如何使用heroku + node.js + express设置安全cookie？ [英] How to set secure cookie using heroku + node.js + express?

问题描述

我有一个node.js应用程序在Cedar堆栈上运行，我很困惑为什么安全的cookie不工作。

I have a node.js app running on the Cedar stack and I'm puzzled why secure cookies don't work.

"express": "3.0.3",
"node": ">=0.8.14",

...
app.use(express.session({
        secret : 'somesecret',
        store : // store works fine, sessions are stored
        key : 'sid',
        cookie : {
            secure : true, // it works without the secure flag (cookie is set)
            proxy : true,  // tried using this as well, no difference
            maxAge: 5184000000 // 2 months
        }
}));
...

在localhost上一切正常，但在heroku以便能够设置安全的cookie。我做错了什么？ 文档表示负载均衡器终止SSL，是否需要在其上配置？

非常感谢。

On localhost everything works fine, but on heroku I don't seem to be able to set a secure cookie. What am I doing wrong? The docs say the load balancer terminates SSL, is it something to configure over there?
thanks a lot

推荐答案

你是正确的，Heroku在到达你的应用程序之前终止SSL。

You are correct that Heroku terminates SSL before it reaches your app. That causes express to see non-ssl traffic, and that's likely why it's refusing to set the cookie when running on Heroku.

Heroku设置了一个 X -Forwarded-Proto 头与原始协议。我没有测试这个，但是根据文档，你必须通过设置信任代理如记录的这里。有关 req.protocol 此处的其他详细信息。

Heroku sets a X-Forwarded-Proto header with the original protocol. I haven't tested this, but according to the documentation, you have to tell express to respect the information in that header by setting trust proxy as documented here. Additional details found under req.protocol here.

这篇关于如何使用heroku + node.js + express设置安全cookie？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！