简体繁体 English

当您使cookie客户端过期并转到服务器端时会发生什么？

[英]what happens when you expire cookies client side and go server side?

原文 2016-08-24 16:08:17 9 1 javascript/ node.js/ cookies

I expire cookies in client side javascript, and then redirect people to server side node js application. 我使客户端javascript中的cookie失效，然后将人们重定向到服务器端节点js应用程序。

Unfortunately, when I check req.cookies... server side the cookies that were expired client side are still there. 不幸的是，当我检查req.cookies ...服务器端时，客户端过期的cookie仍然存在。 How can I fix this issue to make sure cookies are properly expired before moving to server side? 如何解决此问题，以确保在移到服务器端之前cookie已正确过期？

so cookies are expired client side, but when redirect to server side, and check req.cookies , cookie value is still there. 因此cookie在客户端已过期，但是当重定向到服务器端并检查req.cookies ，cookie值仍然存在。

What's happening is that I call Cookie.expire('access_token'); 发生了什么事，我叫Cookie.expire('access_token'); client side, and check req.cookies.access_token server side and the check returns true. 客户端，然后req.cookies.access_token服务器端检查req.cookies.access_token ，然后检查返回true。 Is there a way to be certain client side that the cookie was deleted? 有没有办法确定客户端已删除Cookie？

1 个解决方案

If you are properly expiring cookies client-side, the req.cookies object shouldn't contain a valid cookie. 如果您在客户端适当地终止cookie，则req.cookies对象不应包含有效的cookie。 Are you sure you are properly expiring them before the AJAX call is sent? 在发送AJAX呼叫之前，您确定要正确到期吗？ To be sure, you should think about building in a callback or a Promise to the function that is expiring the cookies. 可以肯定的是，您应该考虑对即将终止Cookie的函数建立回调或Promise。

A better way to do it may be to only do it server-side. 更好的方法可能是仅在服务器端进行。 This means instead of expiring the cookie on the client, send a quick AJAX call to the server to expire the cookie in the database. 这意味着，与其在客户端上使cookie失效，不如向服务器发送快速AJAX调用以使数据库中的cookie失效。 This is a more secure way of expiring cookies, but how you implement it depends on how you're storing your cookies and/or session data 这是使cookie过期的一种更安全的方法，但是如何实现它取决于您存储cookie和/或会话数据的方式