如何在Express JS中使用Cookie重定向到其他域 [英] How to redirect to different domain with a cookie in Express js

问题描述

我正在使用Express on Node开发一个Web应用程序.我正在尝试实现代理登录功能，在该功能下，用户直接登录并在登录到我的网站后将其重定向到另一个网站.

I'm developing a web app using Express on Node. I'm trying to implement a proxy login functionality where an user is directly logged in and redirected to another site after he logs into to my site.

在路由功能中，我正在编写以下代码
res.cookie('fanws'，'value');
res.redirect(' http://hostname/path '); //另一个站点

In my routing function I'm writing the following code
res.cookie('fanws', 'value' );
res.redirect('http://hostname/path'); // another site

我在chrome中使用了调试器，发现cookie没有被添加到重定向页面中.

I used the debugger in chrome and saw that the cookie is not getting added in the redirected page.

我在本地主机上运行该应用程序，并且我重定向到的站点托管在本地网络上的另一台服务器上.

I'm running the app on localhost and the site which i'm redirecting to is hosted on another server on local network.

我该怎么做才能将cookie添加到重定向路径上?

What should I do to add the cookie on the redirected path?

推荐答案

总而言之，您无法在浏览器中设置cookie或读取您无法控制服务器或拥有自己网站的站点的cookie.该页面中的客户端代码.出于安全原因，cookie系统是按这种方式专门设计的.因此，您无法从http://www.domain1.com的页面或服务器上读取或设置其他域的cookie.

In a nutshell, you can't set a cookie in a browser or read a cookie for a site that you do not control the server for or have your own client code in that page. The cookie system is designed that way on purpose for security reasons. So, from a page or server for http://www.domain1.com, you cannot read or set cookies for some other domain.

如果两个域的页面中都有代码，则可以将一些信息传递给第二个页面(最有可能作为查询参数)，该信息告诉重定向页面中的代码采取某些措施(例如设置Cookie). ，但是您必须控制第二页中的Javascript或服务器才能执行此操作.

If you have code in the pages of both domains, then you can pass some info to the second page (most likely as a query parameter) that tells the code in the redirected page to take some action (like set a cookie), but you must control the Javascript or server in that second page in order to be able to do that.

您的nodejs代码中的cookie出现在当前请求/响应上，这意味着当浏览器处理来自当前请求的响应时，该cookie与浏览器中的该域相关联.

The cookie in your nodejs code goes on the current request/response which means it is associated with that domain in the browser when the response from the current request is processed by the browser.

res.redirect(...)返回带有新URL的302响应作为对当前请求的响应.然后，浏览器将看到此响应代码，并向新页面发出新的Web请求.您不能从服务器为该新域设置cookie，除非您也为该域拥有服务器.这是cookie安全性的基本方面.只能通过浏览器中的Javascript从与Cookie所属来源相同的页面访问Cookie，并且服务器只能在其正在处理的特定请求中为特定来源设置Cookie.

res.redirect(...) returns a 302 response with a new URL as the response to the current request. The browser then sees this response code and makes a new web request to the new page. You cannot set cookies from the server for that new domain unless you have the server for that domain also. This is a fundamental aspect of cookie security. Cookies can only be accessed via Javascript in the browser from the page in the same origin as the cookie belongs and servers can only set cookies for the particular origin in the particular request that they are processing.

这篇关于如何在Express JS中使用Cookie重定向到其他域的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！