBasedCorsConfigurationSource configurationSource() {
        CorsConfiguration config = new CorsConfiguration();
        config.setAllowCredentials(true);
        config.addAllowedOrigin("*");
        config.addAllowedHeader("*");
        config.addAllowedMethod("*");
        config.setAllowCredentials(true);
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", config);
        return source;
    }
}