如何根据请求源设置 express-session 中的域属性?
How can I set the domain attribute in express-session based on the request origin?
我正在使用快递 session。我设置域 domain: 'mydomain.com'
以便 session cookie 可以在子域之间设置 - 如 api.mydomain.com 和 staging.mydomain.com.
但这会阻止 Set-Cookie
header 在使用本地主机前端进行测试时设置 cookie。我得到 Set-Cookie was blocked because its Domain attribute was invalid with regards to the current host url.
所以如果源是本地主机,我需要将域属性更改为本地主机。
如果我有条件地设置域,我们将无法访问 req
:
app.use(session({
secret: 'very secret 12345',
resave: true,
saveUninitialized: false,
store: new MongoStore({ mongooseConnection: mongoose.connection }),
cookie: {
domain:
req.get('origin').slice(0, 17) === 'http://localhost:' ? 'localhost' : 'mydomain.com',
secure: true,
httpOnly: true,
sameSite: none,
},
})
);
这个returnsReferenceError: req is not defined
.
所以我尝试在自定义中间件中调用 session
以访问 req
:
app.use((req, res, next) =>
session({
secret: 'very secret 12345',
resave: true,
saveUninitialized: false,
store: new MongoStore({ mongooseConnection: mongoose.connection }),
cookie: {
domain:
req.get('origin').slice(0, 17) === 'http://localhost:' ? 'localhost' : 'mydomain.com',
secure: true,
httpOnly: true,
sameSite: none,
},
})
);
但是没用。这样看来,res
、req
和 next
不会传递到 session()
returns 的中间件函数。我还尝试调用返回 -session({..options..})()
的函数 session()
,但这也不起作用。
如何根据请求来源设置域属性?
我必须调用该函数并传入 req
、res
和 next
app.use((req, res, next) =>
session({
secret: 'very secret 12345', // to do, make environment variable for production
resave: true,
saveUninitialized: false,
store: new MongoStore({ mongooseConnection: mongoose.connection }),
cookie: {
domain:
req.get('origin').slice(0, 17) === 'http://localhost:' ? 'localhost' : 'mydomain.com',
secure: true,
httpOnly: true,
sameSite: none,
},
},
})(req, res, next)
);
我正在使用快递 session。我设置域 domain: 'mydomain.com'
以便 session cookie 可以在子域之间设置 - 如 api.mydomain.com 和 staging.mydomain.com.
但这会阻止 Set-Cookie
header 在使用本地主机前端进行测试时设置 cookie。我得到 Set-Cookie was blocked because its Domain attribute was invalid with regards to the current host url.
所以如果源是本地主机,我需要将域属性更改为本地主机。
如果我有条件地设置域,我们将无法访问 req
:
app.use(session({
secret: 'very secret 12345',
resave: true,
saveUninitialized: false,
store: new MongoStore({ mongooseConnection: mongoose.connection }),
cookie: {
domain:
req.get('origin').slice(0, 17) === 'http://localhost:' ? 'localhost' : 'mydomain.com',
secure: true,
httpOnly: true,
sameSite: none,
},
})
);
这个returnsReferenceError: req is not defined
.
所以我尝试在自定义中间件中调用 session
以访问 req
:
app.use((req, res, next) =>
session({
secret: 'very secret 12345',
resave: true,
saveUninitialized: false,
store: new MongoStore({ mongooseConnection: mongoose.connection }),
cookie: {
domain:
req.get('origin').slice(0, 17) === 'http://localhost:' ? 'localhost' : 'mydomain.com',
secure: true,
httpOnly: true,
sameSite: none,
},
})
);
但是没用。这样看来,res
、req
和 next
不会传递到 session()
returns 的中间件函数。我还尝试调用返回 -session({..options..})()
的函数 session()
,但这也不起作用。
如何根据请求来源设置域属性?
我必须调用该函数并传入 req
、res
和 next
app.use((req, res, next) =>
session({
secret: 'very secret 12345', // to do, make environment variable for production
resave: true,
saveUninitialized: false,
store: new MongoStore({ mongooseConnection: mongoose.connection }),
cookie: {
domain:
req.get('origin').slice(0, 17) === 'http://localhost:' ? 'localhost' : 'mydomain.com',
secure: true,
httpOnly: true,
sameSite: none,
},
},
})(req, res, next)
);