我对快速会议和Cookie缺少什么？ [英] What am I missing about express sessions and cookies?

问题描述

我在Express和Express-Session和Express-SQL-Session方面已经走得很远。当用户登录时，我已经在数据库中为会话创建了一行。这是我的设置方式：

I've gotten pretty far with express and express-session and express-sql-session. I've got it creating a row in the database for a session when a user logs in. This is how I set it:

//login route handler
this.bcrypt.compare(password, row.hashed, function(err, passwordsMatch) {
    if (passwordsMatch === true) {
        console.log("user now logged in");
        req.session.user = row;
        req.session.success = 'User successfully logged in';
        res.send(row);
        res.end();
    }
});

笨拙的海ry！我可以跳入会话表并从数据库中获取行。这里是：

Hunky dory! I can hop into my session table and get the row from the database. Here it is:

{"cookie":{"originalMaxAge":600000,"expires":"2015-08-24T23:16:20.079Z","httpOnly":false,"path":"/"},

"user":{"userID":24,"userName":"g","email":"g","joinDate":"2015-08-24T07:15:33.000Z"},"success":"User successfully logged in"}

请注意，您可以看到已设置了自定义使用对象。但是，在获取数据的下一个请求中，我在会话中检查了 user 对象：

Notice that you can see the custom use object is set. However, on the next request to get some data, I check for the user object on the session:

// some other route called after login. 
if (!req.session.user) {
    console.log('user not authorized' + JSON.stringify(req.session));
    res.send('not authorized');
    return;
}

但这会记录一个（显然）空的会话。

but that logs an (apparently) empty session.

user not authorized{"cookie":{"originalMaxAge":600000,"expires":"2015-08-24T23:27:13.455Z","httpOnly":false,"path":"/"}}

进入浏览器，我还可以看到在资源面板中没有设置cookie。这不是在Express 4和Session中自动生成的吗？文档说您不再需要express 4的expressCookie（）了。如何在后续请求上获得正确的会话？

Going into the browser, I also see no cookie is set in the resources panel. Shouldn't this be automatically generated with express 4 and session? The docs say you do not need expressCookie() with express 4 anymore. How do I get the correct session on subsequent requests?

此外，如果我再次登录，它只会在会话表中创建重复的行。 我如何在响应中正确设置cookie以使它可以用于下一个请求？

Also, if I login again, it just creates a duplicate row in the sessions table. How do I properly set a cookie in the response to make this work for the next request?

如果有帮助，这是我的会话配置：

Here's my session config if it helps:

// at the beginning of my node server 

import express = require('express');
import bodyParser = require('body-parser');
import Q = require('q');
import mysql = require('mysql');
var app = express();

import bcrypt = require('bcrypt');

import userModule = require('./userModule')
var UserRepository = new userModule.UserNamespace.UserRepository(connectToMySQL, bcrypt, Q );

import session = require('express-session');
var SessionStore = require('express-sql-session')(session);

app.use(function (req, res, next) {
    res.header("Access-Control-Allow-Origin", "*");
    res.header('Access-Control-Allow-Credentials', 'true');
    res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
    next();
});

app.use(bodyParser.urlencoded({ extended: false }))
app.use(bodyParser.json())


var storeOptions = {
    client: 'mysql',
    connection: {
        host:SQLHOST,
        port:SQLPORT,
        user:SQLUSER,
        password: SQLPASS,
        database: SQLDB
    },
    table: SESSION_TABLE,
    expires: 365 * 24 * 60 * 60 * 1000
};

var sessionStore = new SessionStore( storeOptions );

app.use(session({
    secret: 'meeogog',
    resave: false,
    saveUninitialized: false,
    cookie: { maxAge: 600000,httpOnly: false },
    store: sessionStore
}));

... 

app.post('/users/login/', function (req, res) {
    UserRepository.loginHashed(req, res);
});

..and then more routes, and so forth

推荐答案

在我发现了这个错误之后，我立即发现这是使用本地主机并且未在xhr请求上设置useCredentials的组合。 localhost是让我震惊的原因，您必须使用完全合格的127.0.0.1，并且令人头疼的是，http文件在不同的端口上提供，因此必须更改通配符以反映出来。

Right after i bountied this i discovered that it was a combination of using localhost and not setting useCredentials on the xhr request. The localhost is what tripped me up you have to use the fully qualified 127.0.0.1 and to add to the headache, the http files are served on a different port, so had to change the wildcard to reflect that.

如此...

//where the server runs on 127.0.0.1:3000 but the http runs from :9000
app.use(session({
    name:'some_session',
    secret: 'lalala',
    resave: true,
    saveUninitialized: false,
    cookie: { maxAge: 365 * 24 * 60 * 60 * 1000,httpOnly: false , domain:'127.0.0.1:9000'},
    store: sessionStore
}));


res.header("Access-Control-Allow-Origin", "http://127.0.0.1:9000");

//important
$http request (angular): useCredentials: true

这篇关于我对快速会议和Cookie缺少什么？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！