JavaScript 重复 Cookie

我正在为 Node.js 应用程序使用 Hapi 框架,而 Hapi 框架带有自己的 Cookie 管理工具,我将其用于身份验证.

I'm using the Hapi framework for a Node.js application, and the Hapi framework comes with its own Cookie management tools, which i'm using for authentication.

然后框架设置一个名为 session 的 cookie,其 json 值编码为 base64.域设置为 example.com(不是 .example.com)

The framework then sets a cookie named session, with a json value encoded to base64. The domain is set to example.com (not .example.com)

现在,问题出在我尝试通过执行以下操作来编辑此 cookie 客户端时

Now, the problem lies when i attempt to edit this cookie client-side, by doing the following

document.cookie = 'session=' + btoa(JSON.stringify(_decoded)) + "; path=/; domain=example.com";

这实际上设置了一个域 '.example.com' 的重复 cookie

This actually sets a duplicate cookie with the domain '.example.com'

我没有要求 Javascript 将点放在前面,我似乎无法摆脱它.

I haven't asked Javascript to prepend the dot, and i cant seem to get rid of it.

我假设是因为这个点,cookie 被复制了.如何在不自动添加点的情况下设置域?

I'm assuming that it is because of this dot, that the cookie is being duplicated. How do i set the domain without it automatically prepending a dot?

编辑

我已经放弃尝试删除前导点,而是尝试删除旧 cookie,然后创建一个新 cookie.但是我仍然会得到重复的 cookie!

I've given up on trying to remove the leading dot, and instead am trying to delete the old cookie and then create a new one. However i still end up with duplicate cookies!

  1. 导航到/login 并输入登录详细信息
  2. 重定向到/account 和服务器设置的 cookie(没有前导点)
  3. 执行 Javascript 删除并重新创建 cookie
  4. 现在存在 1 个 cookie,它在域前有一个前导点

上面的行为是好的,但是下面的行为也会发生,这是不好的

The above behaviour is good, however the following also happens, which is bad

  1. 导航到/login 并输入登录详细信息
  2. 重定向到/account 和服务器设置的 cookie(没有前导点)
  3. 导航到/example
  4. 执行 Javascript 删除并重新创建 cookie
  5. 现在有 2 个 cookie,一个带有前导点(由 JS 创建),一个没有(由服务器创建)

我使用的代码是

API.Session = {
    Encoded : function () { return document.cookie.replace(/(?:(?:^|.*;s*)sessions*=s*([^;]*).*$)|^.*$/, "$1")},
    Decoded : function () { return JSON.parse(atob(this.Encoded()))},
    Update : function (_decoded) { 
        document.cookie = 'session=; expires=Thu, 01 Jan 1970 00:00:01 GMT;';
        document.cookie = 'session=' + btoa(JSON.stringify(_decoded)) + "; path=/; domain=example.com;";      
    }
}

API.Helpers.ShowAdvancedOptions = function () {
    var s = API.Session.Decoded()
    s.ShowAdvancedOptions = true
    API.Session.Update(s)
}

推荐答案

对于任何有类似问题的人,最终通过完全删除域属性来解决这个问题.请参阅其他相关问题

For anyone with a similar issue, this was eventually solved by dropping the domain property altogether. See other related question

相关文章