[英]Cookies lost after redirect from non www to www domain name
我的网站是
If I used https://example.com and login using google oauth2, after redirect back to https://www.example.com my cookies doesn't persists, it's restarted so I'm not able to login. 如果我使用https://www.example.com并重定向回相同的 https://www.example.Z4D2366D9A2D102C工作正常。 我不确定它是否应该正常工作,因为它都是同一个域,只是没有www
。 我正在使用 NGINX ssl certbot,目前我的替代计划是在找不到解决方案时使我的重定向 URI 动态化。
map $sent_http_content_type $expires {
"text/html" epoch;
"text/html; charset=utf-8" epoch;
default off;
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
gzip on;
gzip_types text/plain application/xml text/css application/javascript;
gzip_min_length 1000;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Auth-Request-Redirect "https://www.example.com";
proxy_cache_bypass $http_upgrade;
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
#proxy_cookie_path / "/; SameSite=lax; HTTPOnly; Secure";
}
#location /api {
# proxy_pass http://127.0.0.1:3333;
# proxy_cookie_path / "/; SameSite=none; HTTPOnly; Secure";
#}
location /adonis-ws {
proxy_pass http://127.0.0.1:3333;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_cache_bypass $http_upgrade;
proxy_connect_timeout 2592000;
proxy_send_timeout 2592000;
proxy_read_timeout 2592000;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name example.com www.example.com 123.123.123;
return 404; # managed by Certbot
}
更新
我的 cookies 不在 www 和非 www 之间共享。 我决定强制将我的网站重定向到 www,因为它在同源域中有效。
这与 NGINX 无关。 它与浏览器如何处理 cookies 的方式有关。 您应该将 cookies 范围限定为父域(example.com)而不是子域( www.example.com )
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.