快递js重定向与cookie,cookie不存在 [英] Express js redirect with cookie, cookie not present
问题描述
所以我使用Passport-js实现了facebook登录。我还使用了良好的用户名/密码登录实现了Cookie策略。
我的设置是Express-js后端和React前端。后端和前端在不同的服务器和域上运行(backend-client.com,frontend-client.com)。
So I've implemented facebook login using Passport-js. I've also implemented Cookie-strategy for using good ole username/password login. My setup is Express-js backend and a React front-end. Backend and frontend runs on different servers and domains(backend-client.com, frontend-client.com).
一切都像本地主机上的魅力,但不适合舞台和制作环境。不知道是否重要,但我正在使用Heroku来托管我的申请。
Everything works like a charm on localhost but not in stage and production environment. Don't know if it matters but I'm using Heroku for hosting my applications.
问题:
当facebook身份验证完成后,Express服务器会将用户重定向到前端应用程序。 Cookie是一个包含用户信息的JWT,用于检查用户是否已登录。
When the facebook authentication is complete, the Express server redirects the user to the frontend app. The cookie is a JWT containing user info to check if the user is logged in.
const cookieSettings = {
domain: process.env.COOKIE_DOMAIN,
secure : (process.env.APP_MODE === 'local' ? false : true),
httpOnly : true,
};
const cookieMaxAge = {
maxAge : 14 * 24 * 60 * 60 * 1000 // 14 days, 24h, 60 min, 60 sec * miliseconds
}
router.get('/auth/facebook/', passport.authenticate('facebook'));
router.get('/auth/facebook/callback', function(req, res, next) {
passport.authenticate('facebook', async function (err, profile, info) {
if (err || !profile) {
res.redirect(`${process.env.FRONTEND_BASE_URL}?success=0`);
}
const user = await User.findOne({ facebookId : profile.facebookId });
return user.generateAuthToken().then((token) => {
res.cookie(COOKIE_NAME, token.token, {...cookieSettings, ...cookieMaxAge});
res.redirect(`${process.env.FRONTEND_BASE_URL}?success=1`); // redirect back to frontend-client with cookie
});
})(req, res, next);
});
当用户点击/ auth / facebook / callback时,cookie存在
When the user hits /auth/facebook/callback the cookie is present
但是,当用户返回前端客户端时,响应标头中不会发送cookie。
However when the user returns to the frontend client no cookie is sent in the response headers.
我无法解决这个问题。我是否遗漏了一些关于cookie的基本原理?
I can't wrap my head around this. I'm I missing some fundamentals around cookies?
旁注:
当用户使用用户名和密码登录时,cookie将返回给用户。如果重要,则使用带有Axios的ajax-request创建login方法。所以我知道我正在使用的cookie设置没有问题。
Side note: When the user logs in using username and password the cookie is returned to the user. The login method is created using ajax-request with Axios if it matters. So I know there's no issue with the cookie settings I'm using.
推荐答案
所以经过一周左右的时间结果发现它是一个Heroku域名问题。我在我的前端和后端应用程序中使用了多个Heroku域名(backend.herokuapp.com,frontend.herokuapp.com)。
So after a week or so it turns out it was a Heroku domain issue. I was using multiple Heroku domains for my frontend and backend apps(backend.herokuapp.com, frontend.herokuapp.com).
根据Heroku文档
换句话说,在支持该功能的浏览器中,herokuapp.com域中的
应用程序无法为*设置
cookies .herokuapp.com
In other words, in browsers that support the functionality, applications in the herokuapp.com domain are prevented from setting cookies for *.herokuapp.com
我通过向我的应用添加自定义域解决了我的问题(backend.mycustomdomain.com,frontend.mycustomdomain。 com)并且cookie从服务器响应
I solved my issue by adding a custom domain to my apps(backend.mycustomdomain.com, frontend.mycustomdomain.com) and the cookie was in added to the client from the server-response
这篇关于快递js重定向与cookie,cookie不存在的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!