Express 快速会话id未保存在cookie中(graphql)
在这个程序的整个生命周期中,我都无法理解为什么这个cookie没有保存在浏览器中。如果我运行graphql游乐场(位于端口4000上,与服务器相同),会话ID将存储在浏览器中,没有问题。我启用了cors,所以这不应该阻止它。但是,如果我从任何其他url发送登录请求,它将不会将其保存在浏览器中。我尝试了多个浏览器,但都不会保存在其中任何一个浏览器上,我尝试记录会话,以确保我确实保存了它们。有什么想法吗Express 快速会话id未保存在cookie中(graphql),express,session,graphql,session-cookies,Express,Session,Graphql,Session Cookies,在这个程序的整个生命周期中,我都无法理解为什么这个cookie没有保存在浏览器中。如果我运行graphql游乐场(位于端口4000上,与服务器相同),会话ID将存储在浏览器中,没有问题。我启用了cors,所以这不应该阻止它。但是,如果我从任何其他url发送登录请求,它将不会将其保存在浏览器中。我尝试了多个浏览器,但都不会保存在其中任何一个浏览器上,我尝试记录会话,以确保我确实保存了它们。有什么想法吗 const { GraphQLServer } = require('graphql-yoga'
const { GraphQLServer } = require('graphql-yoga');
const session = require('express-session');
const bcrypt = require('bcryptjs');
const ms = require('ms');
const typeDefs = `
type Query {
isLoggedIn: Boolean!
}
type Mutation {
logIn(email: String!, password: String!): Boolean!
signUp(email: String!, password: String!): Boolean!
}
`
// mock mockDBbase
const mockDB = {};
const resolvers = {
Query: {
// is the user authenticated
isLoggedIn: (parent, args, ctx) => {
return ctx.session.isLoggedIn === true;
}
},
Mutation: {
// user can sign up for a new account
signUp: async (parent, { email, password }, ctx) => {
// if user is already in the DB
if (mockDB[email]) {
throw new Error('This user already exists, please log in.');
}
const saltRounds = 14; // roughly 1.5 secs on 2GHZ CPU
// store password in mock DB (replace with real DB)
mockDB[email] = {
// salt and hash pw
password: await bcrypt.hashSync(password, saltRounds),
};
return true;
},
// authenticates user into respective account
logIn: async (parent, { email, password }, ctx) => {
// grab user from DB
const user = mockDB[email];
if (user) {
// make sure pw matches
if (await bcrypt.compareSync(password, user.password)) {
// set user logged in flag
ctx.session.isLoggedIn = true;
return true;
}
throw new Error('User email or password is incorrect.');
}
throw new Error('User email or password is incorrect.');
}
}
}
// opts
const opts = {
port: 4000,
cors: {
credentials: true,
origin: "*"
}
};
// context
const context = req => ({
session: req.request.session,
});
// server
const server = new GraphQLServer({
typeDefs,
resolvers,
context,
});
const SESSION_SECRET = 'my-super-secret-secret';
server.express.set('trust proxy', 1) // trust first proxy
// session middleware
server.express.use(
session({
name: 'SSID',
// change this to randomly generate a secret
secret: SESSION_SECRET,
resave: false,
saveUninitialized: true,
cookie: {
httpOnly: true,
secure: process.env.NODE_ENV === 'production',
sameSite: process.env.NODE_ENV === 'production',
maxAge: ms('1d'),
}
})
);
// start server
server.start(opts, () => console.log(`Server is running on http://localhost:${opts.port}`));
所以,当您登录时,您是指通过graphql登录还是通过express中的会话登录登录?无论哪种方式,您都可以发布您的网络请求和响应吗?我有一个预感,问题是什么。所以我实际上刚刚发现问题是什么。Graphql游乐场还有一个问题有待解决。即使您将凭据设置为随查询一起发送,它也不会随请求一起发送凭据。它仍然可以很好地命中api,但不会设置cookie。