1. 首頁
  2. 問答
  3. 建立事務不設置set-cookie頭

建立事務不設置set-cookie頭

2017-02-19 16 views
0

我是在假設create_session如果endpoint.ex被配置爲使用cookie存儲,將設置SET-COOKIE響應頭建立事務不設置set-cookie頭

# The session will be stored in the cookie and signed, 
    # this means its contents can be read but not tampered with. 
    # Set :encryption_salt if you would also like to encrypt it. 
    plug Plug.Session, 
    log: :debug, 
    store: :cookie, 
    key: "some_key", 
    signing_salt: "some_salt"

這是我的認證控制器(只是它的一部分)

def callback(%{ assigns: %{ ueberauth_auth: auth } } = conn, params) do 
    params = build_params(auth) 
    user = find_or_create_user params 
    conn = put_session(conn, :current_user, user) 
    IO.inspect conn.resp_headers 
    IO.inspect get_session(conn, :current_user) 
    render conn, "index.html" 
    #Helpers.redirect!(conn, "/") 
    end 

    def build_params(auth) do 
    %{email: auth.info.email, github_token: auth.credentials.token, github_user: auth.info.nickname} 
    end 

    def find_or_create_user(params) do 
    case DBRepo.get_by(User, email: params.email) do 
     nil -> 
      User.changeset(%User{}, params) 
      |> DBRepo.insert 
     results -> 
      results 
    end 
    end

IO.inspect conn.resp_headers

回報

[{"cache-control", "max-age=0, private, must-revalidate"}, {"x-request-id", "vh8l2deodne1k2iloa4c3e4qdpmh857n"}, {"x-frame-options", "SAMEORIGIN"}, {"x-xss-protection", "1; mode=block"}, {"x-content-type-options", "nosniff"}] 

IO.inspect get_session(conn, :current_user)

預期

來源

2017-02-19 Billybonks

+0

凡'create_session'定義?它必須返回一個conn,在這種情況下,您應該將它分配回去('conn = case find_user(...)do ... end'),因爲Elixir結構是不可變的。 – Dogbert

+0

Cookie是否存在於發送給瀏覽器的實際響應中? Plug.Session在實際發送響應之前(使用'register_before_send')設置實際的會話cookie,因此它不會出現在'conn.resp_headers'中,但是如果您發出真正的請求,它應該在那裏。 – Dogbert

+0

好的我想通了,我看不到cookie,因爲它是httpOnly:真的感謝您的幫助。 你想對所有這些信息做出回答,並將其標記爲回答:) – Billybonks

回答

1

你不會看到會話cookie中resp_headers因爲Plug.Session套該cookie just before the response is actually sent, using Plug.Conn.register_before_send返回給用戶。如果您使用任何HTTP客戶端(瀏覽器,curl等)發出請求,您將看到Set-Cookie標題。

defmodule MyApp.PageController do 
    use MyApp.Web, :controller 

    def index(conn, _params) do 
    conn 
    |> put_session(:foo, :bar) 
    |> text("") 
    end 
end 

$ curl -I localhost:4000 
HTTP/1.1 200 OK 
server: Cowboy 
date: Mon, 20 Feb 2017 08:57:36 GMT 
content-length: 0 
set-cookie: _my_app_key=SFMyNTY.g3QAAAABbQAAAANmb29kAANiYXI.F0G6lsgPxsYjq97tonLy1gRkOBUVcfwqKZdozgGRG-c; path=/; HttpOnly 
content-type: text/plain; charset=utf-8 
cache-control: max-age=0, private, must-revalidate 
x-request-id: uoplksup9ndakf5sdr5shpjsjhvu849v 
x-frame-options: SAMEORIGIN 
x-xss-protection: 1; mode=block 
x-content-type-options: nosniff

來源

2017-02-20 08:58:21 Dogbert

+1

,默認情況下phoenix添加了'httpOnly:true'標誌,所以你不會在document.cookies中看到它 – Billybonks

相關問題

 相關問題