快速会话安全 Cookie 不起作用 [英] Express-session Secure Cookies not working
问题描述
当不使用安全 cookie true 设置时,我的应用程序用户登录工作正常.当我启用安全 cookie 时,登录似乎顺利通过,但似乎 cookie 未保存且用户未登录.
When not using secure cookie true setting, my app user login works fine. When I enable secure cookies, the login appears to go through fine, but it seems the cookie is not saved and the user is not logged in.
换句话说,这是有效的:
In other words, this works:
app = express();
app.use(session({
secret: 'secret code',
store: sessionStore,
resave: false,
saveUninitialized: false,
cookie: {
secure: false,
maxAge: 5184000000 // 60 days
}
}));
这不起作用(用户无法登录):
This does not work (user isn't able to log in):
app = express();
app.set('trust proxy');
app.use(session({
secret: config.cookieSecret,
store: sessionStore,
resave: false,
saveUninitialized: false,
proxy: true,
secureProxy: true,
cookie: {
secure: true,
httpOnly: true,
maxAge: 5184000000 // 60 days
}
}));
在 cloudflare 和 nginx 背后.这是在我的 nginx 配置中:
Behind cloudflare and nginx. This is in my nginx config:
location ~ / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:3000;
}
从我读到的,我认为它应该有效.我错过了什么?
From what I read, I think it should work. What am I missing?
我使用有效的 ssl 证书运行 https.
I am running https with a valid ssl cert.
推荐答案
对我有用的设置组合:
- 在nginx服务器配置中,添加
proxy_set_header X-Forwarded-Proto $scheme;
在 express-session 配置中:
- Inside the nginx server configuration, add
proxy_set_header X-Forwarded-Proto $scheme;
Inside the express-session configuration:
server.use(
session({
proxy: true, // NODE_ENV === 'production'
cookie: {
secure: true, // NODE_ENV === 'production'
},
// everything else
})
);
这篇关于快速会话安全 Cookie 不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!