>我有一个Express应用程序,其中会话很麻烦。
代码通常有效,成功登录后,用户应被定向到"仪表板"页面(如果没有请求特定的 URL(。
login.js 将 req.session.user 设置为用户信息的对象。
要检查是否有任何路由被授权,我有一个中间件(authuser.js(来检查req.session.user
问题是这个测试(显然是随机的(失败了。下面是控制台的(编辑(日志,您可以在其中看到登录.js报告 req.session.user,然后是 authuser.js在 req.session.user 上未通过测试:
Login success - session: Session {
cookie:
{ path: '/',
_expires: 2019-08-24T13:30:16.023Z,
originalMaxAge: 604800000,
httpOnly: true },
requested_url: '/dashboard',
__lastAccess: 1566048616023,
user:
{ username: 'me',
display_name: 'Jeff',
role: 'admin',
groups: null,
set_password: true,
organisation: 'jeff',
organisation_id: '1',
maxDiskSpace: '2048000000',
default_module: 'default',} }
Login -redirecting to /dashboard
Auth user: No req.session.user /dashboard
POST /login 302 131.560 ms - 64
GET /dashboard 302 1.167 ms - 56
GET /login 200 20.086 ms - 1203
应用.js:
var session = require('express-session');
var FileStore = require('session-file-store')(session);
var fileStoreOptions = {};
var sess = {
store: new FileStore(fileStoreOptions),
secret: 'Fuzz-whib-49',
resave: true,
saveUninitialized: false,
cookie: {
maxAge: 7 * 24 * 3600 * 1000 // 7 days
}
}
app.use(session(sess));
登录.js:
router.post('/', function(req, res, next) {
auth.login( req )
.then( user => {
req.session.user = user;
var next_route = req.query.next || req.session.requested_url || '/dashboard';
delete req.session.requested_url;
res.redirect(next_route)
})
.catch( function( error) {
...
仪表板.js:
router.get('/', authUser, function(req, res, next) {
console.log('Dashboard: Session id: ' + req.session.id);
console.log('Dashboard - user: ' + req.session.user.username);
var mod = loadAppModule(req.session.user);
var title = mod.title;
res.render("dashboard", {
module: mod,
user: req.session.user,
});
});
身份验证用户.js中间件:
module.exports = function(req, res, next) {
if(req.session.user) {
next();
} else {
console.log('Auth user: No req.session.user ' + req.originalUrl)
req.session.requested_url = req.originalUrl;
res.redirect('/login')
}
}
注销.js
router.post('/', authUser, function(req, res, next) {
console.log('Logout ' + req.session.user.username);
req.session.destroy(function(){
res.redirect('/');
});
});
什么给?
问题似乎与会话文件存储有关。可能是我的呼叫"req.session.user = user;"登录时.js当我尝试在 authuser .js 中读取req.session.user时尚未同步到光盘吗?
通过使用cookie会话而不是会话文件存储,问题消失了...
应用.js:
var cookieSession = require('cookie-session')
...
app.use(cookieSession({
name: name,
keys: [key],
// Cookie Options
maxAge: 7 * 24 * 3600 * 1000 // 7 days
}));