未在下一个请求上设置会话Cookie-Express.js
[英]Session-cookie not set on the next request - Express.js
问题描述
I'm trying to set a cookie when logging in, but the cookie doesn't seem to follow to the next request. 
我正在尝试在登录时设置cookie,但是该cookie似乎并没有遵循下一个请求。 What am I doing wrong? 我究竟做错了什么? (Sorry if nooby question, quite new to express). (对不起,如果有nooby问题,表示还很陌生)。
The app.js app.js
let express = require("express");
let session = require("express-session");
let bodyParser = require("body-parser");
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended: true}));
app.use(session({
secret: "secret",
resave: false,
saveUninitialized: false,
cookie: { secure: true }
}));
The router 路由器
router.route("/login")
.get(function(request, response) {
response.render("../views/partials/login");
})
.post(function(request, response) {
let username = request.body.username;
let password = request.body.password;
User.findOne({user: username}, function(err, user) {
if (err) {
// Some error handling
}
// test password if matching
if (user !== null) {
user.comparePassword(password, function(err, match) {
if (err || !match) {
console.log("The user could not be found")
}
request.session.Auth = { username: username, password: password };
response.redirect("/home");
response.end();
});
} else {
// some error handling
}
});
});
Then when I do the next request on "/home", the session cookie holds no value about the user( req.session.Auth returns undefined ) 然后,当我在“ / home”上执行下一个请求时,会话cookie不保留有关用户的任何值( req.session.Auth返回undefined )
router.route("/home")
.get(restrict, function(req,res) {
console.log(req.session.Auth) // -> undefined
res.render("../views/home")
});
Maybe I'm doing this wrong, but I can't understand why the request.session doesn't hold the Auth-value. 也许我做错了,但我不明白为什么request.session不保存Auth值。 Can somebody please help? 有人可以帮忙吗?
PS I do not want to use any modules to handle authorization, like passport etc. PS我不想使用任何模块来处理授权,例如护照等。
3 个解决方案
解决方案1
0 2017-02-26 22:28:32
What you're doing is not going to work. 您正在做的事不会起作用。
I really recommend you use passport.js for authentication. 我真的建议您使用passport.js进行身份验证。 It's very simple, and takes away a lot of the work you're doing now. 这非常简单,并且省去了您现在正在做的许多工作。 Accessing the request object in this post request does nothing. 在此发布请求中访问请求对象没有任何作用。
解决方案2
0 2017-02-26 22:52:14
Please try this way. 请尝试这种方式。
First enabled cookie session in express Express中首次启用的Cookie会话
app.use(express.cookieParser('S3CRE7'));
app.use(express.cookieSession({
key: 'app.key',
secret: 'app.secret'
}));
app.use(app.router);
after enabling cookie session, you can get/set what ever property to request.session. 启用Cookie会话后,您可以获取/设置request.session的所有属性。
I think rest of your logic is fine. 我认为您的其余逻辑很好。
解决方案3
0 2017-10-25 06:53:31
Are you testing your app in HTTPS? 您要在HTTPS中测试您的应用吗? If not, then you should initialize the express session without the cookie: { secure: true } property, as 如果没有,那么您应该在没有cookie: { secure: true }属性的情况下初始化快速会话,如下所示:
app.use(session({
secret: "secret",
resave: false,
saveUninitialized: false
}));
A secure cookie is a cookie that will only be sent when HTTPS is used. 安全cookie是仅在使用HTTPS时才发送的cookie。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.