I've got an Angular application with a Node/Express backend. I just tested it in Internet Explorer (11) and noticed a strange bug with the authentication.
我有一个带有Node / Express后端的Angular应用程序。我刚刚在Internet Explorer(11)中对它进行了测试,发现了一个奇怪的身份验证错误。
At some point I update the authentication details, which are stored in a Json Web Token in a cookie. On chrome, I simply set a new cookie with the same name, and it works fine. However, with IE I found it didn't use the new cookie, and found it had actually stored two:
在某些时候,我更新了身份验证详细信息,这些详细信息存储在cookie中的Json Web Token中。在chrome上,我只是设置一个具有相同名称的新cookie,它工作正常。然而,使用IE我发现它没有使用新的cookie,并发现它实际存储了两个:
Both have the same name. They're both provided by the same code, on the same domain (though we do have a second subdomain hosted, it's nothing to do with this site).
两者都有相同的名称。它们都是由相同的代码在同一个域上提供的(虽然我们确实托管了第二个子域,但它与此站点无关)。
Setting the cookie is simply:
设置cookie只是:
response.cookie('jwt', token, { maxAge: 60 * 60 * 48 * 1000, httpOnly: true });
using cookie-parser.
使用cookie解析器。
All the other questions seem to suggest this is issues with sub-domains. But I can't see how to specify/set it?
所有其他问题似乎表明这是子域的问题。但我看不出如何指定/设置它?
It works fine hosted locally in development, but when deployed in production shows this problem.
它在开发中本地托管工作正常,但在生产中部署时显示此问题。
1 个解决方案
#1
0
I solved this by explicitely setting the domain of the cookie when set, rather than leaving it blank.
我通过在设置时明确设置cookie的域来解决这个问题,而不是将其留空。
However, since Internet Explorer seemed to completely ignore cookies on localhost, I had to set add the line:
但是,由于Internet Explorer似乎完全忽略了localhost上的cookie,我不得不设置添加行:
127.0.0.1 mydevdomain.com
to the windows host file at C:\Windows\System32\Drivers\etc\hosts.
到C:\ Windows \ System32 \ Drivers \ etc \ hosts中的Windows主机文件。
I could then set cookies with the option: domain: 'mydevdomain.com' and it behaved as expected in development and when in production (updating the domain to the production domain).
然后我可以使用以下选项设置cookie:domain:'mydevdomain.com',它在开发和生产时表现如预期(将域更新到生产域)。
#1
0
I solved this by explicitely setting the domain of the cookie when set, rather than leaving it blank.
我通过在设置时明确设置cookie的域来解决这个问题,而不是将其留空。
However, since Internet Explorer seemed to completely ignore cookies on localhost, I had to set add the line:
但是,由于Internet Explorer似乎完全忽略了localhost上的cookie,我不得不设置添加行:
127.0.0.1 mydevdomain.com
to the windows host file at C:\Windows\System32\Drivers\etc\hosts.
到C:\ Windows \ System32 \ Drivers \ etc \ hosts中的Windows主机文件。
I could then set cookies with the option: domain: 'mydevdomain.com' and it behaved as expected in development and when in production (updating the domain to the production domain).
然后我可以使用以下选项设置cookie:domain:'mydevdomain.com',它在开发和生产时表现如预期(将域更新到生产域)。