使用带有安全性的nodejs模块快速会话不起作用
[英]use nodejs module express-session with secure does not work
问题描述
I use express-session module with redis connection and nginx proxy. 
我使用带有redis连接和nginx代理的express-session模块。 If I use it with secure: false the sid cookie is set. 如果我使用secure:false,则设置sid cookie。 But if I set it to secure it does not. 但是,如果我将其设置为安全,则不会。 I am set a other cookie directly with express and secure: true and it works. 我直接用express和secure设置了另一个cookie:true,它可以工作。
Express-Session config in Express: Express中的Express-Session配置:
//proxy configuration
app.set('trust proxy', 1); // trust first proxy (ngnix proxy)
//session
app.use(session({
secret: 'to-secret-to-show',
resave: false,
saveUninitialized: true,
rolling: true,
cookie: {
httpOnly: true,
sameSite: 'strict',
secure: secure
},
store: new RedisSessionStore({
client: redis,
ttl: 86400, //time to life, one day
}),
}));
If secure is set to true or false depents on the envirement. 如果将secure设置为true或false,则在环境上无效。 I try to set it directly to true, but does not make a chnage. 我尝试将其直接设置为true,但不作任何改动。
nginx proxy settings: nginx代理设置:
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
#proxy_set_header X-Forwarded-Host $http_host;
proxy_pass http://nodejs;
proxy_redirect off;
When I look at Dokumentation files it should be correct. 当我查看Dokumentation文件时,它应该是正确的。 Do I forgot something? 我忘了什么吗? I can not make to heavy test, because I have only my live system with secure connections. 我无法进行繁重的测试,因为我只有带安全连接的实时系统。
1 个解决方案
解决方案1
1 已采纳 2016-09-03 16:38:06
Try adding an X-Forwarded-Proto header: 尝试添加X-Forwarded-Proto标头:
proxy_set_header X-Forwarded-Proto $scheme;
This is how express-session determines if the connection to nginx was secure. 这就是express-session确定与nginx的连接是否安全的方式。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.