Recent projects need when login to add captcha images, then online literally sought a generated authentication code, the method of interface test is no problem, but when docking with the front end, each request to the session inconsistent problems, later found the solution:
The front plus:
Axios. Defaults. WithCredentials=true;
Backend and cross-domain configuration (plus the gateway layer) :
Private CorsConfiguration CorsConfiguration () {
CorsConfiguration CorsConfiguration=new CorsConfiguration ();
CorsConfiguration. AddAllowedOrigin (" * ");
CorsConfiguration. AddAllowedHeader (" * ");
CorsConfiguration. AddAllowedMethod (" * ");
CorsConfiguration. SetAllowCredentials (true);
Return corsConfiguration;
}

/* *
* cross-domain configuration
*/
@ Bean
Public CorsFilter CorsFilter () {
UrlBasedCorsConfigurationSource source=new UrlBasedCorsConfigurationSource ();
Source. RegisterCorsConfiguration ("/* *, "corsConfiguration ());
Return new CorsFilter (source);
}

Key: the vue front don't in the local test, must be put in the server to above, or will the session, remember to keep in mind, this is my on the crater.

CodePudding user response:

Can be placed in the local test

CodePudding user response:

Logic is not right,
Should avoid to use the Session,
Issued by the authentication code, at the same time issued a corresponding Token,
Front end when submit verification code, submitted at the same time corresponding Token, back-end according to Token to obtain corresponding server authentication code, compared with the authentication code of the front

CodePudding user response:

Test the server every time very troublesome, it is best to front-end developer also installing eclipse, synchronous back-end code, compile restart Tomcat,
The front end can realize local development testing

CodePudding user response:

refer to the second floor water 2 reply:

logic is not right,
Should avoid to use the Session,
Issued by the authentication code, at the same time issued a corresponding Token,
Front end when submit verification code, submitted at the same time corresponding Token, back-end according to Token to obtain corresponding server authentication code, compared with the authentication code of the front-end

is the background generated captcha images, return the picture directly

CodePudding user response:

reference 4 floor Liyiqi97 response:

Quote: refer to the water's edge on the second floor 2 reply:

logic is not right,
Should avoid to use the Session,
Issued by the authentication code, at the same time issued a corresponding Token,
Front end when submit verification code, submitted at the same time corresponding Token, back-end according to Token to obtain corresponding server authentication code, compared with the authentication code of the front-end

is the background generated captcha images, direct return the picture

Images can also be issued a Cookie, Token Cookie,
In addition, in order to avoid trouble, cross domain may also return a json string, pictures as base64 string

CodePudding user response:

refer to the second floor water 2 reply:

logic is not right,
Should avoid to use the Session,
Issued by the authentication code, at the same time issued a corresponding Token,
Front end when submit verification code, submitted at the same time corresponding Token, back-end according to Token to obtain corresponding server authentication code, compared with the authentication code of the front-end

good oh! Ha ha ha ha ha ha

CodePudding user response:

Under the development of the front-end configuration proxy server

CodePudding user response:

You this is cross domain problems, not with the problem of the session, after forwarding gateway layer is likely to be the session, including cluster environment, the session session did not keep for a long time also can appear inconsistent session,

I've met, did simple processing, page generated random uuid, with the uuid when you request a captcha image, the generated verification code associated with this uuid, front-end validation request verification code when the uuid and verification code, that is not the session, it is a form of false token, the token is generated in the front, rather than generated in the background, also can be in when the page loads first token from the background page again for processing

CodePudding user response:

With spring cloud why use Session, your logic is still stay on the single machine, my solution is: generate captchas, then generate a box key authentication code, the verification code the key as redis key deposit verification code into the redis, then the verification code generated images, will be the key and images of base64 string, in the form of json returned to the front, and then, according to the front end submit back according to the front end to submit key to remove the captcha redis than can be directly

CodePudding user response:

Problem a:
axios. Defaults. WithCredentials=true;
With the
corsConfiguration. AddAllowedOrigin (" * ");
Conflicts, there will be a cross-domain problem;