在sails.js应用程序中设置安全cookie
[英]set secure cookie in sails.js app
问题描述
What is the way to configure sails.js to set secure cookies? 
配置sails.js以设置安全cookie的方法是什么? We are using redis to persist session state. 我们使用redis来持久化会话状态。 The sails.js prescribed way (rather than some Express middleware option) is desired. 需要sails.js规定的方式(而不是一些Express中间件选项)。 Ultimately, I want the "secure" column in the Chrome cookies view to be checked for the app's cookie: 最终,我希望检查Chrome Cookie视图中的“安全”列以查找应用的Cookie:
In the docs, there is no explicit mention of how to do this: 在文档中,没有明确提到如何执行此操作:
http://sailsjs.org/#!/documentation/reference/sails.config/sails.config.session.html http://sailsjs.org/#!/documentation/reference/sails.config/sails.config.session.html
There is an ssl config option, but deploying the app with ssl: true did not produce the desired result: 有一个ssl配置选项,但使用ssl: true部署应用程序并没有产生所需的结果:
module.exports.session = {
...
ssl: true
...
}
The ssl option isn't documented either, but I assume it has something to do with signing cookies instead. ssl选项也没有记录,但我认为它与签名cookie有关。
edit : in the screen shot, I'm serving from localhost without HTTPS, but this app is being served from a production server using HTTPS and the same behavior is observed 编辑 :在屏幕截图中,我在没有HTTPS的情况下从localhost服务,但是这个应用程序是使用HTTPS从生产服务器提供的,并且观察到相同的行为
3 个解决方案
解决方案1
6 已采纳 2015-04-09 15:37:52
Sails uses express.session to handle session cookies, therefore you can enable secure cookies by setting cookie: { secure: true } in config/session.js Sails使用express.session来处理会话cookie,因此您可以通过在config / session.js中设置cookie: { secure: true }来启用安全cookie
You need to use HTTPS for express to set the cookie 您需要使用HTTPS for express来设置cookie
it requires an https-enabled website, ie, HTTPS is necessary for secure cookies.
If you are behind a proxy that does SSL termination on behalf of your web server enable express trust proxy option by adding the following middleware in config/http.js 如果您是代表您的Web服务器执行SSL终止的代理,并通过在config / http.js中添加以下中间件来启用快速trust proxy选项
module.exports.http = {
customMiddleware: function(app) {
app.enable('trust proxy');
}
};
解决方案2
0 2015-04-08 15:01:14
It appears that there is not a way to do this currently. 目前似乎没有办法做到这一点。 If you look at the sails.js session implementation here ( https://github.com/balderdashy/sails/blob/98522d0bc5df5e6bc30b4dc35708ae71cf4625e2/lib/hooks/session/index.js ) you'll see that there is, in fact, no secure-mode stuff whatsoever :( 如果你看一下这里的sails.js会话实现( https://github.com/balderdashy/sails/blob/98522d0bc5df5e6bc30b4dc35708ae71cf4625e2/lib/hooks/session/index.js ),你会发现实际上没有安全模式的东西:(
Since sails is using their own session store implementation, and not piggybacking off of node-client-sessions or express-sessions , the only way to solve this (I think) would be to submit a PR to the sails people. 由于sails正在使用他们自己的会话存储实现,而不是从节点客户端会话或快速会话中捎带,解决这个问题的唯一方法(我认为)就是向帆人员提交PR。
Sorry! 抱歉!
解决方案3
0 2016-09-06 10:19:24
You can set signed cookies like so 您可以像这样设置签名的cookie
Adding a signed cookie named "chocolatechip" with value "Yummy: 添加一个名为“chocolatechip”的签名cookie,其值为“Yummy:
res.cookie('chocolatechip', 'Yummy', {signed:true});
Retrieving the cookie: 检索cookie:
req.signedCookies.chocolatechip; //"Yummy"
check out the sails Documentation 查看sails 文档
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.