Node Express Connect-会话管理 [英] Node Express Connect - Session Management

问题描述

我已经为ArangoDB for ConnectJS编写了一个会话存储驱动程序.它正在运行，尽管仍然在Alpha中非常多，但是我有几个问题.

I've written a session store driver for ArangoDB for ConnectJS. It is working, although still very much in alpha, but I have a couple questions.

具有expires属性为"false"的首个会话仅在用户代理期间有效.我注意到关闭浏览器窗口时未调用session.destroy().这导致在商店中留下被遗弃"的会话.如何有效清除这些内容?有没有办法定期搜索和销毁废弃的会话?

First sessions that have an expires attribute of "false" only remain for the duration of the user-agent. I've noticed that session.destroy() is not called when the browser window is closed. This results in an "abandoned" session left in the store. How can I effectively clear these out? Is there a way to search for and destroy abandoned sessions on a scheduled basis?

第二，我已经实现了此页面上概述的会话存储的最低要求: http://www.senchalabs.org/connect/session.html (靠近底部)

Second, I have implemented the minimum requirements for my session store as outlined on this page: http://www.senchalabs.org/connect/session.html (close to the bottom)

那将被获取，设置并销毁.推荐的其他两种方法是长度和清除.这些方法究竟应该做什么?我假设length返回会话处于活动状态的时间长度? 清除"与销毁有何不同?谢谢！

That would be get, set, and destroy. The other two recommended methods are length and clear. What exactly should these methods do? I assume length returns the length of time a session has been active? How is 'clear' different than destroy? Thanks!

推荐答案

除非您在客户端上操纵了一些事件以通知服务器窗口正在关闭，否则服务器将无法知道会话已不再使用.

Unless you rigged up some event on the client to notify the server the window is closing, the server would have no way of knowing the session is no longer used.

您想从心理上将会议分为两个部分.其中一部分是在节点和浏览器之间传递的令牌(cookie).第二个是存储区(基本的MemoryStore或Redis，或新的会话存储区用于另一个数据库)中会话的实际持久性.所有连接会话代码正在做的就是将这些与每个请求进行匹配.

You want to mentally think about sessions as two parts. One part is the token (the cookie) that is passed between node and the browser. The second is the actual persistence of sessions in a store (either the basic MemoryStore or Redis, or your new session store for another database). All the connect session code is doing is matching these up with every request.

• 检查会话cookie
• 如果存在，请尝试在商店中查找
• 使从商店中检索到的数据可用于请求
• 在请求结束时，更新cookie的TTL信息
• 将会话写回商店

请注意，除非您正在使用MemoryStore，否则Node不会在您的请求运行期间将会话数据存储在内存中. (好吧，它会在内存中保留一段时间，但不会被引用，并且会受到垃圾回收).考虑各种部署方案时，这很有意义.

Notice that unless you are using the MemoryStore, Node doesn't have the session data in memory other than while your request is operating on it. (Well, it would be in memory for a while but would be unreferenced and subject to garbage collection). When you think about various deployment scenarios this makes sense.

因此，服务器端会话期满的工作落在存储本身上. Redis之所以出色的原因之一是因为它自动管理过期的事情，您可以看到connect-redis在做

Thus, the job of server-side expiration of sessions falls to the Store itself. One of the reasons Redis is great for this is because it manages expiring things automatagically, which you can see connect-redis doing in its set operation:

  RedisStore.prototype.set = function(sid, sess, fn){
    sid = this.prefix + sid;
    try {
      var maxAge = sess.cookie.maxAge
        , ttl = this.ttl
        , sess = JSON.stringify(sess);

      ttl = ttl || ('number' == typeof maxAge
          ? maxAge / 1000 | 0
          : oneDay);

      debug('SETEX "%s" ttl:%s %s', sid, ttl, sess);
      this.client.setex(sid, ttl, sess, function(err){
        err || debug('SETEX complete');
        fn && fn.apply(this, arguments);
      });
    } catch (err) {
      fn && fn(err);
    } 
  };

您会看到它用TTL除以1000，因为它使用秒而不是毫秒来表示其过期时间. 最受欢迎的MongoDB Session 存储以相同的方式使用MongoDB的TTL功能.

You can see that it divides TTL by 1000 because it uses seconds rather than millis for its expiration. The most popular MongoDB Session store uses MongoDB's TTL feature in the same way.

所以说了很长的话，您要么依靠数据库引擎来自动提供会话的服务器端到期，要么您需要自己实现到期.您可能在节点应用程序之外有一个进程(可能是另一个节点进程)来执行此操作，或者您的商店实现可以安装SetInterval任务来定期检查和清理它.例如，基于MySQL的会话存储就是这样

So this was a long way of saying that you will either rely on your DB engine to provide server-side expiration of sessions automatically or you need to implement expiration yourself. You could have a process outside of your node app (maybe another node process) that does it or your store implementation could install a SetInterval task to periodically check and clean it. As an example, a MySQL-based session store does just that

关于问题的第二部分，length和clear在做什么?评论者是正确的，RedisStore没有实现这些，并且可以安全地忽略它们，但是您可以在

Regarding the second part of your question, what are length and clear doing? The commenter is correct that RedisStore doesn't implement these and they can probably be ignored safely, however you can see their implementations in the MemoryStore source code. Not too exciting.

clear清空所有会话，并在提供回调的情况下回调:

clear empties all the sessions and the callsback if a callback is provided:

MemoryStore.prototype.clear = function(fn){
  this.sessions = {};
  fn && fn();
};

length只需使用商店中的会话数进行回叫:

length simply calls back with the number of sessions in the store:

MemoryStore.prototype.length = function(fn){
  fn(null, Object.keys(this.sessions).length);
};

希望这很有帮助.

这篇关于Node Express Connect-会话管理的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！