NodeJS注销所有用户会话 [英] NodeJS logout all user sessions

问题描述

我很高兴 nodeJS 中的关闭 (注销/退出) 所有用户会话.

req.logout()仅关闭用户的当前会话.但是对于我的安全面板，我想添加关闭 ALL 用户会话的选项.我怎样才能做到这一点?

req.logout() is closing only the current session of the user. But for my security panel I want to add the option to close ALL the user sessions. How can I do this?

我正在使用 MEAN.JS框架 .使用 passport.js 库和 mongoDB 保存会话:

I'm using MEAN.JS framework. With passport.js library and mongoDB to save the sessions:

// Express MongoDB session storage
app.use(session({
    saveUninitialized: true,
    resave: true,
    secret: config.sessionSecret,
    cookie: {
        maxAge: 15778476000,
        httpOnly: true,
        secure: false 
    },
    key: 'sessionId',
    store: new mongoStore({
        db: db.connection.db,
        collection: config.sessionCollection
    })
}));

非常感谢您.

推荐答案

使用connect-mongo，将userId保存在mongoDB的字符串中，该字符串位于 sessions集合中:

Using connect-mongo, the userId is saved inside a String in mongoDB in sessions collection:

{
    "_id" : "J6fsgZ4d1zKp31ml1MRm18YCdlyhvce-",
    "session" : "{\"cookie\":{\"originalMaxAge\":15778475958,\"expires\":\"2016-05-17T23:47:27.301Z\",\"secure\":false,\"httpOnly\":true,\"path\":\"/\"},\"passport\":{\"user\":\"56420a5a8c6601ce29bbd1c1\"}}",
    "expires" : ISODate("2016-05-17T12:48:22.049Z")
}

最后，我使用以下代码删除他的所有会话:

Finally, I use this code to remove all his sessions:

var mongoose = require('mongoose'),
Schema = mongoose.Schema,
Session = mongoose.model('Session', new Schema(), 'sessions');


exports.signoutAllSessions = function(req, res) {
   var socketio = req.app.get('socketio');
   var userId = req.user.id;
   var filter = {'session':{'$regex': '.*"user":"'+userId+'".*'}};

   req.logout();
   res.redirect('/');

   Session.remove(filter,function(err,data){
       socketio.sockets.to(userId).emit('user.logout');
   });
};

然后通过API路由调用此方法.

And an API route call this method.

这篇关于NodeJS注销所有用户会话的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！