在Express应用程序中的默认connect.sid浏览器cookie上设置域 [英] Setting a domain on the default connect.sid browser cookie in an express app
问题描述
好的,所以我有一个Express/mongo应用程序,它基于子域运行.我已经读到,可以通过将Cookie的域设置为.mydomain.com
OK so I have an express/mongo app that operates based on subdomains. I have read that it's possible to have a session ID cookie be available to subdomains by setting the domain of the cookie to .mydomain.com
这应该可以,但是我不知道如何将该属性添加到默认浏览器cookie(connect.sid)中.
That should work, but I can't figure out how to get that property into the default browser cookie (connect.sid).
我正在使用express-session进行会话,使用connect-mongo持久化会话,当然还使用cookie解析器来使所有工作正常进行.
I'm using express-session for sessions, connect-mongo for persisting the sessions, and of course cookie-parser to make that all work.
似乎可以在几个不同的地方设置此属性,但是它们似乎都不会对我在Chrome开发工具中看到的实际cookie产生任何影响. :(
There seems to be a few different places where I might be able to set this property, but none of them seem to have any effect on the actual cookie I see in Chrome's dev tools. :(
这是应用程序配置块:
app.use(bodyParser());
app.use(methodOverride());
app.use(cookieParser('judy_has_cooties', { domain: '.' + app.settings.domainToUse }));
app.use(express.static(__dirname + '/app'));
app.use(function(req, res, next) {
res.header('Access-Control-Allow-Credentials', true);
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
res.header('Access-Control-Allow-Headers', 'X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept');
next();
});
app.use(session({
secret: app.config.secret,
cookie: {
domain: '.' + app.settings.domainToUse,
path: '/',
httpOnly: true,
secure: false,
maxAge: null
},
store: new MongoStore({url: app.config.db }, function(err){
console.log('session store is up.');
})
}));
app.use(subdomain({
base : app.settings.domainToUse + '',
removeWWW : true
}));
//app.use(morgan());
app.set('port', process.env.PORT || 3000);
app.engine('html', require('ejs').renderFile);
app.set('views', __dirname + '/app/views');
app.set('view engine', 'html');
app.server = require('http').createServer(app);
mongoose.connect(app.config.db);
require('./config/configure-routes')();
// Start server
app.server.listen(app.get('port'), function(){
console.log(">>>>> Node server is listening on port " + app.get('port'));
});
直到登录后,我才在浏览器中获取connect.sid cookie,因此,我认为当我调用sessionStore.set()时,它已经完成了.我不清楚的是设置实际浏览器cookie的方法.当我从某个路由身份验证中间件注销req.session对象时,我看到了所有正确的设置,但是实际的浏览器cookie并不能反映这些设置.
I don't get the connect.sid cookie in the browser until after I login, so I assume it's being done when I call sessionStore.set(). What I'm not clear on is what is setting the actual browser cookie. When I log out the req.session object from some route auth middleware I see all the correct settings, but the actual browser cookie doesn't reflect these settings.
我是否正确地认为会话cookie实际上只是在服务器上的会话存储中,而不是在浏览器中?而connect.sid只是查找那些cookie的句柄?
Am I right in thinking that the session cookie is actually just in the session store on the server and not in the browser? And the connect.sid is just a handle to look up those cookies?
如果是这样,我如何向浏览器cookie中添加更多数据,以使其在子域之间持久存在?
If so how can I add more data to the browser cookie to get it to persist between subdomains?
非常抱歉,可能无法理解会话和cookie如何一起工作.
Thanks and sorry for possibly not understanding how sessions and cookie work together.
推荐答案
啊!好的,我真的希望这对某人有帮助,因为我连续两天都在撞墙.
Ah! Ok I really hope this helps someone because I was banging my head agains the wall for 2 days.
因此,显然这根本不是与节点或我的服务器配置有关的问题.这纯粹是一个cookie问题.
So, apparently this was not an issue related to node, or my server config at all. It's purely a cookie problem.
Cookie似乎对他们在domain =字段中接收到的模式感到不满.如果某些内容不是1000%正确,它将拒绝并完全不设置Cookie.
Cookies it seems are super whiney about the patterns they receive in the domain= field. If something is not 1000% correct it will barf and just not set the cookie at all.
端口号为:3000的域将不起作用,而localhost将无法使用.localhost格式来启用子域.它需要一个.域名中的某个位置才能生效.
A domain with a port number like :3000 will not work and localhost will not work with the .localhost formatting for enabling subdomains. It requires a . some place in the domain name in order to be valid.
要在本地执行此操作,我必须进入本地DNS设置并设置一个.dev URL以重定向到本地主机.痛屁股!如果您使用的是OSX,这是一个很好的链接.
To do this locally I had to get into my local DNS settings and setup a .dev url to be redirected to localhost. Pain the ass! Here's a great link for that though if you're on OSX.
http://clintberry.com /2011/wildcard-sub-domains-on-osx-web-development-on-localhost/
一旦设置好,它就像大爆炸一样!
Once that was setup then it worked like gangbusters!
祝你好运.
这篇关于在Express应用程序中的默认connect.sid浏览器cookie上设置域的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
