Express Passport.js：req.user VERSUS req.session.passport.user [英] Express Passport.js: req.user VERSUS req.session.passport.user

问题描述

根据这篇文章

http：// toon .io / understanding-passport.js-authentication-flow /

它看起来好像PassportJS / Express存储登录用户在两个地方

it looks as though PassportJS/Express store the logged in user in two places

req.user

和

req.session.passport.user

为什么两个？我应该使用哪一个？当我使用护照注销时，是否会破坏req.user和req.session.passport.user？

why both? which one should I use? When I logout with passport, does it destroy both req.user and req.session.passport.user?

推荐答案

你应该永远，始终在您自己的代码中使用 req.user - 这很重要，因为如果您使用 req.session.passport .user ，您本质上是将用户信息从会话cookie中提取出来（可能已经过时）。

You should always, always use req.user in your own code -- this is important because if you use req.session.passport.user, you're essentially pulling user information out of a session cookie (which may be outdated).

总是最好依靠 req.user 而不是直接使用Cookie数据，根据您的实施情况，该信息可能已过期。

It's always best to rely on req.user as opposed to cookie data directly, as depending on your implementation, that information might be out of date.

并回答你的问题：如果你登录一个用户，那么 req.session 和 req.user 将会不再可用。

And to answer your question: if you log a user out, both req.session and req.user will no longer be available.

这篇关于Express Passport.js：req.user VERSUS req.session.passport.user的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！