[英]Cookies lost after redirect from non www to www domain name
My sites are我的网站是
If I used https://example.com and login using google oauth2, after redirect back to https://www.example.com my cookies doesn't persists, it's restarted so I'm not able to login. If I used https://example.com and login using google oauth2, after redirect back to https://www.example.com my cookies doesn't persists, it's restarted so I'm not able to login. If I use https://www.example.com and redirect back to same https://www.example.com , works fine.
如果我使用https://www.example.com并重定向回相同的 https://www.example.Z4D2366D9A2D102C工作正常。 I'm not sure if it should be working fine since it is both same domain only doesn't have
www
.我不确定它是否应该正常工作,因为它都是同一个域,只是没有
www
。 I'm using NGINX ssl certbot, currently my alternative plan is to make my redirect URI dynamic if I can't find solution.我正在使用 NGINX ssl certbot,目前我的替代计划是在找不到解决方案时使我的重定向 URI 动态化。
map $sent_http_content_type $expires {
"text/html" epoch;
"text/html; charset=utf-8" epoch;
default off;
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
gzip on;
gzip_types text/plain application/xml text/css application/javascript;
gzip_min_length 1000;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Auth-Request-Redirect "https://www.example.com";
proxy_cache_bypass $http_upgrade;
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
#proxy_cookie_path / "/; SameSite=lax; HTTPOnly; Secure";
}
#location /api {
# proxy_pass http://127.0.0.1:3333;
# proxy_cookie_path / "/; SameSite=none; HTTPOnly; Secure";
#}
location /adonis-ws {
proxy_pass http://127.0.0.1:3333;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_cache_bypass $http_upgrade;
proxy_connect_timeout 2592000;
proxy_send_timeout 2592000;
proxy_read_timeout 2592000;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name example.com www.example.com 123.123.123;
return 404; # managed by Certbot
}
Update更新
My cookies doesn't share between www and non-www.我的 cookies 不在 www 和非 www 之间共享。 I decided to force redirect my website to www instead since its working if same origin domain.
我决定强制将我的网站重定向到 www,因为它在同源域中有效。
It's not something related to NGINX.这与 NGINX 无关。 It is related to browser's way how it deals with cookies.
它与浏览器如何处理 cookies 的方式有关。 You should have your cookies scoped to parent domain(example.com) and not to subdomain( www.example.com )
您应该将 cookies 范围限定为父域(example.com)而不是子域( www.example.com )
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.