[英]How to send firebase session cookie from server to frontend
The problem that I am facing is that the session cookies created on the server seem to not be available on the browser.我面临的问题是在服务器上创建的 session cookies 似乎在浏览器上不可用。 I'm using firebase session cookies which can be found here: ( https://firebase.google.com/docs/auth/admin/manage-cookies ) I'm using firebase session cookies which can be found here: ( https://firebase.google.com/docs/auth/admin/manage-cookies )
Below is the code I have下面是我的代码
const express = require('express');
const cors = require('cors');
const cookieParser = require('cookie-parser');
const app = express();
app.use(cookieParser());
app.use(cors());
app.use(express.urlencoded({extended: true}));
app.use(express.json());
userRouter.post('/sessionLogin', (req, res) => {
console.log("Got session login request");
// Get the ID token passed and the CSRF token.
const idToken = req.body.idToken.toString();
// Set session expiration to 5 days.
const expiresIn = 60 * 60 * 24 * 5 * 1000;
fb.auth().createSessionCookie(idToken, {expiresIn})
.then((sessionCookie) => {
const options = {maxAge: expiresIn, httpOnly: true, secure: true};
res.setHeader('Cache-Control', 'private');
res.cookie('__session', sessionCookie, options);
return res.send(JSON.stringify({status: 'success'}));
}).catch((error) => {
res.status(401).send('UNAUTHORIZED REQUEST!');
});
});
fb.auth.signInWithEmailAndPassword(email, password).then(user => {
return user.user.getIdToken().then(idToken => {
console.log(idToken);
//document.cookie = '__session=' + idToken + ';max-age=3600';
return ref.postIdTokenToSessionLogin(idToken);
});
})
When I use postman I'm able to see the session created as expected postman session picture当我使用 postman 时,我可以看到按预期创建的session postman Z21D6F40CFB511982E5E442E21D6F40CFB511982E5E7ZA图片
My server and frontend are hosted on different domains.我的服务器和前端托管在不同的域上。 I can't seem to wrap my head around this any ideas would be highly appreciated.我似乎无法理解这一点,任何想法都会受到高度赞赏。
Thanks,谢谢,
You cannot share cookies across domains (unless they are subdomains).您不能跨域共享 cookies(除非它们是子域)。 See Cross-Domain Cookies for a related discussion.有关相关讨论,请参阅跨域 Cookies 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.