Cookie 未包含在请求中 header / 服务器端无法读取 req.cookies
Cookie is not included in request header / Server side cannot read req.cookies
我正在学习并为我的博客网站申请身份验证!
我正在使用 express-session
来处理登录。浏览器和服务器会话上的 Cookie 工作正常。
但是,我在 server-side 快递应用 上检索 cookie 时遇到问题。我尝试了以下方法:
- 与 cookie-parser、req.cookies 和 req.signedCookies 都 returns
[Object: null prototype]
。
- 设置 CORS
- req.cookie & req.header.cookie returns
undefined
- 我可以在浏览器网络选项卡的连接中看到“Cookie”header。
我的代码/设置如下:
function auth (req, res, next) {
// Problem: Cannot read browser cookie of HTTP requests.
console.log('Based on browser', req.cookie, req.cookies, req.signedCookies);
next();
}
router.get('/', auth, async (req, res) => { // ... }
中间件
app.use(cors({
origin: ['http://localhost:3000'],
credentials: true
}));
app.use(cookieParser()) // Also tried with secret option.
app.use(session({
secret: 'top-secret',
resave: true,
rolling: true,
saveUninitialized: false,
store: store, // this is working
cookie: {
maxAge: 1000 * 60 * 60 * 24 * 14,
httpOnly: true,
secure: process.env.NODE_ENV !== 'Development',
sameSite: process.env.NODE_ENV === 'Development' ? 'lax' : 'none'
}
}))
提前谢谢你:)
编辑 1:我的获取代码:
如果您只使用 http,您应该考虑两件事:
第一步在客户端请求时:
你应该像这样发送请求:
const req = await fetch("http://localhost:7000/api/auth/login", {
method: "POST",
credentials: "include",
headers: {
"Content-Type": "application/json",
"Access-Control-Allow-Credentials": true,
},
body: JSON.stringify({
email: formData.get("email"),
password: formData.get("password"),
}),
});
const data = await req.json();
表达中的第 2 步:
const allowedOrigins = ["http://localhost:8000"];
const corsOptions = {
origin: function (origin, callback) {
if (allowedOrigins.indexOf(origin) !== -1) {
callback(null, true);
} else {
var msg =
"The CORS policy for this site does not " +
"allow access from the specified Origin.";
callback(new Error(msg), false);
}
},
optionsSuccessStatus: 200,
credentials: true,
};
app.use(cors(corsOptions));
现在您可以使用 req.cookies.nameOfCookiesWhichYouSendThroughCoockieParser
快速获取 cookie
我正在学习并为我的博客网站申请身份验证!
我正在使用 express-session
来处理登录。浏览器和服务器会话上的 Cookie 工作正常。
但是,我在 server-side 快递应用 上检索 cookie 时遇到问题。我尝试了以下方法:
- 与 cookie-parser、req.cookies 和 req.signedCookies 都 returns
[Object: null prototype]
。 - 设置 CORS
- req.cookie & req.header.cookie returns
undefined
- 我可以在浏览器网络选项卡的连接中看到“Cookie”header。
我的代码/设置如下:
function auth (req, res, next) {
// Problem: Cannot read browser cookie of HTTP requests.
console.log('Based on browser', req.cookie, req.cookies, req.signedCookies);
next();
}
router.get('/', auth, async (req, res) => { // ... }
中间件
app.use(cors({
origin: ['http://localhost:3000'],
credentials: true
}));
app.use(cookieParser()) // Also tried with secret option.
app.use(session({
secret: 'top-secret',
resave: true,
rolling: true,
saveUninitialized: false,
store: store, // this is working
cookie: {
maxAge: 1000 * 60 * 60 * 24 * 14,
httpOnly: true,
secure: process.env.NODE_ENV !== 'Development',
sameSite: process.env.NODE_ENV === 'Development' ? 'lax' : 'none'
}
}))
提前谢谢你:)
编辑 1:我的获取代码:
如果您只使用 http,您应该考虑两件事:
第一步在客户端请求时: 你应该像这样发送请求:
const req = await fetch("http://localhost:7000/api/auth/login", {
method: "POST",
credentials: "include",
headers: {
"Content-Type": "application/json",
"Access-Control-Allow-Credentials": true,
},
body: JSON.stringify({
email: formData.get("email"),
password: formData.get("password"),
}),
});
const data = await req.json();
表达中的第 2 步:
const allowedOrigins = ["http://localhost:8000"];
const corsOptions = {
origin: function (origin, callback) {
if (allowedOrigins.indexOf(origin) !== -1) {
callback(null, true);
} else {
var msg =
"The CORS policy for this site does not " +
"allow access from the specified Origin.";
callback(new Error(msg), false);
}
},
optionsSuccessStatus: 200,
credentials: true,
};
app.use(cors(corsOptions));
现在您可以使用 req.cookies.nameOfCookiesWhichYouSendThroughCoockieParser
快速获取 cookie