DWQA QuestionsCategory: ProgramHow to maintain a session across domains?
Jax2000 asked 1 month ago

The express session is used in the express project. There are two different services at the front and back ends of the development stage. Therefore, in the previous paragraph, the proxy method is used to request the server. It is found that such a session cannot be saved. What is the reason and how to solve it?

app.use(session({
  secret: 'xxx',
  resave: true,
  saveUninitialized: false,
  maxAge: 1000 * 3600
}));

My front-end uses an angular scaffold. During development, I started a service as localhost: 3000, and then the server address is localhost: 1994. Is this a different domain?
Because the back-end uses session, and the key step of session is to set a cookie on the browser. It seems that in the case of cross domain, the cookie is not set after login, and there is a cookie on the response
图片描述
Should I solve this problem from the front end or from the server?,Session is an upgraded version of the cookie. It uses the cookie as the ID and then stores the data on the server.
However, cross domain is two different websites for cookies. So it’s not a problem that can be solved by setting something.
Different ports are different domains.
So you can set up an nginx or something to do forwarding to avoid cross domain.
You can get an nginx, set 8080, and then the app points to 3000 and the API points to 1994.
Or use token instead of session to make API requests.,If you use Axios in Ajax, you can try setting the Axios configuration parameter withcredentials: true. Because Axios does not carry cookies for cross domain requests by default,Save the session in a third party, such as redis, for referenceThis project,If the server is written by itself, why not set it on the server to allow cross domain access?
header(“Access-Control-Allow-Credentials: true”);
header(‘Access-Control-Allow-Origin:*’);
Credentials is set to transfer cookies.

Buer bingbin replied 1 month ago

Is the session unable to save? Or is the client not saved to the session_ Can’t get session because of ID?

Buer bingbin replied 1 month ago

Well, it’s the latter one. The client is not saved to the session_ id

Buer bingbin replied 1 month ago

You talked about the front and back end in detail, but you didn’t find out what it meant. For example, whether your back-end server is open to the public network, and if you open the front-end and back-end domain names.

4 Answers
wusisu answered 1 month ago

Session is an upgraded version of the cookie. It uses the cookie as the ID and then stores the data on the server.
However, cross domain is two different websites for cookies. So it’s not a problem that can be solved by setting something.
Different ports are different domains.
So you can set up an nginx or something to do forwarding to avoid cross domain.
You can get an nginx, set 8080, and then the app points to 3000 and the API points to 1994.
Or use token instead of session to make API requests.

zhqi answered 1 month ago

If you use Axios in Ajax, you can try setting the Axios configuration parameter withcredentials: true. Because Axios does not carry cookies for cross domain requests by default

manong answered 1 month ago

Save the session in a third party, such as redis, for referenceThis project

samcello answered 1 month ago

If the server is written by itself, why not set it on the server to allow cross domain access?
header(“Access-Control-Allow-Credentials: true”);
header(‘Access-Control-Allow-Origin:*’);
Credentials is set to transfer cookies.

Lin Shuirong replied 1 month ago

In this way, the back-end receives the cookie, but cannot set the cookie to the front-end. As the subject said (I also encountered it), after the back-end set cookie, F12 sees that there is a set cookie field in the response header. However, there is no set cookie in the application cookie of F12 (click the small lock in the upper left corner of chrome to view the cookie information of the current page. There is no cookie here.)

Lin Shuirong replied 1 month ago

Look at the document.cookie in the console. It’s not there either