node.js - Redirect logged-in users to https in Express? -


I am using a username / password strategy to authenticate users on my website. I have ensured that the user should be logged on to HTTPS, and I have ensured that the session cookie is sent only on HTTPS:

  app.use (express.session ( {//. Cookie: {secure: true}}));   

But now, if someone enters (over HTTPS) and then returns to the website on HTTP, it seems that they are not logged in because their browser cookie Does not send.

I want to redirect logged-in users to HTTPS.

I think I need to issue two cookies: a session description (marked safe: true ), and that only "are you logged in" (Marked secure: incorrect ) If I see another cookie on HTTP, then I can redirect to HTTPS, and a secure cookie will be sent. Presto: The logged-in user is redirected to HTTPS.

Question: How can I do this in Express?

a strict-transport-security .

  app. (Function (rik, riz, next) {if (req.secure ()) {res} This will automatically rewrite the HTTP HTTPS to your browser. .header ('strict-transport-security', 'max-age = 31536000');} next ();});    

Comments

Popular posts from this blog

excel vba - How to delete Solver(SOLVER.XLAM) code -

jsp - Google line chart x-axis shrinks on transition -

java - Reaching JTextField in a DocumentListener -