cookie-httponly-secure

郭成尧
Commit 3167b82b7334e7d584c8fa7ef3bfd5465d09d802 1 parent f666bee9
Showing 2 changed files with 8 additions and 3 deletions
apps/passport/models/auth-helper.js
doraemon/middleware/yoho-session.js
--- a/apps/passport/models/auth-helper.js
View file @3167b82
+++ b/apps/passport/models/auth-helper.js
View file @3167b82
@@ -146,7 +146,9 @@ class AuthModel extends global.yoho.BaseModel {
             req.session.SESSION_KEY = sessionKey;
             res.cookie('_SESSION_KEY', authcode(sessionKey, '_SESSION_KEY', 2592000000, 'encode'), {
                 domain: 'yohobuy.com',
-                 expires: new Date(Date.now() + 2592000000) // 有效期一年
+                 expires: new Date(Date.now() + 2592000000), // 有效期一年
+                 httpOnly: true,
+                 secure: true
             });
             userId.sessionKey = sessionKey;
         }
--- a/doraemon/middleware/yoho-session.js
View file @3167b82
+++ b/doraemon/middleware/yoho-session.js
View file @3167b82
@@ -63,7 +63,8 @@ module.exports = (app) => {
         },
         cookie: {
             domain: 'yohobuy.com',
-             httpOnly: false
+             httpOnly: true,
+             secure: true
         },
         store: new MemcachedStore({
             hosts: config.memcache.session,
@@ -80,7 +81,9 @@ module.exports = (app) => {
         secret: '82dd7e724f2c6870472c89dfa43cf48d',
         cookie: {
             domain: 'yohobuy.com',
-             ephemeral: true
+             ephemeral: true,
+             httpOnly: true,
+             secure: true
         }
     }));