From 25d6b09999f9f118dec178e391efd2a616276105 Mon Sep 17 00:00:00 2001
From: PushM <584406942@qq.com>
Date: Fri, 17 May 2024 14:23:10 +0800
Subject: [PATCH] =?UTF-8?q?1=E3=80=81=E4=BF=AE=E5=A4=8Dset-Cookie=20path?=
 =?UTF-8?q?=E9=94=99=E8=AF=AF?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../server/user/login/LoginController.java       | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/src/main/java/com/realtime/protection/server/user/login/LoginController.java b/src/main/java/com/realtime/protection/server/user/login/LoginController.java
index e3e161d..7f2df17 100644
--- a/src/main/java/com/realtime/protection/server/user/login/LoginController.java
+++ b/src/main/java/com/realtime/protection/server/user/login/LoginController.java
@@ -2,6 +2,8 @@ package com.realtime.protection.server.user.login;
 
 import javax.security.auth.login.LoginException;
 
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -48,6 +50,7 @@ public class LoginController {
     @PostMapping("/auth")
     public ResponseResult auth(@RequestParam("sessionData") String sessionData,
                                @Autowired HttpServletRequest request,
+                               @Autowired HttpServletResponse response,
                                @RequestParam(value = "scopes", required = false) String scopes) {
         try {
             UserFull userFull = loginService.loginWithSSO(sessionData);
@@ -57,11 +60,22 @@ public class LoginController {
             // 设置 session
             HttpSession session = request.getSession();
             session.setAttribute("user", userFull);
+
+            String sessionId = session.getId();
+
+            // 设置JSESSIONID Cookie
+            Cookie sessionCookie = new Cookie("JSESSIONID", sessionId);
+            sessionCookie.setPath("/api"); // 确保路径正确
+            sessionCookie.setHttpOnly(true); // 防止客户端脚本访问
+            response.addCookie(sessionCookie);
+
             // 返回结果
             return ResponseResult.ok().setMessage("success")
                 .setData("userId", userFull.uid)
                 .setData("userName", userFull.name)
-                .setData("userRole", userFull.getRoleKey());
+                .setData("userRole", userFull.getRoleKey())
+                .setData("UserDepartment", userFull.getOrgName())
+                ;
         } catch (Exception e) {
             return ResponseResult.error(e.getMessage());
         }