Express.js 4在Nginx代理后面的每个CORS请求上重新生成会话ID

时间:2014-06-16 06:44:08

标签: node.js cookies express nginx cors

我在Nginx代理后面有几个NodeJS(Express 4)服务器。一切正常,除了cookies:在每个ajax CORS请求时,我似乎在返回的Set-Cookie标头中获得了一个新的重新生成的会话ID值。

我已经工作了几个小时,看了几十个网站。即使这似乎没有帮助: Node.js + Nginx - What now?

My Nginx侦听端口80,并定义多个服务器,每个子域一个:myapp.local,api.myapp.local,static.myapp.local。

我的NodeJS Express 4服务器每个都听一个不同的端口(8081,8082,...)

当从myapp.local调用ajax中的api.myapp.local / login时,我收到了正确的数据和会话ID,但在响应中我似乎有一个新生成的会话ID,这会弄乱一切并阻止我健康的会议。

以下是我的api.myapp.local服务器的配置文件:

server {
    listen      80;
    server_name api.myapp.local;

    error_log   logs/api.error.log notice;
    access_log  logs/api.access.log;

    location / {
        if ($request_method !~ ^(GET|HEAD|POST|OPTIONS)$ ) {
            return 405;
        }

        if ($request_method = 'OPTIONS') {
            add_header 'Access-Control-Allow-Origin' "$http_origin";
            add_header 'Access-Control-Allow-Credentials' 'true';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, HEAD, OPTIONS';
            add_header 'Access-Control-Allow-Headers' 'Referer,Accept,Origin,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,X-HTTP-Method-Override,If-Modified-Since,Cache-Control,Content-Type,Cookie';
            add_header 'Access-Control-Max-Age' 1728000;
            add_header 'Content-Type' 'text/plain charset=UTF-8';
            add_header 'Content-Length' 0;
            return 204;
        }

        if ($request_method = 'POST') {
            add_header 'Access-Control-Allow-Origin' "$http_origin";
            add_header 'Access-Control-Allow-Credentials' 'true';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, HEAD, OPTIONS';
            add_header 'Access-Control-Allow-Headers' 'Referer,Accept,Origin,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,X-HTTP-Method-Override,If-Modified-Since,Cache-Control,Content-Type,Cookie';
            add_header 'Access-Control-Max-Age' 1728000;
        }

        if ($request_method = 'GET') {
            add_header 'Access-Control-Allow-Origin' "$http_origin";
            add_header 'Access-Control-Allow-Credentials' 'true';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, HEAD, OPTIONS';
            add_header 'Access-Control-Allow-Headers' 'Referer,Accept,Origin,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,X-HTTP-Method-Override,If-Modified-Since,Cache-Control,Content-Type,Cookie';
            add_header 'Access-Control-Max-Age' 1728000;
        }

        proxy_pass http://localhost:8081;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header X-NginX-Proxy true;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto  $scheme;
    }
}

这是我的NodeJS服务器(直截了当):

var app = express();

app.enable('trust proxy');

/**
 * Session
 */
require('../common/webapp_session.js')(app, conf);


var iPort = process.env.PORT || conf.port;
app.listen(iPort);

console.log('API on port ' + iPort);

现在我的会话内容(在webapp_session.js中):

app.use(cookieParser());
console.log('** COOKIE SESSION');
console.log(conf.cookie);
app.use(session({
    secret: conf.cookie.secret,
    name: conf.cookie.name,
    cookie: {secure: conf.cookie.secure, domain: conf.cookie.domain, maxAge: 1000*60*60*24}
}));

最后我的ajax电话:

$.ajax('http://api.myapp.local/login',
{
    type: 'POST',
    data: oForm.serialize(),
    crossDomain: true,
    xhrFields: {
        withCredentials: true
    },
    success: function(res)
    {
            // ...
    }
});

编辑:忘记了会话的快速配置:

{ cookie:
   { path: '/',
     _expires: Mon Jun 16 2014 23:24:06 GMT+0200 (Paris, Madrid (heure d’été)),
     originalMaxAge: 86400000,
     httpOnly: true,
     secure: false,
     domain: '.myapp.local' } }

非常感谢您提供任何帮助,我对这个问题很生气: - /

0 个答案:

没有答案
相关问题
最新问题