[英]Nodejs, express, passport going mobile
Currently I have a website that used node.js, express.js as the backend API server and passport.js for authentication. 目前我有一个网站使用node.js,express.js作为后端API服务器,使用passport.js进行身份验证。 When the user login with their credentials the server will start a session and keep the user session in req.user or req.session.passport.user (Please correct me if I stated this incorrectly..)
当用户使用他们的凭据登录时,服务器将启动会话并将用户会话保留在req.user或req.session.passport.user中(如果我说错了,请纠正我。)
Later when you GET /loggedin
it just res.json(req.user)
and gives you the user information. 稍后当您
GET /loggedin
,只需res.json(req.user)
并为您提供用户信息。 On the client we can simply GET /loggedin
in every request to check the login status and user info. 在客户端上,我们可以在每个请求中简单地
GET /loggedin
以检查登录状态和用户信息。
This is working on a browser. 这是在浏览器上工作。 But when I am trying to do the same thing on mobile it appears that the device cannot establish a session with the server.
但是当我试图在移动设备上做同样的事情时,似乎设备无法与服务器建立会话。 which mean
GET /loggedin
returns 401 unauthrorized. 这意味着
GET /loggedin
返回401 unauthrorized。
So I was wondering if I am doing something wrong? 所以我想知道我做错了什么?
ok I'll answer my own questions here. 好的,我会在这里回答我自己的问题。
after you login with express backend server the server will send you a response, check the response header and verify there's a field called 在使用快速后端服务器登录后,服务器将向您发送响应,检查响应标头并验证是否有一个名为的字段
"set-cookie"="connect.sid=s.xxxxxxxxxxxxxxxxxxxxxxxxxx"
when a browser sees the "set-cookie" field in the response header it will try to write this info into a cookie. 当浏览器在响应头中看到“set-cookie”字段时,它会尝试将此信息写入cookie。
Next check your local cookies and see if there's a cookie named: connect.sid
with value s.xxxxxxxxxxxxxxxxxxxxxxxxxx
, if yes then when you send requests to the server the server will most likely know who you are already. 接下来检查您的本地cookie,看看是否有一个名为:
connect.sid
的cookie,其值为s.xxxxxxxxxxxxxxxxxxxxxxxxxx
,如果是,那么当您向服务器发送请求时,服务器很可能知道您已经是谁。
This should be true for browsers, however mobile devices are not that smart, which means you have to manually get this string 这应该适用于浏览器,但移动设备并不聪明,这意味着您必须手动获取此字符串
"connect.sid=s.xxxxxxxxxxxxxxxxxxxxxxxxxx"
into a request header so the server can verify your identity using the token you provide. 进入请求标头,以便服务器可以使用您提供的令牌验证您的身份。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.