http-only

郭成尧
Commit a5632bb78e653aeea7d0f6ac956c7167349e7a4c 1 parent 87c2d780
Showing 2 changed files with 4 additions and 7 deletions
apps/passport/models/auth-helper.js
doraemon/middleware/yoho-session.js
--- a/apps/passport/models/auth-helper.js
View file @a5632bb
+++ b/apps/passport/models/auth-helper.js
View file @a5632bb
@@ -147,8 +147,7 @@ class AuthModel extends global.yoho.BaseModel {
             res.cookie('_SESSION_KEY', authcode(sessionKey, '_SESSION_KEY', 2592000000, 'encode'), {
                 domain: 'yohobuy.com',
                 expires: new Date(Date.now() + 2592000000), // 有效期一年
-                 httpOnly: true,
-                 secure: true
+                 httpOnly: true
             });
             userId.sessionKey = sessionKey;
         }
--- a/doraemon/middleware/yoho-session.js
View file @a5632bb
+++ b/doraemon/middleware/yoho-session.js
View file @a5632bb
@@ -29,7 +29,7 @@ function yohoSession(opts) {
             req.session = new memcachedSession.Session(req, req[opts.backSession].sessionBack);
             req.session.cookie = new memcachedSession.Cookie({
                 domain: 'yohobuy.com',
-                 httpOnly: false
+                 httpOnly: true
             });
         }
 
@@ -63,8 +63,7 @@ module.exports = (app) => {
         },
         cookie: {
             domain: 'yohobuy.com',
-             httpOnly: true,
-             secure: true
+             httpOnly: true
         },
         store: new MemcachedStore({
             hosts: config.memcache.session,
@@ -82,8 +81,7 @@ module.exports = (app) => {
         cookie: {
             domain: 'yohobuy.com',
             ephemeral: true,
-             httpOnly: true,
-             secure: true
+             httpOnly: true
         }
     }));