客户端会话中间件的问题：设置后req.session_state = undefined

Question

在Express中使用客户端会话中间件时，我遇到了一些问题。 简而言之，在设置后重定向到新路由时，似乎无法访问session_state。 作为参考，我已经按照此视频教程进行操作 （客户端会话部分开始于36:00左右），并仔细检查了我的步骤，但仍然遇到问题。 中间件设置如下：

var sessions = require('client-sessions');

从Express网站上的代码实例化。

app.use(sessions({
 cookieName: 'session',
 secret: 'iljkhhjfebxjmvjnnshxhgoidhsja', 
 duration: 24 * 60 * 60 * 1000,
 activeDuration: 1000 * 60 * 5 
}));

我将会话中间件放在bodyParser和路由之间，如果有区别的话。

这是我的routes/index.js与该问题有关的部分。 req.session_state似乎设置正确，正确的用户详细信息记录到控制台。

// POST login form
router.post('/login', function(req, res) {
  User.findOne( { email: req.body.email }, function(err,user){
    if(!user) {
      console.log("User not found...");
      res.render('login.jade', 
         { message: 'Are you sure that is the correct email?'} );
    } else {
        if(req.body.password === user.password) {

        // User gets saved and object logs correctly in the console
            req.session_state = user;
            console.log("session user...", req.session_state);

            res.redirect('/dashboard'); 
        }
    }
    //res.render('login.jade', { message: 'Invalid password'} );
  });
});

但是，当res.redirect('/dashboard');出问题了res.redirect('/dashboard'); 之所以运行，是因为session_state到达该路由时不可访问。 这是/dashboard路线的代码。

router.get('/dashboard', function(req, res) {

   // OUTPUT = 'undefined' ???
   console.log("dash...", req.session_state);

   // 'if' fails and falls through to /login redirect
   if(req.session && req.session_state){
       console.log("dash route...", req.session_state);
       User.findOne( { email: req.session_state.email }, function
        (err, user){
         if(!user){
            req.session.reset();
            res.redirect('/login');
         } else {
            res.locals.user = user;
            res.render('dashboard.jade')
         }
      });
   } else {
    res.redirect('/login');
   }
   //res.render('dashboard', { title: 'Your Dashboard' });
});

基本上，存储在session_state中的对象在/dashboard重定向后不可访问。 我一直在调试它大约一天，没有运气。 任何帮助，不胜感激。 抱歉，如果我缺少明显的内容。 只是用会话中间件弄湿了，所以也许我还没有完全掌握Session或我正在忽略某些东西。 提前致谢！

Answer 1

我已经用代码更新了我的答案，该代码应该可以帮助您设置Cookie和一个称为令牌的替代会话管理器。 在本示例中，我为中间件提供了一部分，其中一部分附加了cookie（可以扩展以确定您的用例），第二部分则检查令牌是否过期或其中可能还有其他内容（即受众，发行人等）

 app.use('/js/',function(req, res, next) {
//check if the request has a token or if the request has an associated username
         if(!req.headers.cookie){

            console.log('no cookies were found')

            var token = jwt.sign({user_token_name:req.body.user_name},app.get('superSecret'), {
                expiresIn: 1 *100 *60 // expires in 1 mintue can be what ever you feel is neccessary
            });
             //make a token and attach it to the body
             // req.body.token = token // this is just placing the token as a payload
             res.cookie('austin.nodeschool' , token,{ maxAge: 100000, httpOnly: true }) //this sets the cookie to the string austin.nodeschool
         }
        if(req.body.user_name){
             next()
         }else{
             res.send('request did not have a username').end() // this is here because my middleware also requires a username to be associated with requests to my API, this could easily be an ID or token.
         }
    },function(req, res, next) {
//    console.log(req.headers)  this is here to show you the avilable headers to parse through and to have a visual of whats being passed to this function
            if(req.headers.cookie){
                console.log(req.headers.cookie) //the cookie has the name of the cookie equal to the cookie.
                var equals = '=';
                var inboundCookie = req.headers.cookie
                var cookieInfo = splitCookie(inboundCookie,equals) //splitCookie is a function that takes the inbound cookie and splits it from the name of the cookie and returns an array as seen below.
                console.log(cookieInfo)
               var decoded = jwt.verify(cookieInfo[1], app.get('superSecret'));

                console.log(decoded)
                // You could check to see if there is an access_token in the database if there is one
                // see if the decoded content still matches. If anything is missing issue a new token
                // set the token in the database for later assuming you want to       
                // You could simply check if it's expired and if so send them to the login if not allow them to proceed through the route. 
            }
    next()
    });