从非 www 重定向到 www 域名后 cookie 丢失答案

【问题标题】：Cookies lost after redirect from non www to www domain name从非 www 重定向到 www 域名后 cookie 丢失
【发布时间】：2021-04-22 02:44:51
【问题描述】：

我的网站是

如果我使用 https://example.com 并使用 google oauth2 登录，在重定向回 https://www.example.com 后，我的 cookie 不会持续存在，它会重新启动，因此我无法登录。如果我使用https://www.example.com 并重定向回相同的https://www.example.com，则可以正常工作。我不确定它是否应该工作正常，因为它都是同一个域，只是没有www。我正在使用 NGINX ssl certbot，目前我的替代计划是在找不到解决方案时使我的重定向 URI 动态化。

map $sent_http_content_type $expires {
   "text/html"                 epoch;
    "text/html; charset=utf-8"  epoch;
    default                     off;
}

map $http_upgrade $connection_upgrade {
  default upgrade;
  ''      close;
}


server {

        gzip            on;
        gzip_types      text/plain application/xml text/css application/javascript;
        gzip_min_length 1000;


        location / {
                proxy_set_header Host               $host;
                proxy_set_header X-Real-IP          $remote_addr;
                proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto  $scheme;
                proxy_set_header X-Auth-Request-Redirect "https://www.example.com";
                proxy_cache_bypass                      $http_upgrade;
                proxy_pass                          http://127.0.0.1:3000;
                proxy_http_version      1.1;
                proxy_buffer_size          128k;
                proxy_buffers              4 256k;
                proxy_busy_buffers_size    256k;
                #proxy_cookie_path / "/; SameSite=lax; HTTPOnly; Secure";
        }

        #location /api {
        #       proxy_pass http://127.0.0.1:3333;
        #       proxy_cookie_path / "/; SameSite=none; HTTPOnly; Secure";
        #}

        location /adonis-ws {

                proxy_pass http://127.0.0.1:3333;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_cache_bypass $http_upgrade;
                proxy_connect_timeout 2592000;
                proxy_send_timeout 2592000;
                proxy_read_timeout 2592000;

        }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}




server {
    if ($host = www.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen 80;
        listen [::]:80;



    server_name example.com www.example.com 123.123.123;
    return 404; # managed by Certbot

}

更新

我的 cookie 不会在 www 和非 www 之间共享。我决定强制将我的网站重定向到 www，因为它在同源域中有效。

【问题讨论】：

标签： node.js nginx cookies

【解决方案1】：

这与 NGINX 无关。这与浏览器处理cookies的方式有关。您应该将 cookie 限定为父域 (example.com) 而不是子域 (www.example.com)

【讨论】：