SetCookie标头未存储 [英] SetCookie header not stored

问题描述

我目前正在制作一个带有node/express.js(用于API)和Vue.js(用于前端)的Web应用程序.

I'm currently making a web app with node/express.js for the API and Vue.js for the front-end.

对于身份验证，我设置了一个JWT并通过cookie(HttpOnly)发送该值. Chrome/Firefox调试器的响应请求中包含"SetCookie"，但显然它没有存储在任何地方！ 当我尝试发出需要cookie的请求时，请求标头不包含任何cookie.我真的不明白为什么:/. 经过一些研究，我以为是因为我在localhost上工作，所以我将服务器移到了云上，并通过修改hosts文件在前端设置了一个虚假域，但是仍然无法正常工作.

For the authentication, I set a JWT and send the value via a cookie (HttpOnly). The "SetCookie" is in the response request in Chrome/Firefox debugger but apparently it is not stored anywhere ! When I try to make requests which need the cookie, the requests headers don't contain any cookie. I really don't understand why :/. After some researches, I thought it was because I was working on localhost, so I moved my server on the cloud and set a false domain for the front by modifying the hosts file, but it still doesn't work.

此处是响应请求的示例: 响应标头

here an example of response request : Response header

在服务器上设置Cookie:

res.cookie('token', token, {
     path: '/',
     domain: '.shareinfo.io',
     httpOnly: true, 
     maxAge: 86400000 // 24h
});

如果有人有想法或解决方案，那就太好了！

If someone has an idea or a solution, it would be very nice !

谢谢你，

Alvyre

推荐答案

最终，在我的计算机上有些头撞和在论坛上进行研究之后，我发现了问题.

FINALLY, after some head bangs on my computer and researches on forums, I found the issue.

我忽略了客户请求中的凭据，认为这对于身份验证并不重要，但这是一个巨大的错误.

I ignored credentials on client request, thinking it was not important for authentication, but it was a huge mistake.

实际上，凭据包括cookie，因此，如果您在向服务器/API发出请求时未将凭据设置为"true"，则所有返回的cookie都将被忽略.您必须在服务器和客户端上都授权凭据.

In fact credentials include cookies, so if you don't set credentials to 'true' when you make your request to your server/API, all returned cookies will be ignored. you have to authorize credentials both on your server and client.

所以最终的代码是将此选项变量添加到我的POST请求中:(使用 Vue.js )

so the final code was to add this option variable to my POST request : (with Vue.js)

//Request options (CORS)
    var options = {
        headers: {
        },
        credentials: true
    };

//Make your HTTP request:
    this.$http.post(<url>, payload, options).then((response) => {
        //success
    }, (response) => {
        //error
    });

这篇关于SetCookie标头未存储的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！