Reference code: Spring Boot: remove jsessionid from url
My SpringBoot uses 2.0.*, the first and second solutions in the answer are invalid.
The code shown in the third scheme should be added to the inherited Configuration
@Configuration //WebMvcConfigurerAdapter在2.0.*中已作废,有WebMvcConfigurer,WebMvcConfigurationSupport两种方案。 //public class WebSecurityConfig extends WebMvcConfigurerAdapter{ public class WebSecurityConfig implements WebMvcConfigurer { //public class WebSecurityConfig extends WebMvcConfigurationSupport { @Bean public ServletContextInitializer servletContextInitializer() { return new ServletContextInitializer() { @Override public void onStartup(ServletContext servletContext) throws ServletException { servletContext.setSessionTrackingModes(Collections.singleton(SessionTrackingMode.COOKIE)); SessionCookieConfig sessionCookieConfig=servletContext.getSessionCookieConfig(); sessionCookieConfig.setHttpOnly(true); } }; } }
or
@Configuration // WebMvcConfigurerAdapter is obsolete in 2.0.*, there are two schemes: WebMvcConfigurer and WebMvcConfigurationSupport. // public class WebSecurityConfig extends WebMvcConfigurerAdapter{ public class WebSecurityConfig implements WebMvcConfigurer { // public class WebSecurityConfig extends WebMvcConfigurationSupport { @Bean public ServletContextInitializer servletContextInitializer() { return servletContext -> { servletContext.setSessionTrackingModes(Collections.singleton(SessionTrackingMode.COOKIE)); SessionCookieConfig sessionCookieConfig=servletContext.getSessionCookieConfig(); sessionCookieConfig.setHttpOnly(true); }; } }
You can see that the code implements the following interface
package org.springframework.boot.web.servlet; import javax.servlet.ServletContext; import javax.servlet.ServletException; @FunctionalInterface public interface ServletContextInitializer { void onStartup(ServletContext servletContext) throws ServletException; }