问题
I cant seem to find a way to set a secure cookie in expressjs framework. Is there an option to do this somewhere?
回答1:
Based on the documentation, try this:
res.cookie('rememberme', 'yes', { expires: new Date(Date.now() + 900000), httpOnly: true, secure: true });
Using res.cookie(name, val[, options]) sets the given cookie name to val, with options httpOnly, secure, expires, etc. The path option defaults to the app’s basepath setting, which is typically "/".
See the docs for res.cookie for more details.
回答2:
If you are behind a proxy, you also have to ensure it is sending the X-Forwarded-Proto header and that you set the proxy option:
app.use(express.session({
proxy: true,
secret: 'test',
cookie: {
secure: true
}
}));
Alternatively, you can tell Express to trust the proxy globally:
app.set('trust proxy', 1)
来源:https://stackoverflow.com/questions/8455272/expressjs-secure-session-cookie