javascript 通过 node-http-proxy 持久化基于 cookie 的会话
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/10291000/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Persisting a cookie based session over node-http-proxy
提问by tomswift
I have a simple Express based Node.js web server that I'm using for development of a JavaScript application. I set up the server to use node-http-proxy to proxy API requests the application makes to a Jetty server that is running on a different domain and port. This setup has been working flawlessly until I started to run into problems with session management.
我有一个简单的基于 Express 的 Node.js Web 服务器,用于开发 JavaScript 应用程序。我将服务器设置为使用 node-http-proxy 来代理应用程序向在不同域和端口上运行的 Jetty 服务器发出的 API 请求。这个设置一直完美无缺,直到我开始遇到会话管理问题。
Upon authentication the application server returns a cookie with an auth token representing the server session. When I run the JS application off of my filesystem (file://) I can see that once client receives the cookie, it is sent in all the subsequent API requests. When I run the JS app on the node server and API calls are proxied through node-http-proxy (RoutingProxy) the request headers never include the cookie.
在身份验证后,应用程序服务器会返回一个带有代表服务器会话的身份验证令牌的 cookie。当我从我的文件系统 (file://) 运行 JS 应用程序时,我可以看到,一旦客户端收到 cookie,它就会在所有后续 API 请求中发送。当我在节点服务器上运行 JS 应用程序并且 API 调用通过 node-http-proxy (RoutingProxy) 代理时,请求标头从不包含 cookie。
Is there something I need to handle manually to support this type of session persistence through the proxy? I've been digging through the node-http-proxy code but it is a little over my head because I am new to Node.
是否需要手动处理以通过代理支持这种类型的会话持久性?我一直在研究 node-http-proxy 代码,但这有点超出我的理解,因为我是 Node.js 的新手。
https://gist.github.com/2475547or:
https://gist.github.com/2475547或:
var express = require('express'),
routingProxy = require('http-proxy').RoutingProxy(),
app = express.createServer();
var apiVersion = 1.0,
apiHost = my.host.com,
apiPort = 8080;
function apiProxy(pattern, host, port) {
return function(req, res, next) {
if (req.url.match(pattern)) {
routingProxy.proxyRequest(req, res, {host: host, port: port});
} else {
next();
}
}
}
app.configure(function () {
// API proxy middleware
app.use(apiProxy(new RegExp('\/' + apiVersion + '\/.*'), apiHost, apiPort));
// Static content middleware
app.use(express.methodOverride());
app.use(express.bodyParser());
app.use(express.static(__dirname));
app.use(express.errorHandler({
dumpExceptions: true,
showStack: true
}));
app.use(app.router);
});
app.listen(3000);
采纳答案by httpete
I did what you are asking by manually looking at the response, seeing if it is a set-cookie, snipping off the JSESSSIONID, storing it in a variable, and passing it on all subsequent requests as a header. This way the reverse proxy acts as a cookie.
我通过手动查看响应,查看它是否是 set-cookie,剪掉 JSESSSIONID,将其存储在变量中,并将其作为标头传递给所有后续请求,从而完成了您的要求。通过这种方式,反向代理充当 cookie。
enter code on('proxyReq', function(proxyReq){ proxyReq.setHeader('cookie', 'sessionid=' + cookieSnippedValue)
回答by Halt
Hi @tomswift does your local server run on http protocol, but the session cookie receive from the remote server carry with Secure;like:
嗨@tomswift 您的本地服务器是否在 http 协议上运行,但是从远程服务器接收的会话 cookie 带有Secure;如下内容:
'set-cookie':
[ 'JSESSIONID=COOKIEWITHSECURE98123; Path=/;HttpOnly;Secure;']
If so, before your local server response to the client, extract set-cookiefrom the original response(response from remote server to local server) header, remove the Secure;and put the rest of it into the proxy response (response from local server to client ) header like:
如果是这样,在您的本地服务器响应客户端之前,set-cookie从原始响应(从远程服务器到本地服务器的响应)标头中提取,删除Secure;并将其余部分放入代理响应(从本地服务器到客户端的响应)标头中:
'set-cookie':
[ 'JSESSIONID=COOKIEWITHSECURE98123; Path=/;HttpOnly;']
then the client will take the session cookie automatically.
然后客户端将自动获取会话 cookie。
Hope it may help.
希望它可以帮助。
回答by kurumkan
I had similar problems that cookies were not passed forward to the client. Solution:
我遇到了类似的问题,即 cookie 没有传递给客户端。解决方案:
- get cookie from proxy response
- set it in proxy request, with slightly modified value
- 从代理响应中获取 cookie
- 在代理请求中设置它,稍微修改值
let cookie;
const webpackConfig = {
proxy: {
'/api': {
...
onProxyReq: (proxyReq) => {
if(cookie) {
proxyReq.setHeader('Cookie', cookie);
}
},
onProxyRes: (proxyRes) => {
const sc = proxyRes.headers['set-cookie'];
const raw = sc.filter(s => s.startsWith('JSESSIONID'));
if(raw.length) {
cookie = raw[0].split(';')[0];
}
}
}
}
}
回答by FUD
Ideally the job of a proxy is to just forward a request to the destination, and should not strip off critical headers like cookies, But if it is, i think you should file a issue against them here https://github.com/nodejitsu/node-http-proxy/issues.
理想情况下,代理的工作是将请求转发到目的地,而不应该剥离像 cookie 这样的关键标头,但如果是这样,我认为您应该在此处针对它们提出问题https://github.com/nodejitsu /node-http-proxy/issues。
Also you said the request headers never include the cookie, Is it possible the client never received it?
您还说请求标头从不包含 cookie,客户端是否可能从未收到过它?
回答by tomswift
I found a way to implement this by forking and modifying node-http-proxy. It serves my current purpose which is a development environment. For any sort of serious consideration it needs to be fleshed out into a more legitimate solution.
我找到了一种通过派生和修改 node-http-proxy 来实现这一点的方法。它符合我目前的目的,即开发环境。对于任何形式的认真考虑,都需要将其充实为更合理的解决方案。
The details can be found in the issue I filed in GitHub: https://github.com/nodejitsu/node-http-proxy/issues/236#issuecomment-5334457
详细信息可以在我在 GitHub 提交的问题中找到:https: //github.com/nodejitsu/node-http-proxy/issues/236#issuecomment-5334457
I would love some input on this solution, especially if I'm going completely in the wrong direction.
我很想对这个解决方案提供一些意见,特别是如果我完全走错了方向。
