javascript - set secure cookie in sails.js app - Stack Overflow

admin管理员组

文章数量:1391995

What is the way to configure sails.js to set secure cookies? We are using redis to persist session state. The sails.js prescribed way (rather than some Express middleware option) is desired. Ultimately, I want the "secure" column in the Chrome cookies view to be checked for the app's cookie:

In the docs, there is no explicit mention of how to do this:

!/documentation/reference/sails.config/sails.config.session.html

There is an ssl config option, but deploying the app with ssl: true did not produce the desired result:

module.exports.session = {
  ...
  ssl: true
  ...
}

The ssl option isn't documented either, but I assume it has something to do with signing cookies instead.

edit: in the screen shot, I'm serving from localhost without HTTPS, but this app is being served from a production server using HTTPS and the same behavior is observed

What is the way to configure sails.js to set secure cookies? We are using redis to persist session state. The sails.js prescribed way (rather than some Express middleware option) is desired. Ultimately, I want the "secure" column in the Chrome cookies view to be checked for the app's cookie:

In the docs, there is no explicit mention of how to do this:

http://sailsjs/#!/documentation/reference/sails.config/sails.config.session.html

There is an ssl config option, but deploying the app with ssl: true did not produce the desired result:

module.exports.session = {
  ...
  ssl: true
  ...
}

The ssl option isn't documented either, but I assume it has something to do with signing cookies instead.

edit: in the screen shot, I'm serving from localhost without HTTPS, but this app is being served from a production server using HTTPS and the same behavior is observed

• javascript
• node.js
• cookies
• redis
• sails.js

Share Improve this question Follow edited Apr 8, 2015 at 14:51 kindohm asked Apr 8, 2015 at 14:22 kindohmkindohm 1,5981818 silver badges3939 bronze badges 1

• 1 secure in Chrome means the cookies are limited to a "secure" scope (which usually means HTTPS). If you're serving your website through HTTPS, I think that you can use secure : true in your session configuration; that's how Express's session middleware works, though, not sure about Sails.js. – robertklep Commented Apr 8, 2015 at 14:36

Add a ment  | 

3 Answers 3

Sorted by: Reset to default 6

Sails uses express.session to handle session cookies, therefore you can enable secure cookies by setting cookie: { secure: true } in config/session.js

You need to use HTTPS for express to set the cookie

it requires an https-enabled website, i.e., HTTPS is necessary for secure cookies. If secure is set, and you access your site over HTTP, the cookie will not be set.

If you are behind a proxy that does SSL termination on behalf of your web server enable express trust proxy option by adding the following middleware in config/http.js

    module.exports.http = {
      customMiddleware: function(app) {
        app.enable('trust proxy');
      }
    }; 

It appears that there is not a way to do this currently. If you look at the sails.js session implementation here (https://github./balderdashy/sails/blob/98522d0bc5df5e6bc30b4dc35708ae71cf4625e2/lib/hooks/session/index.js) you'll see that there is, in fact, no secure-mode stuff whatsoever :(

Since sails is using their own session store implementation, and not piggybacking off of node-client-sessions or express-sessions, the only way to solve this (I think) would be to submit a PR to the sails people.

Sorry!

You can set signed cookies like so

Adding a signed cookie named "chocolatechip" with value "Yummy:

res.cookie('chocolatechip', 'Yummy', {signed:true});

Retrieving the cookie:

req.signedCookies.chocolatechip; //"Yummy"

check out the sails Documentation

本文标签： javascriptset secure cookie in sailsjs appStack Overflow