如何保持 cookie 的值

huangapple go评论80阅读模式
英文:

how to keep the value of a cookie

问题

我正在进行用户身份验证的过程中,这是通过一个由JWT保存的cookie完成的。当我发出请求时,客户端可以正常获取到cookie,但是当客户端更新页面或者仅仅按下F5键时,cookie就会被删除。我已经调查了一下,看看是不是发生在本地主机上,或者是我的代码有问题,但是没有找到与我的问题相关的内容。

以下是我的Go代码:

func Login(w http.ResponseWriter, r *http.Request) {
    w.Header().Set("Content-Type", "application/json")

    u := model.User{}
    if err := json.NewDecoder(r.Body).Decode(&u); err != nil {
        http.Error(w, "format incorrect", http.StatusBadRequest)
        return
    }

    user, equals, err := u.AccessControll(u.Email, u.Password)
    if err != nil {
        http.Error(w, err.Error(), http.StatusBadRequest)
        return
    }

    if !equals {
        http.Error(w, "ups", http.StatusBadRequest)
        return
    }

    token, err := jwt.CreateToken(user)
    if err != nil {
        http.Error(w, err.Error(), http.StatusBadRequest)
        return
    }

    cookie := http.Cookie{
        Name:     "token",
        Value:    token,
        Expires:  time.Now().Add(5 * time.Minute),
        HttpOnly: true,
    }

    http.SetCookie(w, &cookie)
}

希望这可以帮助到你。

英文:

I am in the process of user authentication in my application which is done through a cookie that the jwt saves, when I make the request the client obtains the cookie without problems, but when the client updates the page or only f5 the cookie is deleted , I was investigating if it was happening on localhost or there was a problem in my code, but I didn't find anything related to my problem.
This is my code in Go:

func Login(w http.ResponseWriter, r *http.Request) {
	w.Header().Set("Content-Type", "application/json")

	u := model.User{}
	if err := json.NewDecoder(r.Body).Decode(&u); err != nil {
		http.Error(w, "format incorrect", http.StatusBadRequest)
		return
	}

	user, equals, err := u.AccessControll(u.Email, u.Password)
	if err != nil {
		http.Error(w, err.Error(), http.StatusBadRequest)
		return
	}

	if !equals {
		http.Error(w, "ups", http.StatusBadRequest)
		return
	}

	token, err := jwt.CreateToken(user)
	if err != nil {
		http.Error(w, err.Error(), http.StatusBadRequest)
		return
	}

	cookie := http.Cookie{
		Name:     "token",
		Value:    token,
		Expires:  time.Now().Add(5 * time.Minute),
		HttpOnly: true,
	}

	http.SetCookie(w, &cookie)
}

答案1

得分: 5

浏览器将cookie路径默认设置为请求路径。如果cookie路径不是请求路径的前缀,浏览器将不会发送cookie。问题中的cookie仅针对登录处理程序路径及其子路径设置。

将cookie路径设置为"/",以使cookie在所有路径上可用。

这可能与问题无关,但最好设置MaxAge而不是Expires,因为MaxAge不受时钟偏差的影响。

cookie := http.Cookie{
    Name:     "token",
    Value:    token,
    Path:     "/",
    MaxAge:   5 * 60,
    HttpOnly: true,
}
英文:

Browsers default the cookie path to the request path. Browsers do not send a cookie if the cookie path is not a path prefix of the request path. The cookie in the question is only set for requests to the login handler path and paths below that.

Set the cookie path to "/" to make the cookie available on all paths.

This is probably unrelated, but it's better to set MaxAge instead of Expires because MaxAge is unaffected by clock skew.

cookie := http.Cookie{
    Name:     "token",
    Value:    token,
    Path:     "/",
    MaxAge:   5 * 60,
    HttpOnly: true,
}

huangapple
  • 本文由 发表于 2021年6月10日 01:01:10
  • 转载请务必保留本文链接:https://go.coder-hub.com/67908654.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定