Node + Passport.js + Sessions +多个服务器 [英] Node+Passport.js + Sessions + multiple servers
问题描述
护照是伟大的。我现在发现我有一些问题,如何处理会话。
我必须使用它。错误。
Passport is great. I now discovered that I have some problem with how it handles sessions. I must be using it wrong.
对我来说,登录+会话+用户数据我存储在我的数据库。
然而,我发现,当我转移到生产环境(EC2上的云,多个服务器),我每次失去登录会话。
现在对我来说很清楚 - 可能是因为会话对每个服务器是唯一的。
All works well for me with login + sessions + user data I store in my database. However I find that when I move to production environment (cloud on EC2 with multiple servers), I lose the login session each time. This is now clear to me - probably happens since the session is unique to each server.
所以我的问题是 - 我如何解决这个问题。
我想我需要在用户的浏览器上存储我自己的cookie吗?
So my question is - how do I get around this.. I guess I will need to store my own cookie on the user's browser?
这是不是意味着我不能使用express.session?
Does this mean that I cannot use express.session at all?
感谢,
Ilan
Thanks, Ilan
推荐答案
所以基本上我正在寻找(不确定这将是相同的答案为其他人)是一种方式来存储会话数据之间的负载平衡实例,而不进行DB调用每个页面视图,这似乎对我过多,因为我只需要
OK, So basically what I was looking for (not sure it would be the same answer for everyone else) was a way to store session data between loadbalanced instances without making a DB call for every page view, which seems excessive to me, since I just need to keep the user signed in to Google/FB.
似乎我在寻找的答案是cookie会话中间件
https://github.com/expressjs/cookie-session
It seems that the answer I was looking for was the cookie-session middleware https://github.com/expressjs/cookie-session
这需要替换使用MemoryStore的默认express.session机制。 BTW MemoryStore本身在运行时会给出警告,它不会扩展到单个进程,也可能导致内存泄漏。
This needs to replace the default express.session mechanism which uses MemoryStore. BTW MemoryStore itself gives you a warning when run that it will not scale past a single process, and also that it may cause a memory leak.
如果我理解正确,将会话数据本身串行化成会话cookie(加密),而不是仅仅在会话cookie中使用会话ID。
这对我来说似乎完美。显然,我不期望它工作,如果你有很多会话数据,因为一个cookie的大小有限。在我的情况下,我只需要的名称,ID和头像url,所以我认为这将足够了。
感谢所有帮助过的人。
Which if I understand correctly is serializing the session data itself into the session cookie (encrypted) instead of just using a session ID in the session cookie. This seems perfect to me. Obviously I don't expect it to work if you have a lot of session data, since a cookie is limited in size. In my case, I just needed the name, ID and avatar url, so I think this will suffice. Thanks for everyone who helped.
这篇关于Node + Passport.js + Sessions +多个服务器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!