[英]How is the express req.session object persisted?
I'm very new to learning Node and Express, and I'm still trying to wrap my head around the code flow with express.我是学习 Node 和 Express 的新手,我仍在尝试用 express 了解代码流。 Suppose we have code that looks like this in a session.js:
假设我们在 session.js 中有这样的代码:
app.post('/session', notLoggedIn, function(req, res) {
User.findOne({
username: req.body.username,
password: req.body.password
}, function (err, user) {
if (err) {
return next(err);
}
if (user) {
req.session.user = user;
res.redirect('/users');
} else {
res.redirect('/session/new');
}
});
});
Assuming the User is a required mongo schema.假设用户是必需的 mongo 模式。 What I find strange is the session.user assignment:
我觉得奇怪的是 session.user 分配:
req.session.user = user;
Since the req variable will be out of scope after the redirect, but we're obviously doing this to persist the user data, I'm left with figuring out which of the following scenarios describe what is happening.由于重定向后 req 变量将超出 scope,但显然我们这样做是为了保留用户数据,所以我只剩下弄清楚以下哪些场景描述了正在发生的事情。 Either (A) the argument that's being assigned to the req parameter (when the callback is called) is stored/somewhere still on the stack, (B) the session is stored/on the stack and being assigned to a new req object before it's passed in to the callback, or (C) the same as B, but on the user field (seems unlikely and maybe contrived on my part).
(A) 分配给 req 参数的参数(当调用回调时)被存储/仍然在堆栈上的某个地方,(B) session 被存储/在堆栈上并被分配给一个新的 req object 在它之前传递给回调,或 (C) 与 B 相同,但在用户字段上(似乎不太可能,并且可能是我设计的)。
There's an overall session data structure that stores all session info for all users (like a global, but it could also be in a database - just something that is persistent at least across connections).有一个整体会话数据结构,用于存储所有用户的所有会话信息(如全局,但它也可以在数据库中 - 至少在连接中是持久的)。 Each client's session data uses one unique key to index into the session store to get the session data for that client.
每个客户端的会话数据使用一个唯一的键来索引会话存储以获得该客户端的会话数据。
Part of establishing a session for a given browser client is creating a unique client key (which will usually be stored in a cookie) that becomes the index into the global session object.为给定的浏览器客户端建立会话的一部分是创建一个唯一的客户端密钥(通常存储在 cookie 中),该密钥成为全局会话对象的索引。
On an incoming http request, Express middleware that supports the session checks a particular client cookie and if that particular cookie is found on the http request and is found in the global session object/database, then it adds that session's stored info to the request object for the http request handler to later use.在传入的 http 请求中,支持会话的 Express 中间件检查特定的客户端 cookie,如果在 http 请求中找到该特定 cookie 并且在全局会话对象/数据库中找到,则将该会话的存储信息添加到请求对象中供以后使用的 http 请求处理程序。
So, here's a typical sequence:所以,这是一个典型的序列:
I think the accepted answer misses one crucial detail, which was surfaced by @jpaddison3: "Express-session hooks res.end() to see when the request is done and then it updates the session store if needed."我认为接受的答案遗漏了一个关键细节,@jpaddison3 提出了这个细节:“Express-session 挂钩 res.end() 以查看请求何时完成,然后在需要时更新 session 存储。”
Basically, when you add the expression-session middleware, it wraps res.end() so that the new session information is saved just before the stream is closed.基本上,当您添加表达式会话中间件时,它会包装 res.end() 以便在 stream 关闭之前保存新的 session 信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.