问题描述
我正在为 Node.js 应用程序使用 Hapi 框架,而 Hapi 框架带有自己的 Cookie 管理工具,我将其用于身份验证.
I'm using the Hapi framework for a Node.js application, and the Hapi framework comes with its own Cookie management tools, which i'm using for authentication.
然后框架设置一个名为 session 的 cookie,其 json 值编码为 base64.域设置为 example.com(不是 .example.com)
The framework then sets a cookie named session, with a json value encoded to base64. The domain is set to example.com (not .example.com)
现在,问题出在我尝试通过执行以下操作来编辑此 cookie 客户端时
Now, the problem lies when i attempt to edit this cookie client-side, by doing the following
document.cookie = 'session=' + btoa(JSON.stringify(_decoded)) + "; path=/; domain=example.com";
这实际上设置了一个域 '.example.com' 的重复 cookie
This actually sets a duplicate cookie with the domain '.example.com'
我没有要求 Javascript 将点放在前面,我似乎无法摆脱它.
I haven't asked Javascript to prepend the dot, and i cant seem to get rid of it.
我假设是因为这个点,cookie 被复制了.如何在不自动添加点的情况下设置域?
I'm assuming that it is because of this dot, that the cookie is being duplicated. How do i set the domain without it automatically prepending a dot?
编辑
我已经放弃尝试删除前导点,而是尝试删除旧 cookie,然后创建一个新 cookie.但是我仍然会得到重复的 cookie!
I've given up on trying to remove the leading dot, and instead am trying to delete the old cookie and then create a new one. However i still end up with duplicate cookies!
- 导航到/login 并输入登录详细信息
- 重定向到/account 和服务器设置的 cookie(没有前导点)
- 执行 Javascript 删除并重新创建 cookie
- 现在存在 1 个 cookie,它在域前有一个前导点
上面的行为是好的,但是下面的行为也会发生,这是不好的
The above behaviour is good, however the following also happens, which is bad
- 导航到/login 并输入登录详细信息
- 重定向到/account 和服务器设置的 cookie(没有前导点)
- 导航到/example
- 执行 Javascript 删除并重新创建 cookie
- 现在有 2 个 cookie,一个带有前导点(由 JS 创建),一个没有(由服务器创建)
我使用的代码是
API.Session = {
Encoded : function () { return document.cookie.replace(/(?:(?:^|.*;s*)sessions*=s*([^;]*).*$)|^.*$/, "$1")},
Decoded : function () { return JSON.parse(atob(this.Encoded()))},
Update : function (_decoded) {
document.cookie = 'session=; expires=Thu, 01 Jan 1970 00:00:01 GMT;';
document.cookie = 'session=' + btoa(JSON.stringify(_decoded)) + "; path=/; domain=example.com;";
}
}
API.Helpers.ShowAdvancedOptions = function () {
var s = API.Session.Decoded()
s.ShowAdvancedOptions = true
API.Session.Update(s)
}
推荐答案
对于任何有类似问题的人,最终通过完全删除域属性来解决这个问题.请参阅其他相关问题
For anyone with a similar issue, this was eventually solved by dropping the domain property altogether. See other related question
这篇关于JavaScript 重复 Cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!