[英]Set-Cookie header no longer removing cookie
So I've been using the following code for a while now 所以我已经使用了一段时间了
Set cookie 设定Cookie
res.cookie(AUTH_TOKEN_NAME, token, {
maxAge: AUTH_TOKEN_EXP,
domain: DOMAIN,
signed: true,
httpOnly: true
});
Expire cookie 过期cookie
res.clearCookie(AUTH_TOKEN_NAME);
res.redirect(303, '/');
And it's been working fine, however, only after just recently deploying to production this code has stopped working. 而且,它一直运行良好,但是直到最近才将其部署到生产中,此代码才停止工作。 Things to note:
注意事项:
x.domain.com
and DOMAIN=domain.com
(I've also tried .domain.com
which also didn't work) x.domain.com
和DOMAIN=domain.com
(我也尝试.domain.com
也没有工作) path
as Express assumes /
if it's not provided - regardless, I did this to rule it out, it didn't make a difference. path
/
如果未提供-无论如何,我这样做是为了排除它,这没有任何区别。 localhost:3000
with DOMAIN=localhost
DOMAIN=localhost
从localhost:3000
运行 I don't think this is an Express problem as it seems to be doing it's job, it seems like the problem lies with the browser but the fact it works locally contradicts that so I've came to the conclusion it is something to do with Express. 我不认为这是Express的问题,因为它似乎在做它的工作, 似乎问题出在浏览器上,但是它在本地运行的事实与该事实矛盾,因此我得出结论,这与它有关表达。
Redeployed node_modules
, double checked versions etc. (I use a lock file anyway) and can't quite put my finger on what's going on. 重新部署了
node_modules
, node_modules
检查了版本等(无论如何我都使用了一个锁定文件),无法完全了解发生了什么。
HTTP Request HTTP请求
GET /logout HTTP/1.1
Host: x.domain.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.167 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://x.domain.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-GB,en;q=0.9,en-US;q=0.8,da;q=0.7
Cookie: auth_token=xxxxxx
HTTP Response HTTP响应
HTTP/1.1 303 See Other
Content-Length: 50
Content-Type: text/html; charset=utf-8
Location: /
Vary: Accept
Server: Microsoft-IIS/10.0
Set-Cookie: auth_token=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT
X-Powered-By: Express
X-Powered-By: ASP.NET
Date: Sun, 25 Feb 2018 13:24:01 GMT
Versions 版本号
The express docs state, "Web browsers and other compliant clients will only clear the cookie if the given options is identical to those given to res.cookie(), excluding expires and maxAge." 明确的文档指出:“如果给定的选项与对res.cookie()相同的选项(不包括expires和maxAge),则Web浏览器和其他兼容的客户端只会清除cookie。”
Therefore I would suggest you try: 因此,我建议您尝试:
res.clearCookie(AUTH_TOKEN_NAME, {
domain: DOMAIN,
signed: true,
httpOnly: true
});
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.