req.session.passport为空:req.user未定义
[英]req.session.passport is empty: req.user undefined
问题描述
I've asked a similar question before, but I noticed it was in the Javascript section. 
之前我曾问过类似的问题,但我注意到它在Javascript部分中。 I have more specific ideas of what might be going wrong now, as well. 对于现在可能出了什么问题,我也有更具体的想法。
Basically, req.session.passport is empty in my logs. 基本上,req.session.passport在我的日志中为空。 Whenever I start navigating around my site, req.user becomes undefined because the session doesn't have Passport's logged in user anymore. 每当我开始在网站上浏览时,req.user都将变为未定义状态,因为该会话不再具有Passport的登录用户。
I would like to know if anyone knows how to solve this? 我想知道是否有人知道如何解决这个问题? Maybe it's just an error in the configuration of Passport, or the entire Express setup? 也许这只是Passport的配置错误,还是整个Express设置?
App.js: App.js:
var express = require("express"),
bodyParser = require("body-parser"),
mongodb = require("mongodb"),
mongoose = require("mongoose"),
uriUtil = require("mongodb-uri"),
morgan = require("morgan"),
session = require("express-session"),
passport = require("passport"),
flash = require("connect-flash"),
ip = "hidden",
port = process.env.PORT || 80
var app = express()
app.disable("x-powered-by")
app.use(bodyParser.json())
app.use(bodyParser.urlencoded({
extended: true
}))
app.use(morgan("dev")); // log every request to the console
// required for passport
app.use(session({
secret: "hidden",
key: 'asdasdasd',
cookie: { maxAge: 60000, secure: false },
resave: true,
saveUninitialized: false
})); // session secret
app.use(passport.initialize());
app.use(passport.session()); // persistent login sessions
app.use(flash()); // use connect-flash for flash messages stored in session
app.set("view engine", "jade")
app.use(express.static(__dirname + "/views"))
require("./includes/passport")(passport)
require("./includes/subject")
require("./includes/user")
Passport.js: Passport.js:
var LocalStrategy = require("passport-local").Strategy,
User = require("./user"),
bCrypt = require('bcrypt-nodejs')
module.exports = function(passport) {
// used to serialize the user for the session
passport.serializeUser(function(user, done) {
done(null, user._id);
});
// used to deserialize the user
passport.deserializeUser(function(id, done) {
User.findById(id, function(err, user) {
done(err, user);
});
});
// =========================================================================
// LOCAL SIGNUP ============================================================
// =========================================================================
// we are using named strategies since we have one for login and one for signup
// by default, if there was no name, it would just be called "local"
passport.use('signup', new LocalStrategy({
// by default, local strategy uses username and password, we will override with email
usernameField : "email",
passwordField : "password",
passReqToCallback : true // allows us to pass back the entire request to the callback
},
function(req, email, password, done) {
// asynchronous
// User.findOne wont fire unless data is sent back
process.nextTick(function() {
// find a user whose email is the same as the forms email
// we are checking to see if the user trying to login already exists
User.findOne({ "email" : email }, function(err, user) {
// if there are any errors, return the error
if (err)
return done(err);
// check to see if theres already a user with that email
if (user) {
return done(null, false, req.flash("message", "Dit e-mail-adres is al bezet"));
} else {
// if there is no user with that email
// create the user
var newUser = new User();
// set the user's local credentials
newUser.email = email;
newUser.password = createHash(password);
newUser.firstname = req.param('firstname');
newUser.lastname = req.param('surname');
newUser.year = parseInt(req.param('year'));
newUser.study = req.param('study');
newUser.courses = req.param('courses');
newUser.phone = req.param('phone');
newUser.availability = req.param('availability');
newUser.description = req.param('descText');
// save the user
newUser.save(function(err) {
if (err)
throw err;
return done(null, newUser);
});
}
});
});
}));
// =========================================================================
// LOCAL LOGIN =============================================================
// =========================================================================
// we are using named strategies since we have one for login and one for signup
// by default, if there was no name, it would just be called 'local'
passport.use("login", new LocalStrategy({
// by default, local strategy uses username and password, we will override with email
usernameField : "email",
passwordField : "password",
passReqToCallback : true // allows us to pass back the entire request to the callback
},
function(req, email, password, done) { // callback with email and password from our form
// find a user whose email is the same as the forms email
// we are checking to see if the user trying to login already exists
User.findOne({ "email" : email }, function(err, user) {
// if there are any errors, return the error before anything else
if (err)
return done(err);
// if no user is found, return the message
if (!user) {
console.log('No user found with email ' + email)
return done(null, false, req.flash('message', 'Gebruiker niet gevonden')); // req.flash is the way to set flashdata using connect-flash
}
if (!isValidPassword(user, password)){
console.log('Incorrect Password');
return done(null, false, req.flash('message', 'Onjuist wachtwoord')); // redirect back to login page
}
// all is well, return successful user
return done(null, user);
});
}));
var isValidPassword = function(user, password){
return bCrypt.compareSync(password, user.password);
}
// Generates hash using bCrypt
var createHash = function(password){
return bCrypt.hashSync(password, bCrypt.genSaltSync(10), null);
}
};
The routes: 路线:
api.post("/signup", passport.authenticate("signup", {
successRedirect: "/profile",
failureRedirect: "/",
failureFlash: true
}))
api.post("/login", passport.authenticate("login", {
successRedirect: "/profile",
failureRedirect: "/login"//,
failureFlash: true
}))
router.get("/", function(req, res) {
// serve index.html
res.render("index", {
title: 'Home',
user: req.user,
message: req.flash("message")
})
})
It works on the page that is accessed directly after logging in, which I control as follows: 它可以在登录后直接访问的页面上运行,我对此进行了如下控制:
router.get("/profile", isLoggedIn, function(req, res) {
res.render("profile", {
title: 'Gebruikersprofiel van ' + req.user.firstname + " " + req.user.lastname,
user: req.user // get the user out of session and pass to template
})
})
function isLoggedIn(req, res, next) {
console.log(req.session)
// if user is authenticated in the session, carry on
if (req.isAuthenticated())
return next()
// if they aren't redirect them to the home page
res.redirect("/login")
}
So far, I've tried adding middleware to add req.user to req.session, and doing the same thing in the login POST. 到目前为止,我已经尝试添加中间件以将req.user添加到req.session,并在登录POST中执行相同的操作。 Also I've tried changing the order in which I initialize the middleware in app.js. 另外,我尝试更改了在app.js中初始化中间件的顺序。 I am using the new express-session version, without CookieParser, as I read that CookieParser is no longer needed. 我使用的是没有CookieParser的新的快速会话版本,因为我读到不再需要CookieParser。
If anyone can help me in any way, it would be much appreciated! 如果有人能以任何方式帮助我,将不胜感激! I've been stuck for a while (as have others). 我被困了一段时间(其他人也是如此)。
1 个解决方案
解决方案1
5 已采纳 2014-12-05 10:51:42
The problem was not anything I did wrong in setting up the session, or Passport in general, but rather in my links. 问题不是我在设置会话或总体上设置Passport时犯了错,而是在我的链接中。 I read somewhere that someone was accidentally working in multiple domains (his platform was apparently multi-server), and that made me look through my links this morning. 我在某处读到有人不小心在多个域中工作(他的平台显然是多服务器),这使我今天早上通过链接查看。
Apparently, I was linking to my website with www. 显然,我是通过www链接到我的网站。 prefixed, but the session was initialized where there was no www. 有前缀,但会话在没有www的地方初始化。 in front of the URL. 在网址前面。 I saw this in the cookies. 我在饼干里看到了。 The solution was, therefore, to link through the website consistently, either having www. 因此,解决方案是通过具有www的网站来始终保持链接。 prefixed everywhere or nowhere. 前缀无处不在。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.