未存储 SetCookie 标头 [英] SetCookie header not stored

问题描述

我目前正在制作一个 Web 应用程序，其中 API 使用 node/express.js，前端使用 Vue.js.

I'm currently making a web app with node/express.js for the API and Vue.js for the front-end.

对于身份验证，我设置了 JWT 并通过 cookie (HttpOnly) 发送值.SetCookie"在 Chrome/Firefox 调试器的响应请求中，但显然它没有存储在任何地方！当我尝试发出需要 cookie 的请求时，请求标头不包含任何 cookie.我真的不明白为什么:/.经过一番研究，我以为是因为我在localhost上工作，所以我将我的服务器移到了云端，并通过修改hosts文件为前端设置了一个假域，但它仍然不起作用.

For the authentication, I set a JWT and send the value via a cookie (HttpOnly). The "SetCookie" is in the response request in Chrome/Firefox debugger but apparently it is not stored anywhere ! When I try to make requests which need the cookie, the requests headers don't contain any cookie. I really don't understand why :/. After some researches, I thought it was because I was working on localhost, so I moved my server on the cloud and set a false domain for the front by modifying the hosts file, but it still doesn't work.

这里是响应请求的示例:响应头

here an example of response request : Response header

在服务器上设置 cookie:

res.cookie('token', token, {
     path: '/',
     domain: '.shareinfo.io',
     httpOnly: true, 
     maxAge: 86400000 // 24h
});

如果有人有想法或解决方案，那就太好了！

If someone has an idea or a solution, it would be very nice !

谢谢，问候，

阿尔维尔

推荐答案

终于，在我的电脑上撞了几下头并在论坛上研究后，我发现了这个问题.

FINALLY, after some head bangs on my computer and researches on forums, I found the issue.

我忽略了客户端请求的凭据，认为这对身份验证并不重要，但这是一个巨大的错误.

I ignored credentials on client request, thinking it was not important for authentication, but it was a huge mistake.

实际上凭据包括 cookie，因此如果您在向服务器/API 发出请求时未将凭据设置为true"，则所有返回的 cookie 都将被忽略.您必须在服务器和客户端上授权凭据.

In fact credentials include cookies, so if you don't set credentials to 'true' when you make your request to your server/API, all returned cookies will be ignored. you have to authorize credentials both on your server and client.

所以最终的代码是将此选项变量添加到我的 POST 请求中:(使用 Vue.js)

so the final code was to add this option variable to my POST request : (with Vue.js)

//Request options (CORS)
    var options = {
        headers: {
        },
        credentials: true
    };

//Make your HTTP request:
    this.$http.post(<url>, payload, options).then((response) => {
        //success
    }, (response) => {
        //error
    });

这篇关于未存储 SetCookie 标头的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！