Expressjs安全会话cookie
[英]Expressjs secure session cookie
问题描述
I cant seem to find a way to set a secure cookie in expressjs framework. 
我似乎找不到在expressjs框架中设置安全cookie的方法。 Is there an option to do this somewhere? 有没有选择在某个地方这样做?
2 个解决方案
解决方案1
21 2013-01-28 20:42:26
If you are behind a proxy, you also have to ensure it is sending the X-Forwarded-Proto header and that you set the proxy option: 如果您在代理后面,还必须确保它发送X-Forwarded-Proto标头并设置代理选项:
app.use(express.session({
proxy: true,
secret: 'test',
cookie: {
secure: true
}
}));
Alternatively, you can tell Express to trust the proxy globally: 或者,您可以告诉Express全局信任代理:
app.set('trust proxy', 1)
解决方案2
12 已采纳 2011-12-10 08:17:28
Based on the documentation , try this: 根据文档 ,试试这个:
res.cookie('rememberme', 'yes', { expires: new Date(Date.now() + 900000), httpOnly: true, secure: true });
Using res.cookie(name, val[, options]) sets the given cookie name to val , with options httpOnly , secure , expires , etc. The path option defaults to the app's basepath setting, which is typically "/" . 使用res.cookie(name, val[, options])设置给定的cookie的名称来val ,带有选项httpOnly , secure , expires等path选项默认为应用程序的basepath设置,这是典型的"/" 。
See the docs for res.cookie for more details. 有关详细信息,请参阅res.cookie的文档 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.