javascript 如何访问由 node.js Express 创建的客户端 cookie(带有会话 ID)?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/10474797/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to access client cookie (with session ID) created by node.js Express?
提问by gotta have my pops
I thought I understood how Cookies worked, but I guess not since I'm stuck on the following:
我以为我了解 Cookies 的工作原理,但我想不会,因为我坚持以下几点:
I cannot display a cookie with document.cookie, testing with alert(document.cookie); in my code.
我无法使用 document.cookie 显示 cookie,使用 alert(document.cookie) 进行测试;在我的代码中。
I am playing around with node and have the following code snippet up on my server (everything else works and serving pages with Express):
我正在玩节点,并在我的服务器上有以下代码片段(其他一切都有效并使用 Express 提供页面):
var express = require('express')
, util = require('util')
, MemoryStore = express.session.MemoryStore
, app = express.createServer()
, sessionStore = new MemoryStore();
app.configure(function() {
app.set('views', __dirname + '/views');
app.set('view engine', 'ejs');
app.use(express.logger());
app.use(express.cookieParser());
app.use(express.bodyParser());
app.use(express.methodOverride());
app.use(express.session({
store: sessionStore,
secret: 'BBQ12345AHHH',
key: 'cookie.sid' }));
app.use(app.router);
app.use(express.static(__dirname + '/public'));
});
On my server, I see a cookie being sent when I hit index.ejs. Chrome also shows a cookie being sent in the header on index.ejs. However, when I add alert(document.cookie) in the of the index.ejs page, the alert is blank. What am I doing wrong?
在我的服务器上,当我点击 index.ejs 时,我看到一个 cookie 正在发送。Chrome 还会在 index.ejs 的标头中显示正在发送的 cookie。但是,当我在 index.ejs 页面的 中添加 alert(document.cookie) 时,警报是空白的。我究竟做错了什么?
Thanks
谢谢
采纳答案by Esailija
The Connect session cookies default to httpOnlywhich Chrome respects, I.E. the cookies are inaccessible by client side javascript.
默认情况下httpOnly,Chrome 尊重Connect 会话 cookie,即客户端 javascript 无法访问 cookie。
A session cookie doesn't need to be read by client side javascript, unless it's by malicious XSS scripts so it's all good.
会话 cookie 不需要由客户端 javascript 读取,除非它是由恶意 XSS 脚本读取的,所以这一切都很好。
If you wanna override it though, try:
如果您想覆盖它,请尝试:
app.use(express.session({
store: sessionStore,
secret: 'BBQ12345AHHH',
cookie: {httpOnly: false},
key: 'cookie.sid' }
))
Source http://www.senchalabs.org/connect/session.html#session
回答by PitaJ
Are you calling up the cookie right? I found this page helpful when i was learning:
你是在调用 cookie 吗?我在学习时发现这个页面很有帮助:
