Nginx + Node.js + express.js + passport.js:子域名停留认证

Nginx + Node.js + express.js + passport.js: Subdommain stay authenticated

本文关键字:js 停留 域名 认证 passport Node express Nginx      更新时间:2023-09-26

我有一个Nginx服务器,配置如下
和node.js Server.

server.js 

app         = express(),
    cookieSession     = require('cookie-session'),
app.use(cookieSession({
    secret: config.session_secret,
    resave: true,
    saveUninitialized: true,
    store: new Redis({
        port: config.redis_port
    }),
    cookie: { max_age: 43200000, domain:"localhost"}
}));

nginx.conf 

worker_processes  1;
    events {
        worker_connections  1024;
    }

    http {
        upstream app {
            server 127.0.0.1:3000;
        }
        server {
            listen       80;
            server_name  localhost;
            client_max_body_size 32m;
            location / {
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $http_host;
                proxy_set_header X-NginX-Proxy true;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_pass http://app/;
                proxy_redirect off;
            }
        }
        server {
            listen       80;
            server_name  sub.localhost;
            client_max_body_size 32m;

            location / {
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $http_host;
                proxy_set_header X-NginX-Proxy true;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_pass http://app/;
                proxy_redirect off;
            }
        }    
    }

我试过添加域名:"。localhost"甚至域:"*。也尝试添加

app.use(function(req, res, next){
   // Website you wish to allow to connect
    res.setHeader('Access-Control-Allow-Origin', req.headers.host)
    // Request methods you wish to allow
    res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, PATCH, DELETE');
    // Request headers you wish to allow
    res.setHeader('Access-Control-Allow-Headers', 'X-Requested-With,content-type');
    // Set to true if you need the website to include cookies in the requests sent
    // to the API (e.g. in case you use sessions)
    res.setHeader('Access-Control-Allow-Credentials', true);    
    next();
});

到server.js

问题是,当我在本地主机上验证时,我没有在sub.localhost上验证。

From Login session跨子域:

你可以使用:domain: ".app。Localhost",就可以了。"domain"参数需要域名中的1个或多个点来设置cookie。

相关文章: