Cross-domain request session sharing problem

server code

     @RequestMapping("/checkImgCode")
     @ResponseBody
    public String checkImgCode(String imgCode,String mobile,HttpServletRequest request ,HttpServletResponse response) throws IOException {
        String message="fail";
        Integer respCode=Constants.SERVER_INNER_ERRORCODE;
        Result result=new Result(respCode,message);
       

        //Some business code is omitted here......

        

        // Specify to allow other domain names to access
        response.setHeader("Access-Control-Allow-Origin", "*");
        // Response type
        response.setHeader("Access-Control-Allow-Methods", "POST");
        / / response header settings

        response.setHeader("Access-Control-Allow-Headers", "x-requested-with,content-type"); 

        //Set to allow cross-domain transfer of cookies 

        response.setHeader("Access-Control-Allow-Credentials","true");
        String s = JSON.toJSONString(result);
        //配合ajax跨域请求
        String string=" successCallback ("+s+")";
        return string;

    }

front-end code

 $.ajax({
        type:"get",
        async : true,
        dataType:'jsonp',
        jsonp:'callback',
       jsonpCallback: "successCallback",//This name and background name need to match         xhrFields: {             withCredentials: true         },         crossDomain: true,         url:springbootUrl+'/book/checkImgCode?mobile='+mobile+'&imgCode='+imgCode, /*url write exotic request address*/

        success:function(data){

        ｝

Tips：

    After testing, common browsers such as Windows Google Chrome have no problems, and most Android devices have no problems. However, when the safari browser of the ios system has a problem of session inconsistency, the sessionId is refreshed every cross-domain request, which can be found in the ios system settings. Safari > Privacy & Security > Block Cross-Site Tracking (turn this option off)