快速会话安全 Cookie 不起作用 [英] Express-session Secure Cookies not working

问题描述

当不使用安全 cookie true 设置时，我的应用程序用户登录工作正常.当我启用安全 cookie 时，登录似乎顺利通过，但似乎 cookie 未保存且用户未登录.

When not using secure cookie true setting, my app user login works fine. When I enable secure cookies, the login appears to go through fine, but it seems the cookie is not saved and the user is not logged in.

换句话说，这是有效的:

In other words, this works:

app = express();
app.use(session({
    secret: 'secret code',
    store: sessionStore,
    resave: false,
    saveUninitialized: false,
    cookie: {
        secure: false,
        maxAge: 5184000000 // 60 days
        }
}));

这不起作用(用户无法登录):

This does not work (user isn't able to log in):

app = express();
app.set('trust proxy');
app.use(session({
    secret: config.cookieSecret,
    store: sessionStore,
    resave: false,
    saveUninitialized: false,
    proxy: true,
    secureProxy: true,
    cookie: {
        secure: true,
        httpOnly: true,
        maxAge: 5184000000 // 60 days
        }
}));

在 cloudflare 和 nginx 背后.这是在我的 nginx 配置中:

Behind cloudflare and nginx. This is in my nginx config:

location ~ / {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_pass http://localhost:3000;
}

从我读到的，我认为它应该有效.我错过了什么?

From what I read, I think it should work. What am I missing?

我使用有效的 ssl 证书运行 https.

I am running https with a valid ssl cert.

推荐答案

对我有用的设置组合:

• 在nginx服务器配置中，添加proxy_set_header X-Forwarded-Proto $scheme;

• 在 express-session 配置中:

• Inside the nginx server configuration, add proxy_set_header X-Forwarded-Proto $scheme;

• Inside the express-session configuration:

server.use(
  session({
    proxy: true, // NODE_ENV === 'production'
    cookie: {
      secure: true, // NODE_ENV === 'production'
    },
    // everything else
  })
);

这篇关于快速会话安全 Cookie 不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！