我如何进行两次快速会议? [英] How do I have two Express sessions?
问题描述
我有一个使用PassQ的应用程序,该应用程序具有GraphQL端点和/logout端点.出于某种原因,当我从GraphQL端点内部调用request.isAuthenticated()时,我又得到了true,但是当我从/logout端点内部进行了相同的调用时,却又得到了false.
I have a Passport-using application with a GraphQL endpoint and a /logout endpoint. For some reason when I called request.isAuthenticated() from inside the GraphQL endpoint I got back true, but when I made the same exact call from inside the /logout endpoint I got back false.
因此,我做了一些日志记录(request.session.id),结果发现我以某种方式结束了两个会话.仍然陌生,我的GraphQL终结点使用的会话是持久性的:如果我重新启动服务器,它会保持相同的ID,而/logout中的那个会不断变化.
So, I did a bit of logging (of request.session.id) and it turns out that I somehow wound up with two sessions. Stranger still, the session used by my GraphQL endpoint is persistent: if I restart the server it keeps the same ID, while the one in /logout keeps changing.
我认为发生的事情是持久性会话是基于cookie/DB的,因此当我的客户端发出其第一个请求时,恢复了该会话,而/logout会话不是基于cookie的并通过服务器重置.我不明白为什么我要参加两次会议!
I think that what's happening is that the persistent session is cookie/DB-based, and so gets restored when my client makes its first request, while the /logout session is not cookie-based and gets reset with the server. What I don't understand is why I have two sessions!
以下是相关代码:
// Session setup
const store = new KnexSessionStore({ knex, tablename: 'sessions' });
app.use(
session({
cookie: { maxAge: 1000 * 60 * 60 * 24 * 5},
secret: `a secret`,
store
})
);
// Passport setup
passport.serializeUser((user, done) => done(null, user));
passport.deserializeUser((user, done) => done(null, user));
app.use(passport.initialize());
app.use(passport.session());
// GraphQL Setup
// NOTE: request.session.id from inside a function in schema = persistent session
const graphQLHandler = graphqlHTTP(request =>({ graphiql: true, schema }));
app.use('/graphql', graphQLHandler);
// Logout Setup
app.get('/logout', (request, response) => {
// NOTE: request.session.id = non-persistent session
response.send(`user has been logged out`); // someday do request.logout()
});
如您所见,快速会话设置功能(session)仅被调用一次.我确实打过电话app.use(passport.session())(看起来可能正在创建第二个会话),但是我的理解是,这行代码只是告诉Passport使用该会话……它不会创建整个单独的并行会话.
As you can see, the express session setup function (session) is only called once. I do call app.use(passport.session()) (which looks like it might be creating a second session), but my understanding is that line just tells Passport to use the session ... it doesn't create a whole separate parallel session.
任何人都可以解释发生了什么事,以及如何让我的应用程序共享一个会话?或者,如果有人可以解释,每当创建会话时,我可以在哪里添加一些代码以引发错误(以便我可以弄清代码的哪一部分创建了第二个会话),这也将有所帮助.
Can anyone explain what's going on, and how I can get my app to share a single session? Or alternatively if anyone can explain where I could add some code to throw an error whenever a session gets created (so that I can figure out what part of my code creates the second session) that would helpful too.
推荐答案
我找到了答案!显然,我并不是唯一一个遇到此问题的人: https://github.com/jaredhanson/护照/问题/244 .您可以在此处阅读所有详细信息,但是...
I found the answer! Apparently I wasn't the only one having this problem: https://github.com/jaredhanson/passport/issues/244. You can read all the details there, but ...
TLDR::我的客户端从服务器fetch -ing /logout.但是默认情况下,fetch不会设置{ credentials: 'same-origin' }选项,显然您需要提供该选项,否则Passport只会默默地开始创建重复的会话:(
TLDR: My client was fetch-ing /logout from the server. However by default fetch doesn't set the { credentials: 'same-origin' } option, and apparently you need to provide that or else Passport just silently starts creating duplicate sessions :(
因此事实证明,我的服务器代码完全没有问题,此修复程序只是在客户端执行以下操作:
So it turned out there was nothing wrong with my server code at all, the fix was just doing the following on the client-side:
fetch(`/logout`, { credentials: 'same-origin' });
在这里,希望Passport的人们开始针对这种情况抛出错误,警告或其他东西,而不是让可怜的用户为莫名其妙但常见的结果而感到困惑(答案带有15个大拇指).
Here's hoping the Passport people start throwing errors or warnings or something in response to this case, rather than letting their poor users boggle at the inexplicable, but common result (the comment with the answer had 15 thumbs ups).
这篇关于我如何进行两次快速会议?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
