如何解码使用Connect的cookieSession设置的cookie机密? [英] How to decode a cookie secret, set using Connect's cookieSession?
问题描述
我正在使用Connect的 cookieSession()
设置cookie。这似乎可以加密Cookie的秘密值,返回类似s:j:{}。8gxCu7lVJHVs1gYRPFDAodK3 + qPihh9G3BcXIIoQBhM'
I am setting a cookie using Connect's cookieSession()
. This seems to encrypt the cookie's secret value, returning something like 's:j:{}.8gxCu7lVJHVs1gYRPFDAodK3+qPihh9G3BcXIIoQBhM'
我如何解密Cookie的值?
How do I decrypt the cookie's value?
示例代码:
app.use(express.bodyParser());
app.use(express.cookieParser());
app.get('/setcookie', function(req, res, next){
res.app.use(express.cookieSession({ key: "test", secret: "test" }));
console.log(req.cookies.test);
res.end();
});
app.get('/', function(req, res, next){
console.log(req.cookies.test);
res.end();
});
推荐答案
嗯...你似乎有点困惑有关使用cookie会话的信息。
Hmmm... you seem to be a bit confused about the use of cookie sessions.
-
您的
/ setcookie
路径没有没有设置任何Cookie /会话值。要使用cookie会话,您需要在req.session
上设置一些值,例如req.session.message =嗨! / code>这些值现在存储在cookie中。
Your
/setcookie
path doesn't set any cookie/session values. To use a cookie session, you need to set some values onreq.session
, for examplereq.session.message = "Hi there!"
These values are now stored in the cookie.
您不能 res.app.use()
在一个回调中,请求会话将无法以这种方式在其他任何地方工作。要在另一个请求中读取这些cookie,请将 app.use(express.cookieSession({key: test,secret: test})));
放在应用程序中级别。
You can't res.app.use()
in just one callback, the request session won't work anywhere else this way. To read those cookies in another request, put the app.use(express.cookieSession({ key: "test", secret: "test" }));
at the application level.
编辑:实际上,我已经考虑过您的res.app.use()调用,它可能会中断每当有人请求 / setcookie
时,就会在应用中添加越来越多的中间件层(cookieSession),从而导致应用泄漏。如果您只想在特定请求中添加cookieSession中间件,则需要执行以下操作:
Actually I've thought about your res.app.use() call and it could break your app / cause memory to leak by adding more and more middleware layers (cookieSession) to your app, each time someone requests /setcookie
. If you want to only add the cookieSession middleware in specific requests, you need to do the following:
yourParser = express.cookieSession({ key: "test", secret: "test" });
app.get('/', yourParser, ...);
app.get('/setcookie', yourParser, ...);
解决方案
这是实际的固定值来源:
Solution
This is the actual fixed source:
app.use(express.bodyParser());
app.use(express.cookieParser());
app.use(express.cookieSession({ key: "test", secret: "test" }));
app.get('/setcookie', function(req, res, next){
req.session.message = "Hellau there";
res.end();
});
现在要检查这些值,在 app.get('/', ...)
试试这个:
Now to inspect those values, in app.get('/',...)
try this:
app.get('/', function(req, res, next){
console.log(req.session); //Yay, this will be available in all requests!
res.end();
});
调试
并回答问题如何手动解码cookie中存储的内容,请查看 connect / lib / middleware / cookieSession.js
:
// cookieParser secret
if (!options.secret && req.secret) {
req.session = req.signedCookies[key] || {};
} else {
// TODO: refactor
var rawCookie = req.cookies[key];
if (rawCookie) {
var unsigned = utils.parseSignedCookie(rawCookie, secret);
if (unsigned) {
var originalHash = crc16(unsigned);
req.session = utils.parseJSONCookie(unsigned) || {};
}
}
}
花费 req.cookies [key]
(基本上是您已经在做的事情( req.cookies.test
)),将其弹出到 utils.parseSignedCookie
并将其弹出到 utils.parseJSONCookie
。
It takes req.cookies[key]
(basically what you've been doing already (req.cookies.test
)), pops it into utils.parseSignedCookie
and pops that into utils.parseJSONCookie
.
我将您的原始Cookie字符串放在最后的utils.js文件中:
I put your raw cookie string into the utils.js file at the end:
var signed = exports.parseSignedCookie(
's:j:{}.8gxCu7lVJHVs1gYRPFDAodK3+qPihh9G3BcXIIoQBhM'
, 'test');
var parsed = exports.parseJSONCookie(signed);
console.log(parsed);
并运行它。猜猜我得到了什么:
and ran that. Guess what I got:
{}
为什么?因为您从未在 req.session
对象上进行任何设置。 :)
Why? Because you never set anything on the req.session
object. :)
这篇关于如何解码使用Connect的cookieSession设置的cookie机密?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!