Safari中的Express会话为空 [英] Express session is empty in Safari
问题描述
我正在用express构建一个Node.js应用程序.我使用快速会话进行会话.我在会话中存储的数据在IE,Chrome和Firefox中可用.但是在Safari中,会话一直都是空的.因此,当我执行console.log(req.session)
时,它会打印:
I'm building a Node.js application with express. I use express-session for sessions. The data I store in a session is available in IE, Chrome and Firefox. But in Safari the session is empty all the time. So when I do console.log(req.session)
it prints:
Session {
cookie: {
path: '/',
_expires: null,
originalMaxAge: null,
httpOnly: true,
secure: true
},
userHasCheckCorrect: true
}
这是我在server.js中的设置
This are my settings in server.js
app.use(session({
secret: process.env.SESSION_SECRET,
resave: false,
saveUninitialized: true,
cookie: {
secure: true,
httpOnly: true
}
}));
这是具有SSL证书的服务器,因此它是HTTPS域.使用HTTP似乎可以在Safari中正常工作.我在这里做错了什么?有我缺少的设置吗?我看过很多地方,但找不到答案.为何它能在所有期望使用Safari的浏览器中正常工作?
It's a server with SSL certificate so it's a HTTPS domain. With HTTP it seems to work fine in Safari. What am I doing wrong here? Is there a setting I'm missing? I've looked on many places but couldn't find the answer yet. And why does it work in all browsers expect for Safari?
推荐答案
使用Safari时,必须在请求标头中传递凭据:包括",否则不会发送cookie.
With Safari it is required to pass in credentials: 'include' in request header, otherwise it doesn't send cookies.
在设置会话中间件之后,您可能还想通过以下方式设置全局响应标头:
You might also want to set a global response header after your set your session middleware by something like this:
app.use(function(req, res, next) {
res.set('credentials', 'include');
res.set('Access-Control-Allow-Credentials', true);
res.set('Access-Control-Allow-Origin', req.headers.origin);
res.set('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
res.set('Access-Control-Allow-Headers', 'X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept');
next();
});
这篇关于Safari中的Express会话为空的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!