req.session.passport和req.user空白,并且req.isAuthenticated在使用passport-facebook初次成功登录后返回false
[英]req.session.passport and req.user blank , and req.isAuthenticated returns false after initial successful login using passport-facebook
问题描述
After the initial successful login from Facebook and login redirection callback using passport-facebook 1.0.3 and express 4.6.1,req.session.passport and req.user contains the value set during the serialize call(which i get from the stragegy) , but on subsequent visits to different routes on the site the req.session.passport and req.user is blank , and req.isAuthenticated() returns false , so after the initial successful login from FB the ensureAuthentication method on all other routes fails . 
在初次成功登录Facebook并使用passport-facebook 1.0.3和express 4.6.1登录重定向回调后,req.session.passport和req.user包含序列化调用期间设置的值(我从stragegy获得),但是在随后访问网站上的不同路由时,req.session.passport和req.user为空,req.isAuthenticated()返回false,因此在从FB初始成功登录后,所有其他路由上的ensureAuthentication方法都会失败。 I'm not using a cluster setup , so i believe the memory store is enough to handle this , the express configuration looks fine(i mean the order) , here is my express configuration 我没有使用群集设置,所以我相信内存存储足以处理这个,快速配置看起来很好(我的意思是顺序),这是我的快速配置
configExpressApp.set('views', './views');
configExpressApp.set('view engine', 'jade');
configExpressApp.use(morgan('dev'));
configExpressApp.use(cookieParser());
configExpressApp.use(bodyParser.urlencoded({
extended: true,
}));
configExpressApp.use(bodyParser.json());
configExpressApp.use(expressSession({
secret:'MyExpressSecret',
saveUninitialized: true,
resave: true
}));
configExpressApp.use(passport.initialize());
configExpressApp.use(passport.session());
configExpressApp.use(methodOverride());
configExpressApp.use(express.static('./public'));
Here is the req.session object on the initial successfull login and redirection ,The req.user contains the same data as the req.session.passport.user 这是初始成功登录和重定向的req.session对象,req.user包含与req.session.passport.user相同的数据。
{ cookie:
{ path: '/',
_expires: null,
originalMaxAge: null,
httpOnly: true },
passport:
{ user:
{ _id: 53ce23e3121421f229a438f8,
info: false,
loginType: 'fb',
fbId: 'MyId',
name: 'Karthic Rao',
email: 'kartronics85@yahoo.com'
}
}
}
this is the information i associated earlier with the done() callback inside the strategy and also inside the serialization call . 这是我之前与策略内部的done()回调以及序列化调用内部关联的信息。 After the successfull login and callback, i use res.redirect to redirect the user to a different route , but the requests coming from that route contains the sessionID (so i dont think its the issue with the session store), but the req.user field doesnt exist(may be because passport.initialize() and passport.session() middlewares dont find the request to be authenticated) and the req.session.passport field is empty , here are the details from the console.log of the req object . 在成功登录和回调之后,我使用res.redirect将用户重定向到不同的路由,但来自该路由的请求包含sessionID(所以我不认为它与会话存储的问题),但是req.user字段不存在(可能是因为passport.initialize()和passport.session()中间件没有找到要进行身份验证的请求)并且req.session.passport字段为空,这里是来自req的console.log的详细信息对象。
sessionID: 'I9R1c3PIYgDW5OpWbNT7qb02Hn4lOeAB',
session:
{ cookie:
{ path: '/',
_expires: null,
originalMaxAge: null,
httpOnly: true },
passport: {} },
Here is my deserialize method 这是我的反序列化方法
passport.deserializeUser(function(user, done) {
console.log('deserialize loginType facebook');
db.collection("users").findOne({
fbId: user.id
}, function(err, docs) {
console.log(docs);
done(err, docs);
});
});
Here is my serialize method 这是我的序列化方法
passport.serializeUser(function (user, done) {
console.log(user);
done(null, user);
});
This is creating a great hindrance to my development , how can i sort this out ?? 这对我的开发造成了很大的障碍,我怎么能解决这个问题呢?
1 个解决方案
解决方案1
10 已采纳 2014-07-29 08:05:38
Well, if you could add the code where you use your strategy (it should be in the middleware), that would give us a complete view of the problem, because we need to know what object is sent to serializeUser . 好吧,如果您可以在使用策略的地方添加代码(它应该在中间件中),这将为我们提供问题的完整视图,因为我们需要知道将什么对象发送到serializeUser 。
(Very) basically, when a user tries to authenticate, things happen that way : (非常)基本上,当用户尝试进行身份验证时,事情会发生:
- Passport tries to authenticate your user against Facebook servers Passport尝试针对Facebook服务器对您的用户进行身份验证
- If it succeeds, the callback function (or successRedirect) is called with an object containing the user's details 如果成功,则使用包含用户详细信息的对象调用回调函数(或successRedirect)
- Then, Passport makes a call to
req.loginto store some info about the user in session然后,Passport调用req.login以在会话中存储有关用户的一些信息 - Then
serializeUseris called and effectively store the data you specified in session.然后调用serializeUser并有效地存储您在会话中指定的数据。
BUT from the code you posted, I suspect that in your deserializeUser , user.id is undefined, because the user object that is stored in session uses an ID field called _id and not id . 但是从您发布的代码中,我怀疑在您的deserializeUser , user.id是未定义的,因为存储在会话中的user对象使用名为_id且不是id的ID字段。
If you change 如果你改变了
db.collection("users").findOne({
fbId: user.id
to 至
db.collection("users").findOne({ fbId: user._id
db.collection("users").findById(user._id, [fields],[options],[callback]);
I think it should work. 我认为它应该有效。
EDIT : I edited my answer based on @BrandonZacharie's remark, which pointed out an error in my code. 编辑 :我根据@ BrandonZacharie的评论编辑了我的答案,该评论指出我的代码中有错误。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.