堆栈内存溢出
  简体   繁体   English

redis 如何保持 Nodejs 会话?

[英]How does redis persist Nodejs sessions?

 原文  2020-05-31 15:27:22       node.js/ redis

问题描述

I recently started using Redis on my Nodejs project.我最近开始在我的 Nodejs 项目中使用 Redis。 I use it to store my sessions.我用它来存储我的会话。

const session = require("express-session")
const redis = require('redis')
let RedisStore = require('connect-redis')(session)

let redisClient
if(process.env.REDISTOGO_URL){
    // let redisURL = url.parse(process.env.REDISTOGO_URL);
    redisClient = redis.createClient(process.env.REDISTOGO_URL)
} else {
    redisClient = redis.createClient()
}

app.use(
        session({
            store: new RedisStore({
                client: redisClient
            }),
            secret: keys.session.secret,
            resave: false,
            saveUninitialized: false
        })
    )

I am also using passport.js to handle user sessions:我还使用 passport.js 来处理用户会话:

passport.serializeUser(function(user, done) {
        done(null, user.id);
    });

    // used to deserialize the user
    passport.deserializeUser(function(id, done) {
        pool.query( `Select users.* where users.id = ${id} `, function(err, rows) {
            if(err){
                console.log(err)
            }
            else{
                done(err,rows[0]);    
            }
        });
    });

I was reading about how redis works and came upon this:我正在阅读有关 redis 的工作原理并遇到了这个问题:

When using a memory cache, your cookie only contains a session ID.使用 memory 缓存时,您的 cookie 仅包含 session ID。 This removes the risk of private user information being exposed in the cookie.这消除了在 cookie 中暴露私人用户信息的风险。

This means that at any given time the Nodejs server still has to store the session ID.这意味着在任何给定时间,Nodejs 服务器仍然必须存储 session ID。 When the browser sends the cookie back with user infromation and the encrypted secret Nodejs will have to find the session ID in the redis store and make sure that the information is correct.当浏览器发回带有用户信息和加密秘密的 cookie 时,Nodejs 必须在 redis 存储中找到 session ID 并确保信息正确。

Why is it that refreshing the Nodejs server not clear all the session ID from the database?为什么刷新Nodejs服务器并没有从数据库中清除所有session ID? Why do I not have to re-login everytime I refresh the server?为什么每次刷新服务器都不需要重新登录?

1 个解决方案

解决方案1
 1  2020-05-31 15:39:04

redis by default doesnt persist data to disk every time you write (normally just aof and no rdf). redis 默认情况下不会在每次写入时将数据持久化到磁盘(通常只有 aof 而没有 rdf)。 So if you restart redis, your data can be gone and your sessionId within your cookie doesn't exist anymore因此,如果您重新启动 redis,您的数据可能会消失,并且您的 cookie 中的 sessionId 将不再存在

you will need to enable persistence within redis or configure that in your redistogo instance .您将需要在 redis 中启用持久性或在您的redistogo 实例中配置它。

if you want to flush all session information you can FLUSHALL on your redis instance.如果你想刷新所有 session 信息,你可以在你的redis实例上刷新。 Best would be to set the ttl (time to live) so your sessions eventually get flushed by redis automatically after 30days or so最好是设置 ttl(生存时间) ,这样您的会话最终会在 30 天左右后自动被 redis 刷新

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何清理Nodejs中的所有会话(heroku + redis)? - How to clean all sessions in Nodejs (heroku + redis)? Nodejs + Passport.js + Redis:如何在 Redis 中存储会话 - Nodejs + Passport.js + Redis: how to store sessions in Redis NodeJS Redis Session不能通过浏览器重定向持久化 - NodeJS Redis Session does not persist over browser redirects 将TCP会话保存在Node.js / Redis中? - Save tcp sessions in nodejs / redis? NodeJS Redis-Sessions“ cb不是函数” - NodeJS Redis-Sessions “cb is not a function” NodeJS + MongoDB + Redis:注册和登录-会话问题 - NodeJS + MongoDB + Redis: Register and login - sessions issue 如何在Redis中保持HTTP响应 - How to persist HTTP response in redis 如何分离Node.js会话 - How to separate nodejs sessions 使用带有Passportjs的redis进行会话不起作用 - Using redis with Passportjs for sessions does not work Node.js-req.session不持久 - Nodejs - req.session does not persist
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM