方法一 application.yml 里设置

server:
port: 80
servlet:
session:
tracking-modes: cookie
cookie:
http-only: true

方法二 启动类继承SpringBootServletInitializer 类,重写 onStartup 方法

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration;
import org.springframework.boot.web.servlet.support.SpringBootServletInitializer; import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.SessionCookieConfig;
import javax.servlet.SessionTrackingMode;
import java.util.Collections; @SpringBootApplication(exclude = DataSourceAutoConfiguration.class)
public class NdaDemoApplication extends SpringBootServletInitializer { public static void main(String[] args) {
SpringApplication.run(NdaDemoApplication.class, args);
}
public void onStartup(ServletContext servletContext)throws ServletException {
super.onStartup(servletContext);
servletContext.setSessionTrackingModes(Collections.singleton(SessionTrackingMode.COOKIE));
SessionCookieConfig sessionCookieConfig = servletContext.getSessionCookieConfig();
sessionCookieConfig.setHttpOnly(true);
}
}
05-20 10:48