英文:
how to keep the value of a cookie
问题
我正在进行用户身份验证的过程中,这是通过一个由JWT保存的cookie完成的。当我发出请求时,客户端可以正常获取到cookie,但是当客户端更新页面或者仅仅按下F5键时,cookie就会被删除。我已经调查了一下,看看是不是发生在本地主机上,或者是我的代码有问题,但是没有找到与我的问题相关的内容。
以下是我的Go代码:
func Login(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
u := model.User{}
if err := json.NewDecoder(r.Body).Decode(&u); err != nil {
http.Error(w, "format incorrect", http.StatusBadRequest)
return
}
user, equals, err := u.AccessControll(u.Email, u.Password)
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
if !equals {
http.Error(w, "ups", http.StatusBadRequest)
return
}
token, err := jwt.CreateToken(user)
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
cookie := http.Cookie{
Name: "token",
Value: token,
Expires: time.Now().Add(5 * time.Minute),
HttpOnly: true,
}
http.SetCookie(w, &cookie)
}
希望这可以帮助到你。
英文:
I am in the process of user authentication in my application which is done through a cookie that the jwt saves, when I make the request the client obtains the cookie without problems, but when the client updates the page or only f5 the cookie is deleted , I was investigating if it was happening on localhost or there was a problem in my code, but I didn't find anything related to my problem.
This is my code in Go:
func Login(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
u := model.User{}
if err := json.NewDecoder(r.Body).Decode(&u); err != nil {
http.Error(w, "format incorrect", http.StatusBadRequest)
return
}
user, equals, err := u.AccessControll(u.Email, u.Password)
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
if !equals {
http.Error(w, "ups", http.StatusBadRequest)
return
}
token, err := jwt.CreateToken(user)
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
cookie := http.Cookie{
Name: "token",
Value: token,
Expires: time.Now().Add(5 * time.Minute),
HttpOnly: true,
}
http.SetCookie(w, &cookie)
}
答案1
得分: 5
浏览器将cookie路径默认设置为请求路径。如果cookie路径不是请求路径的前缀,浏览器将不会发送cookie。问题中的cookie仅针对登录处理程序路径及其子路径设置。
将cookie路径设置为"/",以使cookie在所有路径上可用。
这可能与问题无关,但最好设置MaxAge而不是Expires,因为MaxAge不受时钟偏差的影响。
cookie := http.Cookie{
Name: "token",
Value: token,
Path: "/",
MaxAge: 5 * 60,
HttpOnly: true,
}
英文:
Browsers default the cookie path to the request path. Browsers do not send a cookie if the cookie path is not a path prefix of the request path. The cookie in the question is only set for requests to the login handler path and paths below that.
Set the cookie path to "/" to make the cookie available on all paths.
This is probably unrelated, but it's better to set MaxAge instead of Expires because MaxAge is unaffected by clock skew.
cookie := http.Cookie{
Name: "token",
Value: token,
Path: "/",
MaxAge: 5 * 60,
HttpOnly: true,
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论