20

我有以下代码:

var express = require('express');
var cookieParser = require('cookie-parser');
var http = require('http')
var app = express();
app.use(cookieParser());
var session = require('express-session');
app.use(session({
    resave: false,
    saveUninitialized: true,
    secret: 'sdlfjljrowuroweu',
    cookie: { secure: true }
}));

app.get('/test', test);
function test(req, res) {
    var sess = req.session;
    console.log('before', sess);
    if (sess.views) {
        sess.views++
        req.session.save();
        res.setHeader('Content-Type', 'text/html')
        res.write('<p>views: ' + sess.views + '</p>')
        res.write('<p>expires in: ' + (sess.cookie.maxAge / 1000) + 's</p>')
        res.end();
    } else {
        sess.views = 1;
        req.session.save();
        res.end('welcome to the session demo. refresh!')
    }
    console.log('after', sess);
    return;
}

var server = http.createServer(app);
server.listen(8181);

并重新加载页面,我只是不断收到视图计数为 0 的消息。

检查控制台,这是每次的输出:

before { cookie: 
   { path: '/',
     _expires: null,
     originalMaxAge: null,
     httpOnly: true,
     secure: true } }
after { cookie: 
   { path: '/',
     _expires: null,
     originalMaxAge: null,
     httpOnly: true,
     secure: true },
  views: 1 }

所以它似乎根本没有节省

4

1 回答 1

43

更改 cookie: { secure: true }cookie: { secure: false }

使用安全标志意味着 cookie 将仅在 Https 上设置。

于 2016-01-28T16:34:54.173 回答