[英]express-session unable to set connect.sid cookie in production
App is using postgres pool to store sessions.应用程序使用 postgres 池来存储会话。 Worked up until the application was monolithic and requests were being routed through reverse-proxy.
一直工作到应用程序是整体的并且请求通过反向代理路由。 But now it's its own service deployed to production on Elastic Beanstalk and is not behaving the desired way.
但现在它自己的服务已部署到 Elastic Beanstalk 上的生产环境中,并且未按预期方式运行。
app.use(cors({credentials: true, origin: 'http://localhost:3000'}));
var sess = {
store: new (connectPgSimple(session))({ pool: db.pool }),
cookie: {
maxAge: 30 * 24 * 60 * 60 * 1000,
httpOnly: false
},
secret: process.env.COOKIE_SECRET,
resave: false,
saveUninitialized: true,
}
// Trust first proxy for production
if (process.env.NODE_ENV === 'production') {
app.set('trust proxy', 1)
sess.cookie.secure = true
}
app.use(session(sess));
Also added the withCredentials: *true*
to all requests from client.还向来自客户端的所有请求添加了
withCredentials: *true*
。
It seems to be that the connect.sid
session cookie only gets set when the incoming request is proxied to the express server. connect.sid
session cookie 似乎只有在传入请求被代理到 express 服务器时才会设置。 I tried the variation of config with express-session to trust the proxy and it still does not create the required cookie.我尝试使用 express-session 的配置变体来信任代理,但它仍然没有创建所需的 cookie。
Sample response for a POST request You can see the response sending the Set-Cookie header back when I check Application > Storage > Cookies I don't see the connect.sid
cookie POST 请求的示例响应当我检查应用程序>存储> Cookies时,你可以看到发送回 Set-Cookie header 的响应 我没有看到
connect.sid
cookie
For someone who is experiencing the issue of express-session unable to set connect.sid cookie
.对于遇到
express-session unable to set connect.sid cookie
问题的人。 Also, you can check if your 'saveUninitialized': true,
is true
which means that since if put 'saveUninitialized': false, no cookie will get set since there is nothing causing the cookie to ever get set.此外,您可以检查您
'saveUninitialized': true,
是否为true
,这意味着如果放置 'saveUninitialized': false,则不会设置任何 cookie,因为没有任何东西导致 cookie 被设置。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.