如何从浏览器检查Node会话cookie到期
[英]How to check Node session cookie expiration from browser
问题描述
We're using Node + Connect to manage sessions for our app, which is a single-page application (SPA) built with Backbone.js. 
我们正在使用Node + Connect来管理应用程序的会话,该应用程序是使用Backbone.js构建的单页应用程序(SPA)。 I'm trying to write some code which will check from the client if the session is still valid. 我正在尝试编写一些代码,这些代码将从客户端检查会话是否仍然有效。 I know I can do it in Node itself, but as this is an SPA, I need to be able to do it completely client-side. 我知道我可以在Node本身中执行此操作,但是由于这是SPA,因此我需要能够完全在客户端执行此操作。
My first thought was to read the connect.sid cookie with jQuery and if it wasn't there, then that would mean that the session is expired. 我的第一个想法是使用jQuery读取connect.sid cookie,如果不存在,则意味着该会话已过期。 Unfortunately, that session cookie is protected with the HttpOnly flag and for good reason. 不幸的是,有充分的理由,该会话cookie受HttpOnly标志保护。 I don't want to disable that. 我不想禁用它。
My second thought was to write a second, parallel cookie every time the connect.sid cookie is written. 我的第二个想法是每次编写connect.sid cookie时都要编写第二个并行 cookie。 This second cookie would only store the expire date of the session cookie and would set HttpOnly to false so that the client could read it. 第二个cookie将仅存储会话cookie的到期日期,并将HttpOnly设置为false,以便客户端可以读取它。
So my question is, how do I go about writing that second cookie, or is there a better solution for being able to detect session expiration status from the browser?
I know how to write cookies with Node, but I'm not sure where to put the code so that it will fire every time that Connect writes the main connect.sid session cookie.
UPDATE: To be clear, I'm not looking to read the expiration date of the session. 更新:明确地说,我不是要读取会话的到期日期。 I know that JS cannot access the expires date of a cookie. 我知道JS无法访问Cookie的到期日期。 I just want to see whether or not the cookie exists, as it will only exist when it's valid and therefore its absence is enough data for me. 我只想查看cookie是否存在,因为它只有在有效时才存在,因此缺少它对我来说是足够的数据。
1 个解决方案
解决方案1
1 已采纳 2014-03-11 19:11:32
updated after clarifications in comments 在评论澄清后更新
Add another middleware right next to your session middleware. 在会话中间件旁边添加另一个中间件。 Excerpt below assumes express, but if you are using connect without express you should be able to interpret accordingly. 下面的摘录假定为表达,但是如果您使用的是没有表达的连接,那么您应该能够做出相应的解释。
app.use(connect.session(sessionOptions));
app.use(function (req, res, next) {
res.cookie("sessionIsAlive", "1", {
//just make sure this matches your expiration time of the real session cookie
expires: new Date(Date.now() + 900000),
httpOnly: false
});
next();
});
Then you can check for the existence of that via javascript in the browser. 然后,您可以通过浏览器中的javascript检查该代码是否存在。 And just FYI connect writes a new cookie with an updated expiration time on every response. 而且,仅FYI connect会在每个响应上写入具有更新的到期时间的新cookie。 That's how the "expires after N minutes of inactivity" behavior is implemented. 这就是实现“ N分钟不活动后过期”行为的方式。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.