我缺less关于快速会话和cookie的信息?
express和express-session和express-sql-session已经相当的了。 我已经得到它在用户login时在会话的数据库中创build一行。这是我如何设置它:
//login route handler this.bcrypt.compare(password, row.hashed, function(err, passwordsMatch) { if (passwordsMatch === true) { console.log("user now logged in"); req.session.user = row; req.session.success = 'User successfully logged in'; res.send(row); res.end(); } }); Hunky dory! 我可以跳进我的会话表,并从数据库中获取行。 这里是:
{"cookie":{"originalMaxAge":600000,"expires":"2015-08-24T23:16:20.079Z","httpOnly":false,"path":"/"}, "user":{"userID":24,"userName":"g","email":"g","joinDate":"2015-08-24T07:15:33.000Z"},"success":"User successfully logged in"}
请注意,您可以看到自定义使用对象已设置。 但是,在下一个获取某些数据的请求中,我检查会话上的user对象:
// some other route called after login. if (!req.session.user) { console.log('user not authorized' + JSON.stringify(req.session)); res.send('not authorized'); return; }
但logging(显然)是空的会话。
user not authorized{"cookie":{"originalMaxAge":600000,"expires":"2015-08-24T23:27:13.455Z","httpOnly":false,"path":"/"}}
进入浏览器,我也看到资源面板中没有设置cookie。 不应该使用快递4和会话自动生成吗? 该文档说,你不需要ExpressCookie()与快递4了。 如何在随后的请求中获得正确的会话?
另外,如果我再次login,它只会在会话表中创build一个重复的行。 如何在响应中正确设置一个cookie,以便为下一个请求做这个工作?
这是我的会话configuration,如果有帮助:
// at the beginning of my node server import express = require('express'); import bodyParser = require('body-parser'); import Q = require('q'); import mysql = require('mysql'); var app = express(); import bcrypt = require('bcrypt'); import userModule = require('./userModule') var UserRepository = new userModule.UserNamespace.UserRepository(connectToMySQL, bcrypt, Q ); import session = require('express-session'); var SessionStore = require('express-sql-session')(session); app.use(function (req, res, next) { res.header("Access-Control-Allow-Origin", "*"); res.header('Access-Control-Allow-Credentials', 'true'); res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept"); next(); }); app.use(bodyParser.urlencoded({ extended: false })) app.use(bodyParser.json()) var storeOptions = { client: 'mysql', connection: { host:SQLHOST, port:SQLPORT, user:SQLUSER, password: SQLPASS, database: SQLDB }, table: SESSION_TABLE, expires: 365 * 24 * 60 * 60 * 1000 }; var sessionStore = new SessionStore( storeOptions ); app.use(session({ secret: 'meeogog', resave: false, saveUninitialized: false, cookie: { maxAge: 600000,httpOnly: false }, store: sessionStore })); ... app.post('/users/login/', function (req, res) { UserRepository.loginHashed(req, res); }); ..and then more routes, and so forth
在我收到这个通知之后,我发现它是使用本地主机的组合,而不是在xhr请求上设置凭证。 本地主机是绊倒了我,你必须使用完全合格的127.0.0.1,并添加到头痛,http文件服务于不同的端口,所以不得不改变通配符来反映。
所以…
//where the server runs on 127.0.0.1:3000 but the http runs from :9000 app.use(session({ name:'some_session', secret: 'lalala', resave: true, saveUninitialized: false, cookie: { maxAge: 365 * 24 * 60 * 60 * 1000,httpOnly: false , domain:'127.0.0.1:9000'}, store: sessionStore })); res.header("Access-Control-Allow-Origin", "http://127.0.0.1:9000"); //important $http request (angular): useCredentials: true
我曾经有这个问题。
ps:以下所有代码均由以下代码提供:
MEAN.JS
刚开始使用护照: http : //passportjs.org/
"passport": "~0.2.0", "passport-facebook": "~1.0.2", "passport-github": "~0.1.5", "passport-google-oauth": "~0.1.5", "passport-linkedin": "~0.1.3", "passport-local": "~1.0.0", "passport-twitter": "~1.0.2",
基本上我只是做:express.js
// CookieParser should be above session app.use(cookieParser()); // Express MongoDB session storage app.use(session({ saveUninitialized: true, resave: true, secret: config.sessionSecret, store: new mongoStore({ db: db.connection.db, collection: config.sessionCollection }) })); app.use( function (req, res, next) { if ( req.method === 'POST' && (req.url === '/auth/signin'||req.url === '/auth/login') ) { if ( req.body.rememberme ) { req.session.cookie.maxAge = 2592000000; // 30*24*60*60*1000 Rememeber 'me' for 30 days } else { req.session.cookie.expires = false; } } next(); }); // use passport session app.use(passport.initialize()); app.use(passport.session());
创build一个passport.js
'use strict'; /** * Module dependencies. */ var passport = require('passport'), User = require('mongoose').model('User'), path = require('path'), config = require('./config'); /** * Module init function. */ module.exports = function() { // Serialize sessions passport.serializeUser(function(user, done) { done(null, user.id); }); // Deserialize sessions passport.deserializeUser(function(id, done) { User.findOne({ _id: id }, '-salt -password', function(err, user) { done(err, user); }); }); // Initialize strategies config.getGlobbedFiles('./config/strategies/**/*.js').forEach(function(strategy) { require(path.resolve(strategy))(); }); };
在策略文件夹内我做了这些文件:
locals.js
` 'use strict'; /** * Module dependencies. */ var passport = require('passport'), LocalStrategy = require('passport-local').Strategy, User = require('mongoose').model('User'); module.exports = function() { // Use local strategy passport.use(new LocalStrategy({ usernameField: 'email', passwordField: 'password' }, function(email, password, done) { User.findOne({ email: email }).select('-__v -notes -tags').exec(function(err, user) { if (err) { return done(err); } if (!user) { return done(null, false, { message: 'Unknown user or invalid password' }); } if (!user.authenticate(password)) { return done(null, false, { message: 'Unknown user or invalid password' }); } user.password = undefined; user.salt = undefined; user.notes = undefined; user.tags = []; return done(null, user); }); } )); };
最后login我只是这样做:
user.auth.js
/** * Signin after passport authentication */ exports.signin = function(req, res, next) { console.log(req.body); passport.authenticate('local', function(err, user, info) { if (err || !user) { res.status(400).send(info); } else { // Remove sensitive data before login user.password = undefined; user.salt = undefined; user.notes = undefined; user.tags = []; user.resetPasswordToken = undefined; req.login(user, function(err) { if (err) { res.status(400).send(err); } else { res.json(user); } }); } })(req, res, next); };