如何使用Express js中的cookie重定向到不同的域

时间:2022-08-23 10:15:54

I'm developing a web app using Express on Node. I'm trying to implement a proxy login functionality where an user is directly logged in and redirected to another site after he logs into to my site.

我正在开发一个使用Express on Node的web应用。我正在尝试实现一个代理登录功能,用户在登录到我的站点后直接登录并重定向到另一个站点。

In my routing function I'm writing the following code
res.cookie('fanws', 'value' );
res.redirect('http://hostname/path');
// another site

在我的路由函数中,我正在编写以下代码res.cookie('fanws', 'value');res.redirect(“http://hostname/path”);/ /另一个网站

I used the debugger in chrome and saw that the cookie is not getting added in the redirected page.

我在chrome中使用了调试器,发现在重定向页面中没有添加cookie。

I'm running the app on localhost and the site which i'm redirecting to is hosted on another server on local network.

我在localhost上运行应用程序,我要重定向到的站点位于本地网络的另一个服务器上。

What should I do to add the cookie on the redirected path?

如何将cookie添加到重定向路径上?

1 个解决方案

#1


4  

In a nutshell, you can't set a cookie in a browser or read a cookie for a site that you do not control the server for or have your own client code in that page. The cookie system is designed that way on purpose for security reasons. So, from a page or server for http://www.domain1.com, you cannot read or set cookies for some other domain.

简而言之,您不能在浏览器中设置cookie,也不能在您不控制服务器的站点上读取cookie,或者在该页面中有自己的客户端代码。出于安全考虑,cookie系统是按照这种方式设计的。因此,在http://www.domain1.com的页面或服务器上,您不能读取或设置其他域的cookie。

If you have code in the pages of both domains, then you can pass some info to the second page (most likely as a query parameter) that tells the code in the redirected page to take some action (like set a cookie), but you must control the Javascript or server in that second page in order to be able to do that.

如果你有代码页的两个域,然后你可以通过一些信息第二页(最有可能作为查询参数)告诉重定向页面中的代码采取行动(如设置cookie),但你必须控制第二个页面的Javascript或服务器才能这样做。


The cookie in your nodejs code goes on the current request/response which means it is associated with that domain in the browser when the response from the current request is processed by the browser.

nodejs代码中的cookie进入当前请求/响应,这意味着当浏览器处理来自当前请求的响应时,它与浏览器中的域相关联。

res.redirect(...) returns a 302 response with a new URL as the response to the current request. The browser then sees this response code and makes a new web request to the new page. You cannot set cookies from the server for that new domain unless you have the server for that domain also. This is a fundamental aspect of cookie security. Cookies can only be accessed via Javascript in the browser from the page in the same origin as the cookie belongs and servers can only set cookies for the particular origin in the particular request that they are processing.

res.redirect(…)返回一个302响应,其中有一个新的URL作为对当前请求的响应。然后浏览器看到这个响应代码,并向新页面发出一个新的web请求。您不能为新域从服务器设置cookie,除非您也有该域的服务器。这是cookie安全性的一个基本方面。cookie只能通过浏览器中的Javascript从与cookie所属的页面访问,服务器只能为它们正在处理的特定请求中的特定源设置cookie。

#1


4  

In a nutshell, you can't set a cookie in a browser or read a cookie for a site that you do not control the server for or have your own client code in that page. The cookie system is designed that way on purpose for security reasons. So, from a page or server for http://www.domain1.com, you cannot read or set cookies for some other domain.

简而言之,您不能在浏览器中设置cookie,也不能在您不控制服务器的站点上读取cookie,或者在该页面中有自己的客户端代码。出于安全考虑,cookie系统是按照这种方式设计的。因此,在http://www.domain1.com的页面或服务器上,您不能读取或设置其他域的cookie。

If you have code in the pages of both domains, then you can pass some info to the second page (most likely as a query parameter) that tells the code in the redirected page to take some action (like set a cookie), but you must control the Javascript or server in that second page in order to be able to do that.

如果你有代码页的两个域,然后你可以通过一些信息第二页(最有可能作为查询参数)告诉重定向页面中的代码采取行动(如设置cookie),但你必须控制第二个页面的Javascript或服务器才能这样做。


The cookie in your nodejs code goes on the current request/response which means it is associated with that domain in the browser when the response from the current request is processed by the browser.

nodejs代码中的cookie进入当前请求/响应,这意味着当浏览器处理来自当前请求的响应时,它与浏览器中的域相关联。

res.redirect(...) returns a 302 response with a new URL as the response to the current request. The browser then sees this response code and makes a new web request to the new page. You cannot set cookies from the server for that new domain unless you have the server for that domain also. This is a fundamental aspect of cookie security. Cookies can only be accessed via Javascript in the browser from the page in the same origin as the cookie belongs and servers can only set cookies for the particular origin in the particular request that they are processing.

res.redirect(…)返回一个302响应,其中有一个新的URL作为对当前请求的响应。然后浏览器看到这个响应代码,并向新页面发出一个新的web请求。您不能为新域从服务器设置cookie,除非您也有该域的服务器。这是cookie安全性的一个基本方面。cookie只能通过浏览器中的Javascript从与cookie所属的页面访问,服务器只能为它们正在处理的特定请求中的特定源设置cookie。