Express4后的CSRF令牌问题已经过去了
这是我用conf来configurationexpress的。
app.use(cookieParser(config.sessionSecret)); var sessionTimeout = Number(sessionTimeoutValue) * 1000; // convert to miliseconds var sess = { secret : config.sessionSecret, store : sessionStore, //redis-sentinel rolling : true, saveUninitialized : true, resave : true, cookie : { maxAge : sessionTimeout } }; app.set('trust proxy', 1); // trust first proxy var expressSession = session(sess); app.use(function(req, res, next) { if(req.headers.afvapi) { // for api calls that do not require web session to be created // see : http://stackoverflow.com/questions/21264911/prevent-expressjs-from-creating-a-session-when-requests-contain-an-authorization return next(); } expressSession(req, res, next); }); app.use(csrf()); app.use(function(req, res, next) { res.cookie('XSRF-TOKEN', req.csrfToken()); var sess = req.session; if(sess) { req.session.cookie.expires = false; } next(); }); 与上面的conf,我的应用程序运行了一天,但经过一些随机时间,我开始得到以下错误
Error: invalid csrf token at verifytoken (/tools/prod/generic_i386_linux-20140217T1439/lib/node_modules/afv/node_modules/csurf/index.js:211:13) at Layer.csrf [as handle] (/tools/prod/generic_i386_linux-20140217T1439/lib/node_modules/afv/node_modules/csurf/index.js:86:5) at trim_prefix (/tools/prod/generic_i386_linux-20140217T1439/lib/node_modules/express/lib/router/index.js:254:17) at /tools/prod/generic_i386_linux-20140217T1439/lib/node_modules/express/lib/router/index.js:216:9 at Function.proto.process_params (/tools/prod/generic_i386_linux-20140217T1439/lib/node_modules/express/lib/router/index.js:286:12) at next (/tools/prod/generic_i386_linux-20140217T1439/lib/node_modules/express/lib/router/index.js:207:19) at session (/tools/prod/generic_i386_linux-20140217T1439/lib/node_modules/express-session/index.js:258:7) at Layer.handle (/home/ec2-user/afvconsole/server/config/express.js:112:16) at trim_prefix (/tools/prod/generic_i386_linux-20140217T1439/lib/node_modules/express/lib/router/index.js:254:17) at /tools/prod/generic_i386_linux-20140217T1439/lib/node_modules/express/lib/router/index.js:216:9
我的configuration有问题吗?