Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
728 views
in Technique[技术] by (71.8m points)

node.js - Passport js fails to maintain session in cross-domain

I am using passport JS, express and mongoose to make an API. When I test it in same domain it maintain session and works fine. But in cross domain it fails. Any clue how can i maintain the session in cross domain using the same configuration. Following is the code

 allowCrossDomain = function(req, res, next) {
    res.header("Access-Control-Allow-Origin", "*");
    res.header("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
    res.header("Access-Control-Allow-Headers", req.headers["access-control-request-headers"]);
    // res.header("Access-Control-Allow-Credentials", "true");
    if ("OPTIONS" == req.method) {
        res.send(200);
    } else {
        next();
    }

  //allow all crossDomain request
app.use(allowCrossDomain);

//session handling
app.use(express.cookieParser("gallery"));
app.use(express.session());
app.use(passport.initialize());
app.use(passport.session());

app.use(function(req, res, next) {
    // check if client sent cookie
    var cookie = req.cookies.cokkieName;
    if (cookie === undefined) {
        //set up cookie here by a random number
        });
    }
    next(); // <-- important!
});
passport.use(new LocalStrategy({
    usernameField: "email"
},
function(email, password, done) {
    User.authenticate(email, password, function(err, reply) {
       //authenticate user and call the callback
            return done(err, false);

    });
}));


passport.serializeUser(function(user, done) {
return done(null, user._id);
});


passport.deserializeUser(function(id, done) {
//find user via id and return the user details
return done(null, user._id);
});

   app.post("/login", function(req, res, next) {
    passport.authenticate("local",
        function(err, data, info) {
            //custom callback
            user.getProfile(req, res, next, err, data, info);
        })(req, res, next);
});
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

I was having the same problem. Before configuring anything in express app, use the following(exactly the same) to set header of response for cross-domain :

app.use(function(req, res, next) {
res.header('Access-Control-Allow-Credentials', true);
res.header('Access-Control-Allow-Origin', req.headers.origin);
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
res.header('Access-Control-Allow-Headers', 'X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept');
if ('OPTIONS' == req.method) {
     res.send(200);
 } else {
     next();
 }
});

It works for me. Best of luck!


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...