在SessionStore中设置Node.js Express会话到期时间而不是cookie
[英]Setting Node.js Express session expiration time in SessionStore in stead of in cookie
问题描述
Everything I can find on Express Session s expiring times is about setting the cookie. 
我在Express Session的到期时间可以找到的一切都是关于设置cookie。
session.cookie.expires = null; // Browser session cookie
session.cookie.expires = 7 * 24 * 3600 * 1000; // Week long cookie
But the expire date of cookies is not 'secured' with your secret , as these are just cookie settings your browser manages. 但是,Cookie的过期日期不会与您的secret “保密”,因为这些只是您的浏览器管理的Cookie设置。
How can I set the expire date of the session in the session store? 如何在会话存储中设置会话的过期日期? Because theoretically, when someone uses your computer, they can 'fix' the expiration time of an expired cookie and continue the session, if the server side session isn't also expired at the same time as the cookie. 因为理论上,当有人使用您的计算机时,如果服务器端会话也没有与cookie同时过期,他们可以“修复”过期cookie的过期时间并继续会话。
I can't find anything about how this works or how to set/change this. 我找不到任何关于它如何工作或如何设置/更改它的信息。
2 个解决方案
解决方案1
23 已采纳 2014-03-13 03:44:40
With the Session middleware, only the encrypted session ID is stored in the client side cookie. 使用Session中间件,只有加密的会话ID存储在客户端cookie中。 The expired date is stored as req.session.cookie.expires in the server side store. 过期日期存储为服务器端存储中的req.session.cookie.expires 。 So we can add a custom middle to check whether current session is expired. 所以我们可以添加一个自定义中间来检查当前会话是否过期。
// ...
app.use(express.cookieParser());
app.use(express.session({secret:'yoursecret', cookie:{maxAge:6000}}));
app.use(function(req, res, next) {
// if now() is after `req.session.cookie.expires`
// regenerate the session
next();
});
// ...
解决方案2
-1 2015-06-18 16:57:15
I wrote the solution today as the project needed that. 我今天写了解决方案,因为项目需要。
Here it is: 这里是:
https://github.com/expressjs/session/issues/173 https://github.com/expressjs/session/issues/173
There are instructions there. 那里有指示。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.