我的 cookie 必须在与 cookie-session 和节点 js 和 express 的会话结束时过期
My cookie must expired at the end of the session with cookie-session and node js and express
我使用 cookie-session for express 和 node js 的会话 cookie 有问题
当我关闭浏览器时,会话的 cookie 没有被删除
app.use(cookieSession({
name: 'session',
keys: ['key1', 'key2'],
secret: 'secret',
cookie: {
secure: true,
domain:"lucie-oreo.fr",
httpOnly: false,
path: '/'
expires:false //I tried with null ,0
}
}));
我不明白为什么cookies没有被删除
感谢帮助我:)
即使您重新启动浏览器,浏览器也可以存储 cookie。您必须发送额外的 header 信息,可以是过去的日期,以确保它在 session 结束时过期或禁止缓存 cookie,这可以通过 Cache-Control: private 或 Cache-Control: no-cache="set-cookie" 指令。
- Session cookies are deleted when the current session ends. The browser defines when the "current session" ends, and some browsers use session restoring when restarting, which can cause session cookies to last indefinitely long.
RFC 2109 第 4.2.3 节说:
If the cookie is intended for use by a single user, the Set-cookie header should not be cached. A Set-cookie header that is intended to be shared by multiple users may be cached.
The origin server should send the following additional HTTP/1.1 response headers, depending on circumstances:
- To suppress caching of the Set-Cookie header: Cache-control: no-cache="set-cookie".
我使用 cookie-session for express 和 node js 的会话 cookie 有问题 当我关闭浏览器时,会话的 cookie 没有被删除
app.use(cookieSession({
name: 'session',
keys: ['key1', 'key2'],
secret: 'secret',
cookie: {
secure: true,
domain:"lucie-oreo.fr",
httpOnly: false,
path: '/'
expires:false //I tried with null ,0
}
}));
我不明白为什么cookies没有被删除 感谢帮助我:)
即使您重新启动浏览器,浏览器也可以存储 cookie。您必须发送额外的 header 信息,可以是过去的日期,以确保它在 session 结束时过期或禁止缓存 cookie,这可以通过 Cache-Control: private 或 Cache-Control: no-cache="set-cookie" 指令。
- Session cookies are deleted when the current session ends. The browser defines when the "current session" ends, and some browsers use session restoring when restarting, which can cause session cookies to last indefinitely long.
RFC 2109 第 4.2.3 节说:
If the cookie is intended for use by a single user, the Set-cookie header should not be cached. A Set-cookie header that is intended to be shared by multiple users may be cached.
The origin server should send the following additional HTTP/1.1 response headers, depending on circumstances:
- To suppress caching of the Set-Cookie header: Cache-control: no-cache="set-cookie".