快递js重定向与cookie，cookie不存在 [英] Express js redirect with cookie, cookie not present

问题描述

所以我使用Passport-js实现了facebook登录。我还使用了良好的用户名/密码登录实现了Cookie策略。
我的设置是Express-js后端和React前端。后端和前端在不同的服务器和域上运行（backend-client.com，frontend-client.com）。

So I've implemented facebook login using Passport-js. I've also implemented Cookie-strategy for using good ole username/password login. My setup is Express-js backend and a React front-end. Backend and frontend runs on different servers and domains(backend-client.com, frontend-client.com).

一切都像本地主机上的魅力，但不适合舞台和制作环境。不知道是否重要，但我正在使用Heroku来托管我的申请。

Everything works like a charm on localhost but not in stage and production environment. Don't know if it matters but I'm using Heroku for hosting my applications.

问题：

当facebook身份验证完成后，Express服务器会将用户重定向到前端应用程序。 Cookie是一个包含用户信息的JWT，用于检查用户是否已登录。

When the facebook authentication is complete, the Express server redirects the user to the frontend app. The cookie is a JWT containing user info to check if the user is logged in.

const cookieSettings = {
    domain: process.env.COOKIE_DOMAIN,
    secure : (process.env.APP_MODE === 'local' ? false  : true),
    httpOnly : true,
};

const cookieMaxAge = {
    maxAge : 14 * 24 * 60 * 60 * 1000 // 14 days, 24h, 60 min, 60 sec * miliseconds
}

router.get('/auth/facebook/', passport.authenticate('facebook'));
router.get('/auth/facebook/callback', function(req, res, next) {
    passport.authenticate('facebook', async function (err, profile, info) {
        if (err || !profile) {
            res.redirect(`${process.env.FRONTEND_BASE_URL}?success=0`);
        }
        const user = await User.findOne({ facebookId : profile.facebookId });
        return user.generateAuthToken().then((token) => {
            res.cookie(COOKIE_NAME, token.token, {...cookieSettings, ...cookieMaxAge});
            res.redirect(`${process.env.FRONTEND_BASE_URL}?success=1`); // redirect back to frontend-client with cookie
        });
    })(req, res, next);
});

当用户点击/ auth / facebook / callback时，cookie存在

When the user hits /auth/facebook/callback the cookie is present

但是，当用户返回前端客户端时，响应标头中不会发送cookie。

However when the user returns to the frontend client no cookie is sent in the response headers.

我无法解决这个问题。我是否遗漏了一些关于cookie的基本原理？

I can't wrap my head around this. I'm I missing some fundamentals around cookies?

旁注：
当用户使用用户名和密码登录时，cookie将返回给用户。如果重要，则使用带有Axios的ajax-request创建login方法。所以我知道我正在使用的cookie设置没有问题。

Side note: When the user logs in using username and password the cookie is returned to the user. The login method is created using ajax-request with Axios if it matters. So I know there's no issue with the cookie settings I'm using.

推荐答案

所以经过一周左右的时间结果发现它是一个Heroku域名问题。我在我的前端和后端应用程序中使用了多个Heroku域名（backend.herokuapp.com，frontend.herokuapp.com）。

So after a week or so it turns out it was a Heroku domain issue. I was using multiple Heroku domains for my frontend and backend apps(backend.herokuapp.com, frontend.herokuapp.com).

根据Heroku文档

换句话说，在支持该功能的浏览器中，herokuapp.com域中的
应用程序无法为*设置
cookies .herokuapp.com

In other words, in browsers that support the functionality, applications in the herokuapp.com domain are prevented from setting cookies for *.herokuapp.com

我通过向我的应用添加自定义域解决了我的问题（backend.mycustomdomain.com，frontend.mycustomdomain。 com）并且cookie从服务器响应

I solved my issue by adding a custom domain to my apps(backend.mycustomdomain.com, frontend.mycustomdomain.com) and the cookie was in added to the client from the server-response

这篇关于快递js重定向与cookie，cookie不存在的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！