不使用https和安全标记在openshift上发送快捷会话Cookie [英] Express session-cookie not being sent on openshift with https and secure flag

问题描述

有一个奇怪的问题，我使用Express和在开发中我们使用http和 secure：false 为会话cookie，但现在我们正在移动到openshift我们有转向https认为这将是一个简单的努力，但我们的cookie不会被发送回响应。然而，如果我们关闭https，并恢复回http在openshift它工作正常和cookie发送。

Got a strange issue, I am using Express and in development we use http and have secure: false for the session cookie, however now we are moving to openshift we have turned https on thinking it would be a simple endeavour but our cookies are not being sent back with the responses. If however we turn off https and revert back to http on openshift it works fine and cookies are sent.

这里是一个示例的cookie配置看起来像： / p>

So here is an example of what the cookie config looks like:

var setupSession = function() {
    var sessionConfig = {
        secret: environmentVars.cookie.secret,
        name: environmentVars.cookie.name,
        maxAge: environmentVars.cookie.expiry,
        domain: environmentVars.cookie.domain,
        httpOnly: true,
        secure: environmentVars.cookie.secure, // true when using https
        secureProxy: environmentVars.cookie.secure, // true when using https
        signed: true
    };
    app.set('trust proxy', 1); // Just added this, still no luck
    app.use(session(sessionConfig));
};

所以上面的代码在应用程序启动时运行，安全连接环境变量为我们设置，并且当以上与HTTPS结合使用时，没有cookie从快递返回，然而openshift cookie被发回，像齿轮一样。再次使用http和禁用安全的东西工作正常，我们都得到饼干和欢喜。所有响应的工作和数据发送回它的只是设置cookie头缺少应用程序的cookie（但提到不是openshift的）。

So the above is run when the app starts up and as noted in the comments when we are using a secure connection the environment vars are set for us, and when the above is used in conjunction with HTTPS no cookie is sent back from express, however openshift cookies are sent back, like the gears one etc. Again with http and disabling the secure stuff it works fine we all get cookies and rejoice. All responses work and data is sent back its just the set-cookie header is missing for the apps cookies (but as mentioned not openshift ones).

因此，实际证书是不在nodejs中设置它在openshift上设置为应用证书的别名。所以express真的不知道它正在运行在https环境变量，它被传递和端口由运行它的齿轮提供。

So the actual certificate is not setup within nodejs it is setup on openshift as an alias with a certificate applied. So express really has no idea it is being run in https other than the environmental vars it is passed and the port it is provided by the gear that is running it.

有任何人有什么类似或有任何想法，我们可以尝试解决问题或诊断吗？我做了一些阅读，人们建议尝试信任代理和secureProxy，这已经完成，但仍没有运气。

So has anyone else had anything similar or has any ideas on what we can try to solve the problem or diagnose it? I did some reading and people suggested trying the trust proxy and secureProxy, which has been done but still no luck.

推荐答案

结果我只是一个白痴，它应该看起来像：

So it turns out I was just being an idiot, it should look like:

var setupSession = function() {
    var sessionConfig = {
        secret: environmentVars.cookie.secret,
        name: environmentVars.cookie.name,
        maxAge: environmentVars.cookie.expiry,
        domain: environmentVars.cookie.domain,
        httpOnly: true,            
        secureProxy: environmentVars.cookie.secure, // true when using https
        signed: true,
        cookie: {
            secure: environmentVars.cookie.secure, // true when using https
        }
    };
    app.set('trust proxy', 1); // Just added this, still no luck
    app.use(session(sessionConfig));
};

现在所有功能：）

这篇关于不使用https和安全标记在openshift上发送快捷会话Cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！