我试图将 jwt 令牌作为 Cookie 存储在浏览器中,但它没有将其存储在浏览器中,但在邮递员中它工作正常,在浏览器中我在响应标头中得到 Set-Cookie=value 甚至尝试使用第一次存储的 js-cookie 之类的库进行存储,但是当我再次尝试时,它没有存储它
这是我用来存储它的登录功能
export const userLogin = async (request, response, next) => {
const { email, password } = request.body;
try {
const isUserAvailable = await UserModel.findOne({ email });
if (!isUserAvailable) {
return response.status(NOT_ACCEPTABLE).json({ error: true, statusCode: NOT_ACCEPTABLE, message: `User Not Found !` })
}
const isPasswordCorrect = await isPasswordValid(password, isUserAvailable.password);
if (isPasswordCorrect) {
const expiryDate = new Date();
expiryDate.setDate(expiryDate.getDate() + 1);
const accessToken = await generateToken(isUserAvailable._id, isUserAvailable.username);
console.log("access controller", accessToken)
response.cookie('access_token', accessToken, {
httpOnly: true, path: "/",
}).status(OK)
.json({
error: false, statusCode: OK, message: `Login Successful`, accessToken, data: {
uid: isUserAvailable._id, fullName: isUserAvailable.fullName, username: isUserAvailable.username, email: isUserAvailable.email,
avatar: isUserAvailable.avatar, mobile: isUserAvailable.mobile
}
})
} else {
response.status(FORBIDDEN).json({ error: true, statusCode: FORBIDDEN, message: `Invalid Password` })
}
} catch (error) {
next(error)
}
}
in the below function I am trying to retrieve it
import Jwt from "jsonwebtoken";
export const userAuthByToken = (request, response, next) => {
try {
const token = request.cookies.access_token;
console.log("token auth", request.cookies_access_token)
if (!token) {
return response.status(401).json({ error: true, message: 'User is Un-Authorized' });
}
Jwt.verify(token.accessToken, process.env.JWT_SECRET_KEY, (error, user) => {
if (error) return response.status(401).json({ error: true, message: "Forbidden" });
request.user = user;
next()
})
} catch (error) {
console.log(error)
}
}
但它不起作用,当我 console.log 时,我得到空对象
我的问题得到了答案 我已经改变了回复,如下所示
response.cookie('access_token', token, {
httpOnly: true,
domain: "localhost",
origin: "http://localhost:1234",
path: "/api/estates",
sameSite: "None",
expires: expiryDate,
secure: true,
}).status(OK)
.json({
error: false, statusCode: OK, message: `Login Successful`, access_token: token, data: {
uid: isUserAvailable._id, fullName: isUserAvailable.fullName, username: isUserAvailable.username, email: isUserAvailable.email,
avatar: isUserAvailable.avatar, mobile: isUserAvailable.mobile
}
})
我已经提供了路径、域、来源和安全标志,现在令牌已存储在浏览器的 Cookie 部分中