Safari由于启用了跨站点跟踪而不允许第三方饼干
因此,我构建了一个使用Passport和Express会话进行身份验证的应用程序。当我部署时,我发现Safari在其设置中关闭“跨站点跟踪”之前没有让Express会话起作用。我如何做这项工作?
基于本文 https://sarav.co/sessive-persisting-persisting-issisting-issisting-issise-safari 我需要手动将其关闭,但老实说,我不能指望我的用户可以手动这样做。
以下是我设置快速会话的方式:
app.set('trust proxy', 1);
app.use(session({
secret: process.env.SESSION_SECRET,
resave: false,
saveUninitialized: false,
cookie: {
secure: true,
httpOnly: true,
sameSite: 'none',
maxAge: 60 * 60 * 24 * 1000
},
store: MongoStore.create({
mongoUrl: process.env.DB_URL,
ttl: 14 * 24 * 60 * 60,
autoRemove: 'native',
})
}));
So I built an app that uses passport and express session for its authentication. When I deployed, I discovered that safari was not letting express session work until I switched off 'cross site tracking' in its settings. How do I make this work?
Based on this article https://sarav.co/session-persisting-issue-safari I need to manually switch it off, but I honestly cannot expect my users to be manually doing that.
Below is how I've set up my express session:
app.set('trust proxy', 1);
app.use(session({
secret: process.env.SESSION_SECRET,
resave: false,
saveUninitialized: false,
cookie: {
secure: true,
httpOnly: true,
sameSite: 'none',
maxAge: 60 * 60 * 24 * 1000
},
store: MongoStore.create({
mongoUrl: process.env.DB_URL,
ttl: 14 * 24 * 60 * 60,
autoRemove: 'native',
})
}));
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论