发表新帖
发表新帖

Expressjs secure session cookie

后端 未结
关注
2 684
梦毁少年i
梦毁少年i 2021-02-07 11:55

I cant seem to find a way to set a secure cookie in expressjs framework. Is there an option to do this somewhere?

相关标签:
2条回答
  • 耶瑟儿~
    2021-02-07 12:07

    Based on the documentation, try this:

    res.cookie('rememberme', 'yes', { expires: new Date(Date.now() + 900000), httpOnly: true, secure: true });

    Using res.cookie(name, val[, options]) sets the given cookie name to val, with options httpOnly, secure, expires, etc. The path option defaults to the app’s basepath setting, which is typically "/".

    See the docs for res.cookie for more details.

    0 讨论(0)
  • 耶瑟儿~
    2021-02-07 12:08

    If you are behind a proxy, you also have to ensure it is sending the X-Forwarded-Proto header and that you set the proxy option:

    app.use(express.session({
  proxy: true,
  secret: 'test',
  cookie: {
    secure: true
  }            
}));

    Alternatively, you can tell Express to trust the proxy globally:

    app.set('trust proxy', 1)
    0 讨论(0)
 看不清?
提交回复
热议问题