[英]Expressjs secure session cookie
I cant seem to find a way to set a secure cookie in expressjs framework. 我似乎找不到在expressjs框架中设置安全cookie的方法。 Is there an option to do this somewhere?
有没有选择在某个地方这样做?
If you are behind a proxy, you also have to ensure it is sending the X-Forwarded-Proto
header and that you set the proxy option: 如果您在代理后面,还必须确保它发送
X-Forwarded-Proto
标头并设置代理选项:
app.use(express.session({
proxy: true,
secret: 'test',
cookie: {
secure: true
}
}));
Alternatively, you can tell Express to trust the proxy globally: 或者,您可以告诉Express全局信任代理:
app.set('trust proxy', 1)
Based on the documentation , try this: 根据文档 ,试试这个:
res.cookie('rememberme', 'yes', { expires: new Date(Date.now() + 900000), httpOnly: true, secure: true });
Using res.cookie(name, val[, options])
sets the given cookie name to val
, with options httpOnly
, secure
, expires
, etc. The path
option defaults to the app's basepath
setting, which is typically "/"
. 使用
res.cookie(name, val[, options])
设置给定的cookie的名称来val
,带有选项httpOnly
, secure
, expires
等path
选项默认为应用程序的basepath
设置,这是典型的"/"
。
See the docs for res.cookie
for more details. 有关详细信息,请参阅
res.cookie
的文档 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.