Skip to content

Commit

Permalink
docs(cookie): how to get frontend cookie (#2542)
Browse files Browse the repository at this point in the history
  • Loading branch information
dead-horse authored May 11, 2018
1 parent 9fea64e commit 0723cd2
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 0 deletions.
8 changes: 8 additions & 0 deletions docs/source/en/core/cookie-and-session.md
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,14 @@ the corresponding options also need to be used in `get` method.
- If `signed` is true when `set` Cookie but false when `get` Cookie, egg.js doesn't verify Cookie value, so the value could have been modified by client.
- If `encrypt` is true when `set` Cookie but false when `get` Cookie, what you get is encrypted text rather than the raw plain text.

If you want to get the cookie set by frontend or other system, you need to specify the parameter `signed` as `false`, avoid varify the cookie and not getting the vlaue.

```js
ctx.cookies.get('frontend-cookie', {
signed: false,
});
```

### Cookie Secret Key

Since we need to sign and encrypt Cookie, a secret key is required.
Expand Down
8 changes: 8 additions & 0 deletions docs/source/zh-cn/core/cookie-and-session.md
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,14 @@ ctx.cookies.set(key, value, {
- 如果设置的时候指定为 signed,获取时未指定,则不会在获取时对取到的值做验签,导致可能被客户端篡改。
- 如果设置的时候指定为 encrypt,获取时未指定,则无法获取到真实的值,而是加密过后的密文。

如果要获取前端或者其他系统设置的 cookie,需要指定参数 `signed``false`,避免对它做验签导致获取不到 cookie 的值。

```js
ctx.cookies.get('frontend-cookie', {
signed: false,
});
```

### Cookie 秘钥

由于我们在 Cookie 中需要用到加解密和验签,所以需要配置一个秘钥供加密使用。在 `config/config.default.js`
Expand Down

0 comments on commit 0723cd2

Please sign in to comment.