我正在尝试在后端(带有Express-Session的Express / Node / Mongo)中设置经过身份验证的端点,并且可以在响应标头中将Cookie发送到客户端(Chrome版本53.0.2785.143),但是当我在开发控制台在“应用程序”->“存储”->“ Cookies”->“ http:// localhost:8100”下不存在,因此在后续的“请求标头”中没有任何内容发送回服务器。但是,当我测试使用Postman编写的代码时,似乎一切正常,这意味着服务器在登录时发送一个cookie,并且当我获取经过身份验证的终结点时该cookie被返回。
Response Headers
HTTP/1.1 200 OK
X-Powered-By: Express
Vary: X-HTTP-Method-Override
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: DELETE, PUT, GET
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Content-Type: application/json; charset=utf-8
Content-Length: 1258
ETag: W/"4ea-X9Q0hp8ptccLVapzMZamYA"
set-cookie: connect.sid=s%3AyEaCZPUtH-rA0yQ3Osk-FNBHxQNYbFqp.gvwe%2FO0GSSfaX6i8Y29XD9vEo6ht2M%2FqL00wiFpntnU; Path=/
Date: Tue, 25 Oct 2016 01:28:59 GMT
Connection: keep-alive
Request Headers
POST /login HTTP/1.1
Host: localhost:8000
Connection: keep-alive
Content-Length: 51
Pragma: no-cache
Cache-Control: no-cache
Origin: http://localhost:8100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36
Content-Type: application/json
Accept: */*
Referer: http://localhost:8100/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8
Request Payload
{"email":"[email protected]","password":"test123"}
Settings object for the session ID cookie:
{ path: '/', _expires: null, originalMaxAge: null, httpOnly: false }
session ID cookie name = 'connect.sid'.
Ionic2 service to login user.
public loginUser(user:Object):Observable<any>{
let headers = new Headers();
headers.append('Content-Type', 'application/json');
return this.http.post('http://localhost:8000/login', JSON.stringify(user), {headers: headers})
.map(this.extractData)
.catch(this.handleError)
}
public extractData(res: Response) {
console.log(res.headers); //cookie does not log here in response
let body = res.json();
return body || { };
}
通常,chrome不会为本地主机保存Cookie。请在Chrome中禁用您的网络安全。
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --user-data-dir="C:/Chrome dev session" --args --disable-web-security
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句