Safari中的Express会话为空 [英] Express session is empty in Safari

问题描述

我正在用express构建一个Node.js应用程序.我使用快速会话进行会话.我在会话中存储的数据在IE，Chrome和Firefox中可用.但是在Safari中，会话一直都是空的.因此，当我执行console.log(req.session)时，它会打印:

I'm building a Node.js application with express. I use express-session for sessions. The data I store in a session is available in IE, Chrome and Firefox. But in Safari the session is empty all the time. So when I do console.log(req.session) it prints:

Session {
  cookie: { 
    path: '/',
    _expires: null,
    originalMaxAge: null,
    httpOnly: true,
    secure: true 
   },
   userHasCheckCorrect: true 
 }

这是我在server.js中的设置

This are my settings in server.js

app.use(session({
  secret: process.env.SESSION_SECRET,
    resave: false,
    saveUninitialized: true,
    cookie: {
        secure: true,
        httpOnly: true
    }
}));

这是具有SSL证书的服务器，因此它是HTTPS域.使用HTTP似乎可以在Safari中正常工作.我在这里做错了什么?有我缺少的设置吗?我看过很多地方，但找不到答案.为何它能在所有期望使用Safari的浏览器中正常工作?

It's a server with SSL certificate so it's a HTTPS domain. With HTTP it seems to work fine in Safari. What am I doing wrong here? Is there a setting I'm missing? I've looked on many places but couldn't find the answer yet. And why does it work in all browsers expect for Safari?

推荐答案

使用Safari时，必须在请求标头中传递凭据:包括"，否则不会发送cookie.

With Safari it is required to pass in credentials: 'include' in request header, otherwise it doesn't send cookies.

在设置会话中间件之后，您可能还想通过以下方式设置全局响应标头:

You might also want to set a global response header after your set your session middleware by something like this:

app.use(function(req, res, next) {
    res.set('credentials', 'include');
    res.set('Access-Control-Allow-Credentials', true);
    res.set('Access-Control-Allow-Origin', req.headers.origin);
    res.set('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
    res.set('Access-Control-Allow-Headers', 'X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept');
    next();
});

这篇关于Safari中的Express会话为空的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！