Set-Cookie标头不再删除Cookie
[英]Set-Cookie header no longer removing cookie
问题描述
So I've been using the following code for a while now 
所以我已经使用了一段时间了
Set cookie 设定Cookie
res.cookie(AUTH_TOKEN_NAME, token, {
maxAge: AUTH_TOKEN_EXP,
domain: DOMAIN,
signed: true,
httpOnly: true
});
Expire cookie 过期cookie
res.clearCookie(AUTH_TOKEN_NAME);
res.redirect(303, '/');
And it's been working fine, however, only after just recently deploying to production this code has stopped working. 而且,它一直运行良好,但是直到最近才将其部署到生产中,此代码才停止工作。 Things to note: 注意事项:
- Code is ran from a sub domain eg
x.domain.comandDOMAIN=domain.com(I've also tried.domain.comwhich also didn't work)代码是从一个子域如跑x.domain.com和DOMAIN=domain.com(我也尝试.domain.com也没有工作) - The header is in the response (see below) 头是在响应(见下文)
- I'm not explicitly setting
pathas Express assumes/if it's not provided - regardless, I did this to rule it out, it didn't make a difference.我没有明确地设置Express假设的path/如果未提供-无论如何,我这样做是为了排除它,这没有任何区别。 - This isn't browser specific, I've not tried it on every browser but behaviour is the same on Chrome or Safari and... 这不是特定于浏览器的,我没有在每个浏览器上都尝试过,但是在Chrome或Safari上的行为是相同的,并且...
- This does work locally ie being run from
localhost:3000withDOMAIN=localhost这确实在本地工作 ,即通过DOMAIN=localhost从localhost:3000运行
I don't think this is an Express problem as it seems to be doing it's job, it seems like the problem lies with the browser but the fact it works locally contradicts that so I've came to the conclusion it is something to do with Express. 我不认为这是Express的问题,因为它似乎在做它的工作, 似乎问题出在浏览器上,但是它在本地运行的事实与该事实矛盾,因此我得出结论,这与它有关表达。
Redeployed node_modules , double checked versions etc. (I use a lock file anyway) and can't quite put my finger on what's going on. 重新部署了node_modules , node_modules检查了版本等(无论如何我都使用了一个锁定文件),无法完全了解发生了什么。
HTTP Request HTTP请求
GET /logout HTTP/1.1
Host: x.domain.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.167 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://x.domain.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-GB,en;q=0.9,en-US;q=0.8,da;q=0.7
Cookie: auth_token=xxxxxx
HTTP Response HTTP响应
HTTP/1.1 303 See Other
Content-Length: 50
Content-Type: text/html; charset=utf-8
Location: /
Vary: Accept
Server: Microsoft-IIS/10.0
Set-Cookie: auth_token=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT
X-Powered-By: Express
X-Powered-By: ASP.NET
Date: Sun, 25 Feb 2018 13:24:01 GMT
Versions 版本号
- Node: 8.1.4 节点: 8.1.4
- Express: 4.16.2 快递: 4.16.2
1 个解决方案
解决方案1
0 2018-02-25 17:38:44
The express docs state, "Web browsers and other compliant clients will only clear the cookie if the given options is identical to those given to res.cookie(), excluding expires and maxAge." 明确的文档指出:“如果给定的选项与对res.cookie()相同的选项(不包括expires和maxAge),则Web浏览器和其他兼容的客户端只会清除cookie。”
Therefore I would suggest you try: 因此,我建议您尝试:
res.clearCookie(AUTH_TOKEN_NAME, {
domain: DOMAIN,
signed: true,
httpOnly: true
});
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.