DWQA QuestionsCategory: ProgramCookie and session in cross domain access
kuangcaibao asked 9 months ago
// client.js
import React, { Component } from "react"
import fetch from "isomorphic-fetch"

class App extends Component {

    constructor(props) {
        this.handleLogin = this.handleLogin.bind(this)
        this.handleLogout = this.handleLogout.bind(this)

    handleLogin() {

        fetch(`http:\/\/localhost:8888/user/login`, {
            method: "POST",
            body: { "username": "username", "password": "123456" },
            mode: "no-cors"
        .then( response => response.json() )
        .then( json => console.log(json) )
        .catch( err => console.log(err) )

    handleLogout() {

        fetch(`http:\/\/localhost:8888/user/logout`, {
            method: "POST",
            mode: "no-cors"
        .then( response => response.json() )
        .then( json => console.log(json) )
        .catch( err => console.log(err) )


    render() {

        return <div>
            <button onClick={this.handleLogin}>Login</button>

            <button onClick={this.handleLogout}>Logout</button>


export default App

var express = require("express")
var session = require("express-session")
var redisStore = require("connect-redis")(session)

var app = express()

var user = require("./routers/user")

// app.use(cookieParser())

    secret: "tdx",
    name: "app",
    store: new redisStore({
        host: "",
        port: "6379"
    // cookie: { maxAge: 80000 }

app.use("/user", user)

app.listen("8888", function() {
    console.log("server start at: localhost:8888")

// routers/user.js
var express = require("express")
var router = express.Router()

router.use(function timeLog(req, res, next) {
    console.log("Time: ", Date.now())

// router.use("/", function(req,res) {
//     res.send("user home page")
// })

router.use("/login", function(req, res) {
    res.send("user login page")

router.use("/logout", function(req, res) {
    res.send("user logout page")

module.exports = router

Here, when we put client.js When you visit the server, you will return a different session every time. The feedback of online query is that when you cross domain, the session and cookie are lost, so when the server detects that there is no session, it will generate a new one
My goal is that if my application is divided into local and web end, it will not be able to store user information through session. Is there a solution now

  1. Is there any problem with this kind of local and web common server-side processing logic
  2. The fetch method in isomorphic fetch is better than Ajax in cross domain data acquisition. How to solve the problem of cookie and session loss

That’s all for now. I’m looking forward to answering @ cam

1 Answers
You Ming answered 9 months ago

This relatively mature method is solved by SSO single sign on, because cross domain control is controlled by the browser, so different domain names can’t share cookies, which leads to no sharing session. The solution of SSO is to generate an independent identity cookie under different domain names through single sign on, and then share an identity on the server. Sina, for example, is just like this weibo.com And sina.com.cn Shared identity.

kuangcaibao replied 9 months ago

thank you