返回请求后无法识别 Cookie
Cookie not being recognized after request is returned
我有一个请求正在发送到服务器,其中 returns 一个带有响应的 cookie。据我了解,cookie 应该由浏览器自动处理(至少使用 AXIOS)?好像存储到一定容量了,但是不知为什么document.cookie没有输出。
这是管理 cookie 相关路由的内容:
function requirePasscode (to, from, next) {
console.log(document.cookie);
if (document.cookie.indexOf('passcode_cookie') > -1) {
console.log('This should be working');
next(true);
} else {
next ({
path: '/authenticate/' + to.params.id,
query: {
redirect: to.fullPath
}
})
}
}
发送请求的代码如下:
authenticateUser: function() {
var data = {
'id' : this.$route.params.id,
'passcode' : this.state.password,
};
var that = this;
axios.post('/api/authenticate', data).then(function(response) {
swal('Great!', 'You have been authenticated.', 'success');
that.$router.push('/test/' + that.$route.params.id);
}, function(error) {
swal('Woah!', 'Wrong password, go away.', 'error');
});
}
这是在 chrome 开发工具中看到的请求:
POST /api/authenticate HTTP/1.1
Host: testing.dev
Connection: keep-alive
Content-Length: 28
Origin: http://testing.dev
X-XSRF-TOKEN: eyJpdiI6IjQxNzZwTkJwOSt1aHJFN1hXWUxXQkE9PSIsInZhbHVlIjoidStZQTlWSlRhYThIXC9YYjFwK1E0bGROaEI3cVRLVGdGTW5YSkxwc0thdk8wYythOUpFRWhseFBpbEV2RU1lZWpQbm4xeUU2RGh5ckhpK1RwUE9nQmhnPT0iLCJtYWMiOiI0NThjZmJkOWJlY2ZhN2M4OGUwNzVlYTIyYzFmMDQxN2VlNDU5NGVmMmUwODFhOTMzMzMyNjE4MzIyNTI4OWY5In0=
X-CSRF-TOKEN: zjafXGptCKWSwHCVFBydBgTL63HnngVRCqLgRLXY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36
Content-Type: application/json;charset=UTF-8
Accept: application/json, text/plain, */*
X-Requested-With: XMLHttpRequest
Referer: http://testing.dev/authenticate/1?redirect=%2Ftest%2F1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8
Cookie: laravel_token=eyJpdiI6IlVPc2VPYUdkNlM2SG1ZK1VqMFFCUnc9PSIsInZhbHVlIjoiN2FnNjQ0WXBCY2RBcFQ5RUVpZWMxbEl3NkM3ZXZKM0oxd3UrNHpUSlJUR2JXVnpcL0RBMFIrbkZBMVRlMDlEbE94TVp3UmRwMFlBNm1mV05LRnA1WTVzeTBCdlV6M3pmQUNJQjlRdXZhVTdEbzRjXC9DK3VGK2FJVGpTeXBCU1dOd3pGNng1M3c0RXVsSU5mQ3FVR1l4MFl5M0tZXC9tVGcyNDE5RFZpRUhmUk5CNUtqaTE0aFpyMUYxQ09IdnRPelBNSlY0T2RJbW85RDlTUzFWK2Y2TzYyaG5OSnlyaHdJb2FDQVRvRlNjMWVYbkc1TFAwNnZcL1FZM2JPeng0bURsQ0s0cDJZVzBZaktlVXlCd3FpdjRhM1VBPT0iLCJtYWMiOiI4ODZkYjQ0NWZiNzY0N2I0N2Y0ZjBhNWExNzcyMzVmMmNjNDM2NzMyYjI4N2Y4YzczYzRiYjY0NDJjZTE3MDJkIn0%3D; XSRF-TOKEN=eyJpdiI6IjQxNzZwTkJwOSt1aHJFN1hXWUxXQkE9PSIsInZhbHVlIjoidStZQTlWSlRhYThIXC9YYjFwK1E0bGROaEI3cVRLVGdGTW5YSkxwc0thdk8wYythOUpFRWhseFBpbEV2RU1lZWpQbm4xeUU2RGh5ckhpK1RwUE9nQmhnPT0iLCJtYWMiOiI0NThjZmJkOWJlY2ZhN2M4OGUwNzVlYTIyYzFmMDQxN2VlNDU5NGVmMmUwODFhOTMzMzMyNjE4MzIyNTI4OWY5In0%3D; laravel_session=eyJpdiI6IllSTkY5b0NGb0YwWFcyZGYwenJPaXc9PSIsInZhbHVlIjoiUEx5Nm9XRmY5SXArMkY2REFZbDBkdmppd1FZaVVqWGhoc3loblhRYVY2dGg2Q1RKTnIwdU1MZ25WZnlDRWVvNVIzeVdzOFdUcEJSeTk3c0xCbUwrTlE9PSIsIm1hYyI6IjEwMzRkMmYyOGZhZjg5ZGIwMmZlNmY4OTBjMWI2MGVlMWE3OTdhMjRhMGNjNWRkNTBiNWYzNDc2MmMyZmE5MTIifQ%3D%3D
这是返回的响应:
HTTP/1.1 200 OK
Date: Tue, 18 Jul 2017 18:08:35 GMT
Server: Apache/2.4.25 (Win64) OpenSSL/1.0.2k PHP/7.1.5
X-Powered-By: PHP/7.1.5
Cache-Control: no-cache, private
Set-Cookie: passcode_cookie=1337; expires=Tue, 18-Jul-2017 19:48:35 GMT; Max-Age=6000; path=/; HttpOnly
Content-Length: 7
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
似乎正在存储 cookie:
但是,console.log(document.cookie) returns 如下:
XSRF-TOKEN=eyJpdiI6InlvYk9RMkJ4c21zWmtoZ29PMlloNXc9PSIsInZhbHVlIjoiM1VjSDhnRU5PR284cmF0RTNqWEVSY3pcL3R5VFBFNW5GYkljOXVKUG5IMnh1aTM3R0ord2lSeHdLTEVxWndKZVIxeGppcERVSFVzUVwvY3RZQ1J5Zm4zUT09IiwibWFjIjoiYTRlMzc1NjJiMDhmNGEzOGZjYzE4NzkwYjY3ZmUwZjBlMWQwNjZiNGJmZWY3YTUwYzI3MTVkZDcxY2QyYWNjOSJ9
似乎 XSRF 令牌是唯一被返回的东西。关于为什么会发生这种情况的任何想法?
这花了一段时间才弄清楚,但问题出在 Laravel 5 制作 cookie 的方式上。似乎 http_only 默认启用。
这篇 question here 描述了问题并提供了一些解决方案。
我有一个请求正在发送到服务器,其中 returns 一个带有响应的 cookie。据我了解,cookie 应该由浏览器自动处理(至少使用 AXIOS)?好像存储到一定容量了,但是不知为什么document.cookie没有输出。
这是管理 cookie 相关路由的内容:
function requirePasscode (to, from, next) {
console.log(document.cookie);
if (document.cookie.indexOf('passcode_cookie') > -1) {
console.log('This should be working');
next(true);
} else {
next ({
path: '/authenticate/' + to.params.id,
query: {
redirect: to.fullPath
}
})
}
}
发送请求的代码如下:
authenticateUser: function() {
var data = {
'id' : this.$route.params.id,
'passcode' : this.state.password,
};
var that = this;
axios.post('/api/authenticate', data).then(function(response) {
swal('Great!', 'You have been authenticated.', 'success');
that.$router.push('/test/' + that.$route.params.id);
}, function(error) {
swal('Woah!', 'Wrong password, go away.', 'error');
});
}
这是在 chrome 开发工具中看到的请求:
POST /api/authenticate HTTP/1.1
Host: testing.dev
Connection: keep-alive
Content-Length: 28
Origin: http://testing.dev
X-XSRF-TOKEN: eyJpdiI6IjQxNzZwTkJwOSt1aHJFN1hXWUxXQkE9PSIsInZhbHVlIjoidStZQTlWSlRhYThIXC9YYjFwK1E0bGROaEI3cVRLVGdGTW5YSkxwc0thdk8wYythOUpFRWhseFBpbEV2RU1lZWpQbm4xeUU2RGh5ckhpK1RwUE9nQmhnPT0iLCJtYWMiOiI0NThjZmJkOWJlY2ZhN2M4OGUwNzVlYTIyYzFmMDQxN2VlNDU5NGVmMmUwODFhOTMzMzMyNjE4MzIyNTI4OWY5In0=
X-CSRF-TOKEN: zjafXGptCKWSwHCVFBydBgTL63HnngVRCqLgRLXY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36
Content-Type: application/json;charset=UTF-8
Accept: application/json, text/plain, */*
X-Requested-With: XMLHttpRequest
Referer: http://testing.dev/authenticate/1?redirect=%2Ftest%2F1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8
Cookie: laravel_token=eyJpdiI6IlVPc2VPYUdkNlM2SG1ZK1VqMFFCUnc9PSIsInZhbHVlIjoiN2FnNjQ0WXBCY2RBcFQ5RUVpZWMxbEl3NkM3ZXZKM0oxd3UrNHpUSlJUR2JXVnpcL0RBMFIrbkZBMVRlMDlEbE94TVp3UmRwMFlBNm1mV05LRnA1WTVzeTBCdlV6M3pmQUNJQjlRdXZhVTdEbzRjXC9DK3VGK2FJVGpTeXBCU1dOd3pGNng1M3c0RXVsSU5mQ3FVR1l4MFl5M0tZXC9tVGcyNDE5RFZpRUhmUk5CNUtqaTE0aFpyMUYxQ09IdnRPelBNSlY0T2RJbW85RDlTUzFWK2Y2TzYyaG5OSnlyaHdJb2FDQVRvRlNjMWVYbkc1TFAwNnZcL1FZM2JPeng0bURsQ0s0cDJZVzBZaktlVXlCd3FpdjRhM1VBPT0iLCJtYWMiOiI4ODZkYjQ0NWZiNzY0N2I0N2Y0ZjBhNWExNzcyMzVmMmNjNDM2NzMyYjI4N2Y4YzczYzRiYjY0NDJjZTE3MDJkIn0%3D; XSRF-TOKEN=eyJpdiI6IjQxNzZwTkJwOSt1aHJFN1hXWUxXQkE9PSIsInZhbHVlIjoidStZQTlWSlRhYThIXC9YYjFwK1E0bGROaEI3cVRLVGdGTW5YSkxwc0thdk8wYythOUpFRWhseFBpbEV2RU1lZWpQbm4xeUU2RGh5ckhpK1RwUE9nQmhnPT0iLCJtYWMiOiI0NThjZmJkOWJlY2ZhN2M4OGUwNzVlYTIyYzFmMDQxN2VlNDU5NGVmMmUwODFhOTMzMzMyNjE4MzIyNTI4OWY5In0%3D; laravel_session=eyJpdiI6IllSTkY5b0NGb0YwWFcyZGYwenJPaXc9PSIsInZhbHVlIjoiUEx5Nm9XRmY5SXArMkY2REFZbDBkdmppd1FZaVVqWGhoc3loblhRYVY2dGg2Q1RKTnIwdU1MZ25WZnlDRWVvNVIzeVdzOFdUcEJSeTk3c0xCbUwrTlE9PSIsIm1hYyI6IjEwMzRkMmYyOGZhZjg5ZGIwMmZlNmY4OTBjMWI2MGVlMWE3OTdhMjRhMGNjNWRkNTBiNWYzNDc2MmMyZmE5MTIifQ%3D%3D
这是返回的响应:
HTTP/1.1 200 OK
Date: Tue, 18 Jul 2017 18:08:35 GMT
Server: Apache/2.4.25 (Win64) OpenSSL/1.0.2k PHP/7.1.5
X-Powered-By: PHP/7.1.5
Cache-Control: no-cache, private
Set-Cookie: passcode_cookie=1337; expires=Tue, 18-Jul-2017 19:48:35 GMT; Max-Age=6000; path=/; HttpOnly
Content-Length: 7
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
似乎正在存储 cookie:
但是,console.log(document.cookie) returns 如下:
XSRF-TOKEN=eyJpdiI6InlvYk9RMkJ4c21zWmtoZ29PMlloNXc9PSIsInZhbHVlIjoiM1VjSDhnRU5PR284cmF0RTNqWEVSY3pcL3R5VFBFNW5GYkljOXVKUG5IMnh1aTM3R0ord2lSeHdLTEVxWndKZVIxeGppcERVSFVzUVwvY3RZQ1J5Zm4zUT09IiwibWFjIjoiYTRlMzc1NjJiMDhmNGEzOGZjYzE4NzkwYjY3ZmUwZjBlMWQwNjZiNGJmZWY3YTUwYzI3MTVkZDcxY2QyYWNjOSJ9
似乎 XSRF 令牌是唯一被返回的东西。关于为什么会发生这种情况的任何想法?
这花了一段时间才弄清楚,但问题出在 Laravel 5 制作 cookie 的方式上。似乎 http_only 默认启用。
这篇 question here 描述了问题并提供了一些解决方案。