response header
access-control-allow-credentials: true
access-control-allow-origin: http://localhost:4200
cache-control: no-cache, no-store
connection: keep-alive, close
content-type: application/json;charset=UTF-8
date: Mon, 05 Nov 2018 09:26:16 GMT
set-cookie: uInfo=$2a$10$vrLly47d7WPDH1386EvFEuaeaypaM.21qw8wi54Cz4V5PrvctTAvq; Max-Age=1800; Expires=Mon, 05-Nov-2018 09:56:16 GMT; Path=/; HttpOnly
transfer-encoding: chunked
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
X-Powered-By: Express
request header
Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Connection: keep-alive
Content-Length: 57
Content-Type: application/json
Cookie: SESSION=ZTc4MzI5NmUtMzczYy00YjQxLWEzMGQtZDkyMjNhODgyM2Nl
DNT: 1
Host: localhost:4200
Origin: http://localhost:4200
Referer: http://localhost:4200/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
代码
Cookie cookie = new Cookie("uInfo", uInfo);
cookie.setMaxAge( httpSession.getMaxInactiveInterval());
cookie.setPath("/");
cookie.setHttpOnly(true);
response.addCookie(cookie);
response.addHeader("cache-control", "no-cache");
response.addHeader("cache-control", "no-store");
response.addHeader("connection", "keep-alive");