问题描述

我在 node.js 中有一个项目，我想为标题响应设置 HttpOnly标志:true .

Hi I have a project in node.js and I want to set the HttpOnly flag: true for header response.

我已经在 app.js 中编写了以下代码，但对响应标头无效.

I have written the following code in app.js but it make no effect in response header .

app.use(session({
 secret: "notagoodsecretnoreallydontusethisone",
 resave: false,
 saveUninitialized: true,
 cookie: {httpOnly: true, secure: true}
}));

因此，最欢迎在 express.js 中设置 HttpOnly标志的任何建议.

So any suggestion for setting HttpOnly Flag in express.js is most welcome.

推荐答案

我认为您可以尝试一下！

I think you could try this!

app.use(session({
   cookieName: 'sessionName',
   secret: "notagoodsecretnoreallydontusethisone",
   resave: false,
   saveUninitialized: true,
   httpOnly: true,  // dont let browser javascript access cookie ever
   secure: true, // only use cookie over https
   ephemeral: true // delete this cookie while browser close
}));

这篇关于如何在Node.js和Express.js应用程序中设置HttpOnly标志?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！