node.js - Redirect logged-in users to https in Express? -
I am using a username / password strategy to authenticate users on my website. I have ensured that the user should be logged on to HTTPS, and I have ensured that the session cookie is sent only on HTTPS:
app.use (express.session ( {//. Cookie: {secure: true}})); But now, if someone enters (over HTTPS) and then returns to the website on HTTP, it seems that they are not logged in because their browser cookie Does not send.
I want to redirect logged-in users to HTTPS.
I think I need to issue two cookies: a session description (marked safe: true ), and that only "are you logged in" (Marked secure: incorrect ) If I see another cookie on HTTP, then I can redirect to HTTPS, and a secure cookie will be sent. Presto: The logged-in user is redirected to HTTPS. Question: How can I do this in Express?
a strict-transport-security . app. (Function (rik, riz, next) {if (req.secure ()) {res} This will automatically rewrite the HTTP HTTPS to your browser. .header ('strict-transport-security', 'max-age = 31536000');} next ();});
Comments
Post a Comment