[英]express-session isn't setting session cookie while using with socket.io
[英][Express][Nodejs] How to decrypt express-session cookie during socket.io connection?
登录成功后,用户的 userId 和 Name 保存在 cookie 中。
服务器.js
const io = require('socket.io')(http)
const session = require('express-session')
const Allusers = [ {id: 1, name: 'Admin', username: 'admin', password: 'admin'} ]
const socketName = {}
app.use(session({
name: 'sid',
resave: false,
saveUninitialized: false,
secret: 'secretCode!',
cookie: {
httpOnly: false,
maxAge: 1000 * 60 * 60 * 24 * 30, // 1 month
sameSite: true
}
}))
// FOR USER LOGIN AND SAVING COOKIE
app.post('/login', (req,res) =>{
const {username, password} = req.body
if (username && password){
const user = Allusers.find(user => user.username === username && user.password === password)
if (user){
req.session.userId = user.id
req.session.name = user.name
return res.redirect('/')
}
}
res.redirect('/login')
})
io.on('connection', (socket) => {
// I WANT TO GET NAME AND ID OF THE USER FROM COOKIE, THEN ADD THEM TO socketName as
// {'socket_id' : 'Name of the user'}
});
我想从cookie中获取用户的name
和id
,然后将它们添加到socketname
{'socket_id': '用户名'}
我可以使用socket.handshake.headers.cookie
获取 cookie,但它是使用秘密字符串加密的。
如何解密 cookie 数据或从Allusers
验证用户?
对于您的情况,首先,您需要知道 session id 是由生成 function - generateSessionId (默认情况下)生成的。 这意味着 session id( sid
cookie) 不包含任何用户数据,用户数据存储在服务器端(默认为MemoryStore
)。 因此,您应该从服务器端获取用户 session 数据,而不是从sid
cookie 中获取它们。
操作如下:
req.session.userId = userId;
req.session.name = name;
userId
和name
将存储在服务器端的MemoryStore
中。
现在,让我们获取 session 数据。 socket.request.headers.cookie
的值将是这样的字符串:
sid=s%3AfWB6_hhm39Z7gDKvAYFjwP885iR2NgIY.uT80CXyOKU%2Fa%2FxVSt4MnqylJJ2LAFb%2B770BItu%2FpFxk; io=msngndIn0v4pYk7DAAAU
{
sid: 's:fWB6_hhm39Z7gDKvAYFjwP885iR2NgIY.uT80CXyOKU/a/xVSt4MnqylJJ2LAFb+770BItu/pFxk',
io: 'eeOnxhDIiPSE_0gfAAAm'
}
sid
:fWB6_hhm39Z7gDKvAYFjwP885iR2NgIY
MemoryStore
, you need to initialize it explicitly and call store.get(sid, callback) in the WebSocket connection callback function to get the user session data by sid
.完整的工作示例:
const session = require('express-session');
const app = require('express')();
const http = require('http').Server(app);
const io = require('socket.io')(http);
const bodyParser = require('body-parser');
const cookieParser = require('cookie-parser');
const cookie = require('cookie');
const Allusers = [{ id: 1, name: 'Admin', username: 'admin', password: 'admin' }];
const MemoryStore = new session.MemoryStore();
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true }));
app.use(
session({
store: MemoryStore,
name: 'sid',
resave: false,
saveUninitialized: false,
secret: 'secretCode!',
cookie: {
httpOnly: false,
maxAge: 1000 * 60 * 60 * 24 * 30,
sameSite: true,
},
}),
);
app.get('/', (req, res) => {
res.sendFile(__dirname + '/index.html');
});
app.post('/login', (req, res) => {
const { username, password } = req.body;
console.log(username, password);
if (username && password) {
const user = Allusers.find((user) => user.username === username && user.password === password);
console.log(user);
if (user) {
req.session.userId = user.id;
req.session.name = user.name;
return res.redirect('/');
}
}
res.redirect('/login');
});
io.on('connection', (socket) => {
console.log('a user connected');
const cookieString = socket.request.headers.cookie;
console.log('cookieString:', cookieString);
if (cookieString) {
const cookieParsed = cookie.parse(cookieString);
console.log('cookieParsed:', cookieParsed);
if (cookieParsed.sid) {
const sidParsed = cookieParser.signedCookie(cookieParsed.sid, 'secretCode!');
console.log(sidParsed);
MemoryStore.get(sidParsed, (err, session) => {
if (err) throw err;
console.log('user session data:', JSON.stringify(session));
const { userId, name } = session;
console.log('userId: ', userId);
console.log('name: ', name);
});
}
}
});
http.listen(3000, () => {
console.log('listening on *:3000');
});
您将获得 session 数据userId
和name
,如下所示:
user session data: {"cookie":{"originalMaxAge":2592000000,"expires":"2021-02-14T08:31:50.959Z","httpOnly":false,"path":"/","sameSite":true},"userId":1,"name":"Admin"}
userId: 1
name: Admin
源代码: https://github.com/mrdulin/expressjs-research/tree/master/src/stackoverflow/62407074
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.