Hapijs - 服务器重新启动时 HttpOnly cookie 消失

Question

当我将 cookie 定义为 HttpOnly 时，该 cookie 在服务器重新启动后从 request.state 消失。这似乎不是 HttpOnly 规范的一部分。在 HapiJS 中有没有办法解决这个问题？

// cookie definition
server.state('my_cookie', {
    ttl: YEAR_IN_MS,
    isSecure: false,
    isHttpOnly: true,
    encoding: 'base64json',
    clearInvalid: false,
    strictHeader: true,
    path: '/'
}

server.ext('onPreResponse', function(request, reply) {
    console.log(request.state.my_cookie) // returns undefined after server restart

    reply.continue()
})

Answer 1

检查以下代码sn -p，服务器重启后cookie仍然存在。

const Hapi = require('hapi');
const server = new Hapi.Server();
server.connection({ port: 8005, host: 'localhost' });

server.start((err) => {
    if (err) {
        throw err;
    }
    console.log(`Server running at: ${server.info.uri}`);
});

server.route({
    method: 'GET',
    path: '/',
    handler: function (request, reply) {
        //Cookie: { "foo": "Bar0.3077739876826606" }
        reply('Cookie: ' + JSON.stringify(request.state.my_cookie, null, '\t'))
    }
});

server.route({
    method: 'GET',
    path: '/set-cookie',
    handler: function (request, reply) {
        return reply('Success').state('my_cookie', { foo: 'Bar' + Math.random() })
    }
});

const YEAR_IN_MS = 86400000 * 365
// cookie definition
server.state('my_cookie', {
    ttl: YEAR_IN_MS,
    isSecure: false,
    isHttpOnly: true,
    encoding: 'base64json',
    clearInvalid: false,
    strictHeader: true,
    path: '/'
})

server.ext('onPreResponse', function(request, reply) {
    console.log(request.state.my_cookie) //{ foo: 'Bar0.3077739876826606' }
    reply.continue()
})