Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.1k views
in Technique[技术] by (71.8m points)

egg如何配session的samesite选项?

文档中指名了egg-session引用了koa-session并且

Support all configurations in koa-session.

于是我按照koa-session配了samesite:

session: {
      key: 'DSESSIONID',
      maxAge: 2 * 3600 * 1000, // 2 小时
      httpOnly: true,
      encrypt: false,
      renew: true,
      sameSite: 'none',
    },

结果发出的cookie还是没有samesite配置:
image

感叹里的提示信息:samesite跨域了

补充:
当设置samesite为none时候 必须把secure设为true
参见:https://www.ruanyifeng.com/bl...

但是又引出新的问题:
没有https支持的网站如何绕过samesite的限制

求大神指导


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

这个好像是chrome浏览器的默认设置问题,看看这个-->参考链接是否能解决你的问题。


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...