为什么我的 JWT expiresIn 值在从服务器发送和在前端接收之间发生变化?
[英]Why does my JWT expiresIn value change between sending it from the server and receiving it on the front-end?
问题描述
I set my token expiry date on the server and console.log out the value to check:
我在服务器和console.log上设置了我的令牌到期日期。注销要检查的值:
However, when I check the value on my React front-end, I get this value:然而,当我检查我的 React 前端的值时,我得到了这个值:
I don't alter the expiry date in any way but the value is changed dramatically between sending it and receiving it.我不会以任何方式更改到期日期,但值在发送和接收之间发生了巨大变化。
Does anyone have any ideas?有没有人有任何想法?
Server code服务器代码
const d = new Date();
console.log(
'current date: ',
moment(d.getTime()).format('YYYY-MM-DD HH:mm:ss')
);
/*const calculatedExpiresIn =
d.getTime() +
60 * 60 * 1000 -
(d.getTime() - d.getMilliseconds()) / 1000;*/
const calculatedExpiresIn = d.getTime() + 60 * 60 * 1000;
console.log(
'calculatedExpiresIn: ',
moment(calculatedExpiresIn).format('YYYY-MM-DD HH:mm:ss')
);
console.log('calculatedExpiresIn: ', calculatedExpiresIn);
const iat = d.getTime();
const user = ok([
{
id: res[0].id,
token: jwt.sign(
{
id: res[0].id,
email: res[0].email,
firstName: res[0].firstName,
surname: res[0].surname,
role: res[0].role,
iat: iat,
},
config.secret,
{
expiresIn: calculatedExpiresIn,
}
),
},
]);
Front-end code前端代码
validateSession() {
let token = sessionStorage.getItem('unikey');
const d = new Date();
if (token && token !== undefined) {
let decodedToken = jwtDecode(token);
/*console.log('decodedToken: ', decodedToken);
console.log(
'decodedToken iat date: ',
moment(decodedToken.iat).format('YYYY-MM-DD HH:mm:ss')
);*/
console.log(
'decodedToken expiry date: ',
moment(decodedToken.exp).format('YYYY-MM-DD HH:mm:ss')
);
console.log(
'current date: ',
moment(d.getTime()).format('YYYY-MM-DD HH:mm:ss')
);
console.log('decodedToken expiry date: ', decodedToken.exp);
console.log('current date: ', d.getTime());
console.log('Time difference: ', decodedToken.exp - d.getTime());
if (d > decodedToken.exp) {
console.log('Time is up...');
this.terminateSession();
return false;
}
return true;
} else {
// There is no token so session is automatically invalid
this.terminateSession();
return false;
}
}
Token:代币:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6NDQsImVtYWlsIjoidGVzdEBlbWFpbC5jb20iLCJmaXJzdE5hbWUiOiJ0ZXN0Iiwic3VybmFtZSI6InVzZXIiLCJyb2xlIjoiYWdlbnQiLCJpYXQiOjE2MTg1NTYyOTE3MzAsImV4cGlyeSI6MTYxODU1OTg5MTczMCwiZXhwIjozMjM3MTE2MTgzNDYwfQ.nUrUFzyyP9POBTklc8ISXamJIz8D9vaUOIdS81_F9FY
1 个解决方案
解决方案1
2 已采纳 2021-04-16 07:34:05
The decoded payload is:解码后的有效载荷是:
{
...
"iat": 1618556291730,
"expiry": 1618559891730,
"exp": 3237116183460
}
There are two things wrong:有两点不对:
The format of the timestamps is wrong, because it's supposed to be in seconds (10 digit number) instead of milliseconds (13 digits) (see NumericDate in RFC7519 ).
时间戳的格式是错误的,因为它应该以秒(10 位数字)而不是毫秒(13 位)为单位(参见RFC7519 中的 NumericDate )。The the expiration time is (aside from the factor 1000) twice as high as expected.
到期时间(除因子 1000 外)是预期的两倍。
The reason for that is a wrong calculation of the expiresIn parameter in you call to jwt.sign .原因是您调用jwt.sign时对expiresIn参数的计算错误。 The parameter is supposed to be a timesspan, eg { expiresIn: 60 * 60 } or { expiresIn: "1h" } for one hour, instead of a timestamp.该参数应该是一个时间跨度,例如{ expiresIn: 60 * 60 }或{ expiresIn: "1h" }一小时,而不是时间戳。 The sign function will then add the timespan from the parameter to the current time to calculate the correct exp . sign function 然后将参数的时间跨度添加到当前时间以计算正确的exp 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.