跨节点应用程序共享 Redis 会话 [英] Sharing Redis Sessions Across Node Apps

问题描述

我正忙于构建一个包含 3 个不同子域的平台 - example.com、auth.example.com 和 api.example.com.它们与运行在服务器不同端口上的 3 个单独的 NodeJS 应用一起运行.

I'm busy building a platform with 3 different subdomains - example.com, auth.example.com and api.example.com. They're run with 3 separate NodeJS apps running on different ports of the server.

这是设置会话的代码:

var session = require("express-session");
var redisStore = require("connect-redis")(session);
var redisClient = require("redis").createClient(config.redis);

app.use(session({
        secret: config.server.secret,
        store: new redisStore(config.redis),
        client: redisClient,
        resave: false,
        saveUninitialized: false,
        cookie: {
            domain: "example.co.za",
            httpOnly: false
        }
}));

所有 3 个应用的配置完全相同，并且它们位于同一台服务器上.出于某种原因，会话没有被共享.我似乎记得几周前他们被共享了，现在事情已经坏了 - 我偷偷地怀疑这发生在我们将所有流量从 HTTP 转移到 HTTPS 时.这会中断会议吗?我试图关闭 'httpOnly' 以防它限制会话，但没有运气.

The configuration is exactly the same for all 3 apps and they're sitting on the same server. For some reason, the sessions are not being shared. I seem to remember that they were being shared a few weeks back and now things are broken - I have a sneaky suspision that this happened when we moved all the traffic from HTTP to HTTPS. Would this break the sessions? I tried to turn of 'httpOnly' in case it restricted the sessions, but no luck.

我已经运行了 redid-cli MONITOR 并且会话实际上是在登录时保存的(Auth App)，但没有被其他应用程序检索.当我将 saveUninitialized 设置为 true 时，保存请求来自所有 3 个应用程序 - 这表明它们连接到同一个 Redis Store.

I have run redid-cli MONITOR and the session is, in fact, being saved on login (Auth App) but is not being retrieved by the other app. When I turned saveUninitialized to true, the requests to save were coming from all 3 apps - this shows that they are connected to the same Redis Store.

任何帮助都会很棒.

推荐答案

我认为这只是一个 cookie 问题.浏览器不会将会话 cookie 发送回您的子域:你需要一个领先的 .域上.例如:

I think this is just a cookie issue. The browser is not sending the session cookie back on your sub-domains: you need a leading . on the domain. e.g.:

cookie: {
   domain: ".example.co.za",
   httpOnly: false
}

如果这不起作用并且您遇到 AJAX 问题 看这篇文章

In case that doesn't work and you are having AJAX issues see this post

这篇关于跨节点应用程序共享 Redis 会话的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！