npm install --save express-session
var session = require('express-session')
設置session-cookieexpress
const Options = { secret: 'keyboard cat', // 必須,This is the secret used to sign the session ID cookie genid: function(req) { return genuuid(); // use UUIDs for session IDs, 默認使用 uid-safe library 來生成 IDs. }, name: 'session_id', // 設置 session ID cookie 名字, 默認 'connect.sid' proxy: undefined, // Trust the reverse proxy when setting secure cookies (via the "X-Forwarded-Proto" header). resave: false, rolling: '', saveUninitialized: true, store: '', // The session store instance, defaults to a new MemoryStore instance unset: '', // Control the result of unsetting req.session cookie: { domain: 'localhost:3000', expires: null, // 過時時間,通常只設maxAge,不直接設置expires httpOnly: true, // HttpOnly = true 的 cookie 不能被 js 獲取 maxAge: 60 * 60 * 1000, path: '/', // 默認域的根路徑 sameSite: false, // 是否禁用第三方 cookie 的設置,true , false , strict, lax 四種模式 secure: false // 設置了 secure = true 只能由 https 發送 } // cookie default value is { path: '/', httpOnly: true, secure: false, maxAge: null } }; 空出沒填參數的表示不清楚
app.use(cookieParser(Options.secret)); !注意前後關係 app.use(session(Options))