Nginx + Node.js + express.js + passport.js:Subdommain保持身份验证

时间:2015-07-14 16:07:17

标签: javascript node.js express nginx passport.js

我有一个带有以下配置的Nginx服务器 和node.js服务器。

server.js 

app         = express(),
    cookieSession     = require('cookie-session'),
app.use(cookieSession({
    secret: config.session_secret,
    resave: true,
    saveUninitialized: true,
    store: new Redis({
        port: config.redis_port
    }),
    cookie: { max_age: 43200000, domain:"localhost"}
}));

nginx.conf 

worker_processes  1;

    events {
        worker_connections  1024;
    }


    http {
        upstream app {
            server 127.0.0.1:3000;
        }

        server {
            listen       80;
            server_name  localhost;

            client_max_body_size 32m;

            location / {
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $http_host;
                proxy_set_header X-NginX-Proxy true;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_pass http://app/;
                proxy_redirect off;
            }
        }

        server {
            listen       80;
            server_name  sub.localhost;
            client_max_body_size 32m;


            location / {
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $http_host;
                proxy_set_header X-NginX-Proxy true;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_pass http://app/;
                proxy_redirect off;
            }
        }    
    }

我已尝试添加域名:“。localhost”甚至域名:“*。localhost”我也尝试添加

app.use(function(req, res, next){
   // Website you wish to allow to connect

    res.setHeader('Access-Control-Allow-Origin', req.headers.host)
    // Request methods you wish to allow
    res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, PATCH, DELETE');

    // Request headers you wish to allow
    res.setHeader('Access-Control-Allow-Headers', 'X-Requested-With,content-type');

    // Set to true if you need the website to include cookies in the requests sent
    // to the API (e.g. in case you use sessions)
    res.setHeader('Access-Control-Allow-Credentials', true);    
    next();
});

到server.js

问题是,当我在localhost上进行身份验证时,我未在sub.localhost上进行身份验证。

1 个答案:

答案 0 :(得分:0)

来自Login session across subdomains

  

您可以使用:domain:“。app.localhost”,它将起作用。 “domain”参数在域名中需要1个或多个点来设置cookie。

相关问题
最新问题