CORS »óȲ¿¡¼ ajax response·Î ÄíÅ°(cookie)¸¦ »ý¼ºÇÒ ¶§ »ý¼ºµÇÁö ¾Ê´Â °æ¿ì
SSO ȯ°æ¿¡¼ ÄíÅ°Á¤º¸¸¦ ±â¹ÝÀ¸·Î ·Î±×ÀÎÀÌ µÇ¾îÀÖ´Â »óȲ
ajax ¸¦ ÀÌ¿ëÇÏ¿© Å©·Î½º µµ¸ÞÀλóÅ¿¡¼ ÇØ´ç ¼ºñ½º¸¦ È£ÃâÀ» Çϸé ÄíÅ°Á¤º¸°¡ Àü¼ÛµÇÁö ¾Ê´Â´Ù.
¾Æ·¡ ÇØ°á¹æ¹ý
* ajax option¿¡ xhrfields : {withCredentials : true} ¸¦ ÁÖÀÚ
* ¼¹ö»çÀ̵忡¼´Â (ex: À¥¼¹ö) ¾Æ·¡ÀÇ Http Header ¼³Á¤µµ ÇÊ¿äÇÏ´Ù.
Access-Control-Allow-Credentials : true
Access-Control-Allow-Origin : http://aaa.com
=> withCredentialsÀÇ trueÀÎ °æ¿ì¿¡´Â asterisk(*)¸¦ »ç¿ëÇÒ ¼ö ¾ø°í µµ¸ÞÀÎÀ» ¸í½Ã/³ª¿ÇØ¾ß ÇÑ´Ù.
* ÄíÅ°¸¦ »ý¼ºÇß´Ù°í Çصµ, CORS ¿äûÀÏ °æ¿ì¿¡´Â ÄíÅ°°¡ ÀüÇô Àü¼ÛµÇÁö ¾ÊÀ½¿¡ ÁÖÀÇÇÏÀÚ.
Ãâó : http://itpsolver.com/ajax-response%EB%A1%9C-%EC%BF%A0%ED%82%A4cookie%EB%A5%BC-%EC%83%9D%EC%84%B1%ED%95%A0-%EB%95%8C-%EC%83%9D%EC%84%B1%EB%90%98%EC%A7%80-%EC%95%8A%EB%8A%94-%EA%B2%BD%EC%9A%B0/
Ãâó: http://dotweb.tistory.com/225 [Àý´ë·Î °í°³¸¦ ¶³±¸Áö ¸»¶ó. °í°³¸¦ Ä¡Äѵé°í ¼¼»óÀ» ¶È¹Ù·Î ¹Ù¶óº¸¶ó.]