Node.js：处理多个会话

Question

I'm working on a quite simple Node.js server. The users authenticate via a plain username/password form and the server - after checking a db - grants or refuses the access to the other pages.

To keep track of what each user's doing I'm going to generate a UUID to send on login. When a client asks or sends anything to the server it will include this UUID so the server will know who is the user.

The questions are about the life-cycle of these UUIDs:

• when I must remove a UUID from my local array? Ie when the user "disconnects", I guess if it explicitely logout or after a timeout of inactivity. I don't want to disconnect if he puts in standby his smartphone for a while.

• if the user reloads the page when his session is still alive, I want to avoid a new login: I need a way to understand the connection is from the same user. How would you achieve this?

Answer 1

What I would do is use JWT. I would ask user to login using username and password and then issue them a JWT with payload containing the user's identifier (username or id) and with a set expiry which represents the max inactivity time allowed (depends on your business logic), say 5hrs. I can also contain last logout date etc.

Now user sends this JWT in his header whenever he's making requests to your services, you can decode that token and check if user logged out (tokens last logout time is less than the user's logout time).

You can keep track of various things.

There may be other ways also, using sessions.