无法与子域共享cookie和会话

时间:2014-08-20 13:57:44

标签: node.js session cookies express nginx

我有两个域名。一个是opencubes.io,另一个是my.opencubes.io。我的快速设置如下:

  server.use express.cookieParser(config.securitySalt)
  server.use express.session cookie: domain: ".opencubes.io"
  server.use flash()
  require("./passport") passport, config

  # use passport session
  server.use passport.initialize()
  server.use passport.session()

问题是在子域中无法识别用户。我做了一个返回当前用户用户名以进行测试的路由,每当我登录域时,都会创建cookie connect.sid(域名设置为.opencubes.io)。 cookie信息在子域中看起来像这样:

cookies

因此,当在浏览器中(在子域中)时,我运行$.get('//opencubes.io/api/v1/users/$.json', function(data){console.log(data)}),它只返回{}。请求是:

Host: opencubes.io
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Firefox/31.0
Accept: */*
Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://my.opencubes.io/
Origin: http://my.opencubes.io
Connection: keep-alive

回复:

Access-Allow-Control-Origin: "*"
Connection: "keep-alive"
Content-Length: "2"
Content-Type: "application/json; charset=utf-8"
Date: "Wed, 20 Aug 2014 13:40:38 GMT"
Etag: "W/"2-2745614147""
Server: "nginx/1.7.4"
Set-Cookie: "connect.sid=s%3AQ_ruHfe...yJrw; Domain=.opencubes.io; Path=/; HttpOnly"
Vary: "X-HTTP-Method-Override"
x-content-type-option: "nosniff"

如何共享sid以便子域名可以“在其名称中”发出请求而无需重新申请凭据?

注意:

子域是nginx重定向到opencubes.io/dashboard

1 个答案:

答案 0 :(得分:0)

我刚刚添加了这一行:

$.ajaxSetup({xhrFields: { withCredentials: true }});

它有效。谢谢你:))

相关问题
最新问题