发表新帖
发表新帖

Node.js Express Passport Cookie Expiration

前端 未结
关注
2 1303
佛祖请我去吃肉
佛祖请我去吃肉 2020-12-14 02:59

I am using Passport for authentication in my app, and I am also using Express. To summarize my issue: my login functionality works fine initially, but after any<

相关标签:
2条回答
  • 萌比男神i
    2020-12-14 03:35

    Set cookie name to value, where which may be a string or object converted to JSON. The path option defaults to "/".

    res.cookie('rememberme', '1', { expires: new Date(Date.now() + 900000), httpOnly: true });

    The maxAge option is a convenience option for setting "expires" relative to the current time in milliseconds. The following is equivalent to the previous example.

    res.cookie('rememberme', '1', { maxAge: 900000, httpOnly: true })

    Also the Link

    http://expressjs.com/api.html#res.cookie

    0 讨论(0)
  • 北海茫月
    2020-12-14 03:44

    I figured it out, although I don't love the answer.

    tl;dr; - use maxAge instead of expires.

    The issue was rooted in the expiration date set on each cookie (which is automatically set by Express). I noticed that every cookie that was set had the same expiration date, which eventually ended up being in the past and hence instantly expiring.

    The cause of that was here:

    cookie: { expires : new Date(Date.now() + 3600000) }

    The new Date was being created only once, upon server start. That was causing the expiration date to be the same every time. Based on code in the original post, I can't figure out why it doesn't work and yet every example I've found online uses the exact same code. I verified this by defining a function that created this Date, and checking that it only got called upon server start.

    To fix this issue, I am defining maxAge instead of "expires". maxAge takes a number of milliseconds, rather than a date, and it appears to be setting the expiration date on all cookies correctly.

    I would love to hear if anyone can explain why this is happening in the first place, since others seem to use it successfully. Any thoughts?

    See my working code below

    app.configure(function(){
    app.set('port', process.env.PORT || 3000);
    app.set('views', __dirname + '/views');
    app.engine('html', consolidate.swig);
    app.set('view engine', 'html');
    swig.init({
        root: '.',
        allowErrors: true, // allows errors to be thrown and caught by express instead of suppressed
        autoescape: false});

    app.use(express.logger('dev'));

    app.use(express.bodyParser());
    app.use(express.methodOverride());
    app.use(express.cookieParser("[mysecrethere]"));
    app.use(express.session({   store: sessionStore,
                            cookie: { maxAge : 3600000 } //1 Hour
                            }));
    app.use(passport.initialize());
    app.use(passport.session());
    app.use(flash());
    app.use(expressValidator);

    app.use(express.static(path.join(__dirname, 'public')));

    //Dynamic helpers
    app.use(require('./helpers/DynamicHelpers'));

    app.use(app.router);
});
    0 讨论(0)
 看不清?
提交回复
热议问题