【发布时间】:2018-08-10 13:12:29
【问题描述】:
下面是我在 session_store.rb 中的代码
Rails.application.config.session_store :active_record_store , key: '_test_key', secure: :true
当请求具有上述配置的rails应用程序时,浏览器接收到以下响应标头:
Cache-Control:no-cache
Content-Type:text/html; charset=utf-8
Date:Fri, 10 Aug 2018 10:46:51 GMT
Location:https://xxxxx-xxxx.com/home
Server:nginx/1.12.2 + Phusion Passenger 5.2.3
Status:302 Found
Transfer-Encoding:chunked
X-Content-Type-Options:nosniff
X-Frame-Options:SAMEORIGIN
X-Powered-By:Phusion Passenger 5.2.3
X-Request-Id:xxxxxxxxxxxe5-7f1a2bb20b23
X-Runtime:1.191833
X-XSS-Protection:1; mode=block
问题是响应中缺少“Set-Cookie”标头,该标头将在下一个请求中发送到应用程序进行验证,因为它是 302 状态代码。
当我从配置中删除“安全”时,发送“cookie”
Rails.application.config.session_store :active_record_store , key: '_test_key'
响应是:
Cache-Control:no-cache
Content-Type:text/html; charset=utf-8
Date:Fri, 10 Aug 2018 10:38:05 GMT
Location:https://xxxxxx-wspbx.com/home
Server:nginx/1.12.2 + Phusion Passenger 5.2.3
SetCookie-:_test_key=06b1bd1397fa64af1eb9c9ed4d2e0b0b; path=/; HttpOnly
Status:302 Found
Transfer-Encoding:chunked
X-Content-Type-Options:nosniff
X-Frame-Options:SAMEORIGIN
X-Powered-By:Phusion Passenger 5.2.3
X-Request-Id:xxxxxxxxxxxxxxxxx7-58e1baab7dc8
X-Runtime:1.207210
X-XSS-Protection:1; mode=block
当为 session_store 提供“安全”选项时,是什么导致“Set-Cookie”不发送到浏览器?
【问题讨论】:
标签: https passenger ruby-on-rails-4.1