快速会话不会注销
代码
app.js:
var express = require('express'); var session = require('express-session'); var path = require('path'); var favicon = require('serve-favicon'); var logger = require('morgan'); var cookieParser = require('cookie-parser'); var bodyParser = require('body-parser'); var mongoStore = require('connect-mongo')(session); var mongoose = require('mongoose'); var passport = require('passport'); var config = require('./config'); var routes = require('./routes'); var mongodb = mongoose.connect(config.mongodb); var app = express(); // view engine setup app.set('views', config.root + '/views'); app.set('view engine', 'jade'); app.engine('html', require('ejs').renderFile); app.use(logger('dev')); app.use(bodyParser.json()); app.use(bodyParser.urlencoded({ extended: false })); app.use(cookieParser()); app.use(express.static(config.root + '/public')); app.use(session({ name: 'myCookie', secret: 'tehSecret', resave: true, saveUninitialized: true, unset: 'destroy', store: new mongoStore({ db: mongodb.connection.db, collection: 'sessions' }) })); app.use(passport.initialize()); app.use(passport.session()); app.use('/', routes); app.set('port', config.port); var server = app.listen(app.get('port'), function() { if (config.debug) { debug('Express server listening on port ' + server.address().port); } }); routes.js:
var express = require('express'); var router = express.Router(); var config = require('../config'); var userController = require('../controllers/user'); var authController = require('../controllers/auth'); router.get('/', function(req, res) { res.render('index', { title: config.app.name }); }); router.route('/users') .post(userController.postUsers) .get(authController.isAuthenticated, userController.getUsers); router.get('/signout', userController.signout); module.exports = router;
车型/ user.js的:
var mongoose = require('mongoose'); var bcrypt = require('bcrypt-nodejs'); var UserSchema = new mongoose.Schema({ username: { type: String, unique: true, required: true }, password: { type: String, required: true } }); // Execute before each user.save() call UserSchema.pre('save', function(callback) { var user = this; // Break out if the password hasn't changed if (!user.isModified('password')) return callback(); // Password changed so we need to hash it bcrypt.genSalt(5, function(err, salt) { if (err) return callback(err); bcrypt.hash(user.password, salt, null, function(err, hash) { if (err) return callback(err); user.password = hash; callback(); }); }); }); UserSchema.methods.verifyPassword = function(password, cb) { bcrypt.compare(password, this.password, function(err, isMatch) { if (err) return cb(err); cb(null, isMatch); }); }; // Export the Mongoose model module.exports = mongoose.model('User', UserSchema);
控制器/ user.js的:
var config = require('../config'); var User = require('../models/user'); exports.postUsers = function(req, res) { if (config.debug) console.log("user.postUsers()"); var user = new User({ username: req.body.username, password: req.body.password }); user.save(function(err) { if (err) return res.send(err); if (config.debug) console.log("saved"); res.json({ message: 'New user created!' }); }); }; exports.getUsers = function(req, res) { if (config.debug) console.log("user.getUsers()"); User.find(function(err, users) { if (err) return res.send(err); if (config.debug) console.log("users", users); res.json(users); }); }; exports.signout = function(req, res) { if (config.debug) console.log("user.signout()"); res.clearCookie('myCookie'); req.session.destroy(function(err) { req.logout(); res.redirect('/'); }); };
控制器/ auth.js:
var passport = require('passport'); var BasicStrategy = require('passport-http').BasicStrategy; var config = require('../config'); var User = require('../models/user'); passport.serializeUser(function(user, done) { done(null, user.id); }); passport.deserializeUser(function(id, done) { User.findById(id, function(err, user) { done(err, user); }); }); passport.use(new BasicStrategy( function(username, password, done) { User.findOne({ username: username }, function(err, user) { if (err) { return done(err); } // No user found with that username if (!user) { return done(null, false); } // Make sure the password is correct user.verifyPassword(password, function(err, isMatch) { if (err) { return done(err); } // Password did not match if (!isMatch) { return done(null, false); } // Success return done(null, user); }); }); } )); exports.isAuthenticated = passport.authenticate('basic', { session: false });
问题
/注销路线不会结束当前会话。 在req.session.destroycallback中, req.session是undefined ,但是对/ users的新GET请求就像会话有效一样。
有人可以帮助清除这个问题吗?
解
控制器/ user.js的:
exports.signout = function(req, res) { if (config.debug) console.log("user.signout()"); req.logout(); res.send(401); };
顺便说一句。 不要介意注销后会话仍然在数据库中。 在60秒之后,Mongod会检查并清除这些数据。
在注销API没有使用req.session.destroy()尝试req.logout(); 。 我希望这会起作用。