一天过后,Express4的CSRF令牌问题

时间:2014-09-03 13:18:25

标签: node.js express

这是我用来配置express的配置。

app.use(cookieParser(config.sessionSecret));
var sessionTimeout = Number(sessionTimeoutValue) * 1000; // convert to miliseconds

var sess = {
    secret            : config.sessionSecret,
    store             : sessionStore, //redis-sentinel
    rolling           : true,
    saveUninitialized : true,
    resave            : true,
    cookie            : {
        maxAge : sessionTimeout
    }
};

app.set('trust proxy', 1); // trust first proxy

var expressSession = session(sess);

app.use(function(req, res, next) {
    if(req.headers.afvapi) {
        // for api calls that do not require web session to be created
        // see : http://stackoverflow.com/questions/21264911/prevent-expressjs-from-creating-a-session-when-requests-contain-an-authorization
        return next();
    }

    expressSession(req, res, next);
});

app.use(csrf());

app.use(function(req, res, next) {
    res.cookie('XSRF-TOKEN', req.csrfToken());
    var sess = req.session;
    if(sess) {
        req.session.cookie.expires = false;
    }
    next();
});

使用上述conf,我的应用程序运行了一天,但经过一段随机时间后我开始出现以下错误

Error: invalid csrf token
    at verifytoken (/tools/prod/generic_i386_linux-20140217T1439/lib/node_modules/afv/node_modules/csurf/index.js:211:13)
    at Layer.csrf [as handle] (/tools/prod/generic_i386_linux-20140217T1439/lib/node_modules/afv/node_modules/csurf/index.js:86:5)
    at trim_prefix (/tools/prod/generic_i386_linux-20140217T1439/lib/node_modules/express/lib/router/index.js:254:17)
    at /tools/prod/generic_i386_linux-20140217T1439/lib/node_modules/express/lib/router/index.js:216:9
    at Function.proto.process_params (/tools/prod/generic_i386_linux-20140217T1439/lib/node_modules/express/lib/router/index.js:286:12)
    at next (/tools/prod/generic_i386_linux-20140217T1439/lib/node_modules/express/lib/router/index.js:207:19)
    at session (/tools/prod/generic_i386_linux-20140217T1439/lib/node_modules/express-session/index.js:258:7)
    at Layer.handle (/home/ec2-user/afvconsole/server/config/express.js:112:16)
    at trim_prefix (/tools/prod/generic_i386_linux-20140217T1439/lib/node_modules/express/lib/router/index.js:254:17)
    at /tools/prod/generic_i386_linux-20140217T1439/lib/node_modules/express/lib/router/index.js:216:9

我的配置有问题吗?

0 个答案:

没有答案
相关问题
最新问题