在sails.js应用中设置安全Cookie [英] set secure cookie in sails.js app

问题描述

配置sails.js以设置安全Cookie的方式是什么？我们使用redis来保持会话状态。需要sails.js指定的方式（而不是一些Express中间件选项）。最后，我想要在Chrome浏览器Cookie视图中的安全列检查应用程序的Cookie：

在文档中没有明确提及如何做：

http://sailsjs.org/#!/documentation/reference/sails.config/sails.config.session.html

有一个 ssl 配置选项，但是使用 ssl：true 部署应用程序没有产生所需的结果：

  module.exports.session = {
 ... 
 ssl：true 
 ... 
 } 
  

ssl 但是我认为它与签名cookie有关。

编辑：在屏幕截图中，我从localhost无HTTPS服务，但此应用程序是从使用HTTPS的生产服务器并且观察到相同的行为

解决方案

Sails使用express.session处理会话cookie，因此您可以通过设置 cookie：{secure：true}

$ b

您需要使用HTTPS Express href =https://github.com/expressjs/session#cookie-options>设置Cookie

它需要启用https的网站，即，对于安全的
Cookie，需要HTTPS。如果设置了安全，并且您通过HTTP访问您的网站，则
将不会设置该Cookie。

代表您的Web服务器执行SSL终止的代理后面通过在config / http.js中添加以下中间件启用express 信任代理选项

  module.exports.http = {
 customMiddleware：function（app）{
 app.enable（'trust proxy'）; 
} 
}; 
  

What is the way to configure sails.js to set secure cookies? We are using redis to persist session state. The sails.js prescribed way (rather than some Express middleware option) is desired. Ultimately, I want the "secure" column in the Chrome cookies view to be checked for the app's cookie:

In the docs, there is no explicit mention of how to do this:

http://sailsjs.org/#!/documentation/reference/sails.config/sails.config.session.html

There is an ssl config option, but deploying the app with ssl: true did not produce the desired result:

module.exports.session = {
  ...
  ssl: true
  ...
}

The ssl option isn't documented either, but I assume it has something to do with signing cookies instead.

edit: in the screen shot, I'm serving from localhost without HTTPS, but this app is being served from a production server using HTTPS and the same behavior is observed

解决方案

Sails uses express.session to handle session cookies, therefore you can enable secure cookies by setting cookie: { secure: true } in config/session.js

You need to use HTTPS for express to set the cookie

it requires an https-enabled website, i.e., HTTPS is necessary for secure cookies. If secure is set, and you access your site over HTTP, the cookie will not be set.

If you are behind a proxy that does SSL termination on behalf of your web server enable express trust proxy option by adding the following middleware in config/http.js

    module.exports.http = {
      customMiddleware: function(app) {
        app.enable('trust proxy');
      }
    }; 

这篇关于在sails.js应用中设置安全Cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！