手动将Cookie发送给客户端以进行快速会话

时间:2019-04-03 17:27:17

标签: node.js session cookies express-session

这是我的基本设置。

var express = require('express'),
bodyParser = require('body-parser'),
cors = require('cors'),
helmet = require('helmet'),
rateLimit = require('express-rate-limit'),
enrouten = require('express-enrouten'),
session = require('express-session'),
uuid = require('uuid/v4'),
fileStore = require('session-file-store')(session),
passport = require('passport');

//Start express
var app = express();

//Set global variables
global.config = require('./config/config');

//Set up express middleware
app.use([
  //Body Parser middleware
  bodyParser.json(),
  bodyParser.urlencoded({ extended: true }),

  //Disable cors
  cors({
    origin: '*',
    methods: 'GET,HEAD,POST',
    preflightContinue: false,
    credentials: false
  }),

  //Helmet middleware
  helmet({
    framegaurd: {
        action: 'deny'
    },
    hsts: {
        maxAge: 5184000,
        includeSubDomains: true,
        preload: true
    },
    contentSecurityPolicy: {
        directives: {
            defaultSrc: ["'self'"],
            styleSrc: ["'self'", 'maxcdn.bootstrapcdn.com']
        }
    }
  }),

  //Express rate limit middleware
  rateLimit({
    windowMs: 15 * 60 * 1000, // 15 minutes
    max: 100 // limit each IP to 100 requests per windowMs
  }),

  //Session
  session({
    genid: function(req) {
        return uuid();
    },
    store: new fileStore(),
    secret: config.ss,
    resave: false,
    name: 'website',
    saveUninitialized: false,
    cookie: {
        domain: '.website.com',
        secure: true,
        httpOnly: true,
        expires: new Date(Date.now() + 3600000),
        maxAge: 3600000
    },
    path: 'sessions'
  }),

  //Passport
  passport.initialize(),
  passport.session(),

  //Routes
  enrouten({
    directory: 'routes',
    index: 'routes/posts.js'
  })
]);

//Listen
app.listen(process.env.PORT || 4000, function() {
 console.log('Run');
});

我使用护照和bcryptjs对用户https://github.com/jaredhanson/passport-local/进行身份验证

用户通过身份验证后,可以看到该会话是在会话文件夹中创建的。但是,我看不到正在创建具有相应会话ID的cookie。我很好奇我是否以错误的顺序注册了中间件,或者是否需要手动将cookie发送到前端?

我已阅读过cookieParser附带快速会话。

提前谢谢!

编辑-2019年4月4日 我忽略了提到我的请求来自与服务器不同的子域(如上所示)。服务器位于api.website.com上,而请求来自new.website.com。最终,一旦我修复了“所有”的错误,new.website.com将成为website.com

enter image description here

0 个答案:

没有答案
相关问题
最新问题