我正在使用快速会话。它在本地运行良好,但是当我将其部署到生产环境时,前端(frontend.example.com)不会保留从API(api.example.com)返回的cookie。我用withCredentials:true(axios)发出前端请求。这是我在后端的代码(为简洁起见进行了编辑):
const cors = require('cors');
var session = require('express-session');
var SequelizeStore = require('connect-session-sequelize')(session.Store);
const sessionStore = new SequelizeStore({
db: db.sequelize,
checkExpirationInterval: 15 * 60 * 1000, // The interval at which to cleanup expired sessions in milliseconds.
expiration: sessionExpiration,
});
sessionStore.sync();
const app = express();
// corsOrigin is a function that returns a matching domain
app.use(cors({ origin: corsOrigin, credentials: true }));
app.use(
session({
name: 'sid',
secret: process.env.SESSION_SECRET,
store: sessionStore,
saveUninitialized: true,
resave: false,
proxy: false,
cookie: {
maxAge: sessionExpiration,
httpOnly: false,
domain: '.example.com',
secure: false,
},
})
);
我认为这是一个子域/跨域问题,但是我希望domain: '.example.com'能解决该问题。有什么想法吗?