使用Nodejs Connect重新生成会话ID [英] Regenerate session IDs with Nodejs Connect

问题描述

我正在使用Node.js服务器，并且正在使用Connect框架进行开发。我正在尝试在给定的时间间隔后重新生成SID，以避免会话固定。根据文档，有一种方法叫做 req.session.regenerate 。

I'm using a Node.js server and I'm developing with the Connect framework. I'm trying to regenerate SIDs after a given interval to avoid session fixation. There's a method called req.session.regenerate which, according to the docs, should do just that.

«要重新生成会话，只需
调用该方法，完成
的新SID和Session实例即会
在要求会话中初始化»

« To regenerate the session simply invoke the method, once complete a new SID and Session instance will be initialized at req.session »

示例代码：

req.session.regenerate(function(err){
    // will have a new session here
 });

调用上述方法后，我检查了req.sessionID的值，只是发现该值与以前相同。

After calling the above method, I check the value of req.sessionID, only to find that the value is the same as before.

如果我尝试从req.session.regenerate中获取sessionID并将其写入终端，则会得到一个新的SID，即使更加令人困惑〜IE为什么您只希望在回调范围内生成SID？如果我将值赋给全局变量，则它的值是不确定的。

If I try to get the sessionID from within req.session.regenerate and write it to the terminal I get a new SID, which is even more perplexing ~ I.E why would you want the SID generated only within the scope of the callback? If I assign the value to a global variable, it's value is undefined.

我感觉到我确实忽略了它。

I've a feeling that it's something really obvious that I'm overlooking.

我们将提供任何帮助。

推荐答案

只需将响应发送回回调再生功能。由于会话再生是异步的，因此当您返回客户端时，它将仍然具有较旧的会话。

Just send the response back in the callback of the regenerate function. Since the session regeneration is async, when you return to the client it will still have the older session.

req.session.regenerate(function(err) {
                                req.session.myid = "myvalue";
                                res.simpleJSON(200, status);
                        });

这篇关于使用Nodejs Connect重新生成会话ID的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！