express-session 无法在生产中设置 connect.sid cookie
应用程序正在使用 postgres 池来存储会话。一直工作到应用程序成为整体并且请求通过反向代理路由。 但现在它自己的服务部署到 Elastic Beanstalk 上的生产,并且行为不符合预期。
app.use(cors({credentials: true, origin: 'http://localhost:3000'}));
var sess = {
store: new (connectPgSimple(session))({ pool: db.pool }),
cookie: {
maxAge: 30 * 24 * 60 * 60 * 1000,
httpOnly: false
},
secret: process.env.COOKIE_SECRET,
resave: false,
saveUninitialized: true,
}
// Trust first proxy for production
if (process.env.NODE_ENV === 'production') {
app.set('trust proxy', 1)
sess.cookie.secure = true
}
app.use(session(sess));
还将 withCredentials: *true* 添加到来自客户端的所有请求。
似乎只有当传入请求被代理到 Express 服务器时才会设置 connect.sid 会话 cookie。 我尝试了使用 Express-Session 的配置变体来信任代理,但它仍然没有创建所需的 cookie。
POST 请求的示例响应 当我检查 Application > 时,您可以看到发送回 Set-Cookie 标头的响应。 存储 > Cookie 我没有看到 connect.sid cookie
App is using postgres pool to store sessions. Worked up until the application was monolithic and requests were being routed through reverse-proxy.
But now it's its own service deployed to production on Elastic Beanstalk and is not behaving the desired way.
app.use(cors({credentials: true, origin: 'http://localhost:3000'}));
var sess = {
store: new (connectPgSimple(session))({ pool: db.pool }),
cookie: {
maxAge: 30 * 24 * 60 * 60 * 1000,
httpOnly: false
},
secret: process.env.COOKIE_SECRET,
resave: false,
saveUninitialized: true,
}
// Trust first proxy for production
if (process.env.NODE_ENV === 'production') {
app.set('trust proxy', 1)
sess.cookie.secure = true
}
app.use(session(sess));
Also added the withCredentials: *true* to all requests from client.
It seems to be that the connect.sid session cookie only gets set when the incoming request is proxied to the express server.
I tried the variation of config with express-session to trust the proxy and it still does not create the required cookie.
Sample response for a POST request
You can see the response sending the Set-Cookie header back when I check Application > Storage > Cookies I don't see the connect.sid cookie
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
对于遇到
express-session 无法设置 connect.sid cookie问题的人。另外,您可以检查您的'saveUninitialized': true,是否为true这意味着如果设置 'saveUninitialized': false,则不会设置 cookie,因为没有任何内容导致 cookie 被设置。For someone who is experiencing the issue of
express-session unable to set connect.sid cookie. Also, you can check if your'saveUninitialized': true,istruewhich means that since if put 'saveUninitialized': false, no cookie will get set since there is nothing causing the cookie to ever get set.就我而言,问题出在 nginx https 代理并在配置中添加 X-Forwarded-Proto 标头:
In my case the issue was in nginx https proxy and adding X-Forwarded-Proto header in config:
所以,你要做的就是
在你的nodejs中的session之前进行设置。这将解决由代理或负载均衡器创建的 cookie 不创建的问题。这设置了信任代理,告诉服务器识别真实客户端IP。信任代理中的 1 将告诉服务器信任第一个 IP,即真实客户端。
此外,如果您的后端和前端位于不同的域中。例如,您可以设置cookie中的域;对于前端
abc.vercel.app,请编写.vercel.app并添加点.So, what you have to do is to set,
before session in your nodejs. This will resolve the cookie not creating issue, created by proxy or load balancer. This set trust proxy, tells the server to identify Real Client IP. 1 in trust proxy will tell server to trust first IP which is real client.
Also if your backend and frontend are on different domain. you could set domain in cookie, forexample; For frontend
abc.vercel.appwrite.vercel.appwith proceeding dot.