Cookies 从非 www 重定向到 www 域名后丢失

Question

我的网站是

• https://www.example.com
• https://example.com

If I used https://example.com and login using google oauth2, after redirect back to https://www.example.com my cookies doesn't persists, it's restarted so I'm not able to login. 如果我使用https://www.example.com并重定向回相同的 https://www.example.Z4D2366D9A2D102C工作正常。 我不确定它是否应该正常工作，因为它都是同一个域，只是没有www 。 我正在使用 NGINX ssl certbot，目前我的替代计划是在找不到解决方案时使我的重定向 URI 动态化。

map $sent_http_content_type $expires {
   "text/html"                 epoch;
    "text/html; charset=utf-8"  epoch;
    default                     off;
}

map $http_upgrade $connection_upgrade {
  default upgrade;
  ''      close;
}


server {

        gzip            on;
        gzip_types      text/plain application/xml text/css application/javascript;
        gzip_min_length 1000;


        location / {
                proxy_set_header Host               $host;
                proxy_set_header X-Real-IP          $remote_addr;
                proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto  $scheme;
                proxy_set_header X-Auth-Request-Redirect "https://www.example.com";
                proxy_cache_bypass                      $http_upgrade;
                proxy_pass                          http://127.0.0.1:3000;
                proxy_http_version      1.1;
                proxy_buffer_size          128k;
                proxy_buffers              4 256k;
                proxy_busy_buffers_size    256k;
                #proxy_cookie_path / "/; SameSite=lax; HTTPOnly; Secure";
        }

        #location /api {
        #       proxy_pass http://127.0.0.1:3333;
        #       proxy_cookie_path / "/; SameSite=none; HTTPOnly; Secure";
        #}

        location /adonis-ws {

                proxy_pass http://127.0.0.1:3333;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_cache_bypass $http_upgrade;
                proxy_connect_timeout 2592000;
                proxy_send_timeout 2592000;
                proxy_read_timeout 2592000;

        }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}




server {
    if ($host = www.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen 80;
        listen [::]:80;



    server_name example.com www.example.com 123.123.123;
    return 404; # managed by Certbot

}

更新

我的 cookies 不在 www 和非 www 之间共享。 我决定强制将我的网站重定向到 www，因为它在同源域中有效。

Answer 1

这与 NGINX 无关。 它与浏览器如何处理 cookies 的方式有关。 您应该将 cookies 范围限定为父域（example.com）而不是子域（ www.example.com ）