无法覆盖 cookie

问题描述

我正在使用 Servlet 过滤器来拦截存在 cookie 的请求，然后尝试使用 ThreadLocal 覆盖特定的 cookie 值。

但是覆盖的值没有得到反映。此外，它无法在尝试时添加新的 cookie。无法弄清楚我做错了什么。

Controller Class 有两个 get 端点。使用 cookie 端点，我试图在响应中添加一个 cookie，以便在我之后点击覆盖端点时拦截和测试它。

@RestController
public class FilterController {
    
    @Autowired
    AlphaCookie alphaCookie;
    
    @Autowired
    AlphaCookieFilter alphaCookieFilter;
    
    @GetMapping("override") // testing endpoint for overriding cookie
    public String cookieTest() {
        this.alphaCookieFilter.persist(new AlphaCookie("newValue"));
        return "Cookie Overriden,{ AlphaCookie: newValue }";
    }
    
        
    @GetMapping("cookie")   // to add cookie for testing
    public String addCookieToBrowser(HttpServletResponse httpServletResponse) {
        Cookie cookie = new Cookie("AlphaCookie","oldValue");
        cookie.setMaxAge(3600);
        httpServletResponse.addCookie(cookie);
        return "Cookie added,{ AlphaCookie: old }";
    }
}

过滤拦截请求并检查特定的cookie，同时覆盖cookie

@Component("alphaCookieFilter")
public class AlphaCookieFilter implements Filter {

    @Autowired
    private ApplicationContext applicationContext;
    
    public static final ThreadLocal<HttpServletResponse> RESPONSE_HOLDER  = new ThreadLocal<>();
    

    @Override
    public void doFilter(ServletRequest request,ServletResponse response,FilterChain chain)
            throws IOException,ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
        RESPONSE_HOLDER.set((HttpServletResponse) response);
        
        String activeCookie = null;
        
        if (httpServletRequest.getCookies() != null) {
            for (Cookie cookie: httpServletRequest.getCookies()) {
                if ("AlphaCookie".equals(cookie.getName())) {
                    activeCookie = cookie.getValue();
                }
            }
        }
        
        this.applicationContext.getBean("alphaCookie",AlphaCookie.class)
                               .override(new AlphaCookie(activeCookie));
        
        chain.doFilter(request,response);
        RESPONSE_HOLDER.remove();
    }
    
    public void persist(AlphaCookie alphaCookie) {
        Cookie cookie = new Cookie("AlphaCookie",alphaCookie.getActiveCookie());
        cookie.setDomain("code.org");
        cookie.setPath("/");
        cookie.setMaxAge(-1);
        cookie.setSecure(true);
        cookie.setHttpOnly(true);
        RESPONSE_HOLDER.get().addCookie(cookie);
    }
}

POJO 用于存储 cookie 值

@Component("alphaCookie")
public class AlphaCookie implements Serializable {

    private static final long serialVersionUID = 1L;

    private String activeCookie;

    public AlphaCookie() {
        super();
    }

    public AlphaCookie(String activeCookie) {
        this();
        this.activeCookie = activeCookie;
    }


    public void override(AlphaCookie alphaCookie) {
        synchronized (this) {
            this.activeCookie = alphaCookie.activeCookie;
        }
    }

    public String getActiveCookie() {
        return this.activeCookie;
    }
}

在调试时，我发现以下属性不允许我覆盖 cookie 值。

cookie.setDomain("code.org");
cookie.setSecure(true);

---------已解决-----------

用于本地测试

我们应该始终将域名设置为 localhost
将 cookie.setSecure 设置为 false，因为 localhost 不是安全协议（非 HTTPS）

解决方法

暂无找到可以解决该程序问题的有效方法，小编努力寻找整理中！

如果你已经找到好的解决方法，欢迎将解决方案带上本链接一起发送给小编。

小编邮箱:dio#foxmail.com (将#修改为@）

cookies filter filter java java spring-boot thread-local