加载新页面时，连接会话未定义。 [英] Connect session undefined when loading new page.

问题描述

我对会话有点陌生，现在，当我尝试使用会话时，例如，成功登录后进入下一页时，会话始终是不确定的。

I'm a bit new to sessions and now when I'm trying to use them the session is always undefined for me when coming to the next page after a successful login as an example.

如果登录成功，我将执行以下操作

If my login is successful I do the following

var session = req.session;
session.user_id = String(item._id);
session.user_secure = security.security(session.user_id);

然后我重定向到另一页：

Then I redirect to another page:

res.writeHead(302, {
    'Location': '/backstageArea'
});
res.end();

然后我尝试再次执行以下操作：

And then I try to fin the session again doing this:

var session = req.session;

console.log("uid: " + String(session.user_id));
console.log("hid: " + session.user_secure);

这会导致会话未定义。

which results in the session being undefined.

这些是我在app.configure中的最后三件事：

these are my last three things in my app.configure:

app.use(express.cookieParser());
app.use(express.session({secret: 'secret', store: store, key: 'sid', cookie:{secure:true}}));
app.use(app.router);

是否是因为我重定向到新页面而导致会话丢失？
还是我做错了其他事情？

Could it be since I'm redirecting to a new page that I loose the session? Or am I doing something else wrongly?

推荐答案

通过使用 cookie：{安全： true} ，则您告诉快速应用程序和浏览器仅通过 https 发送该Cookie。

By using cookie:{secure:true}, you tell your express application and browsers to send that cookie over https only.

因此，如果您不使用 https ，则可以删除 secure：true

So if you don't use https, you can remove secure: true

安全Cookie是有用的功能，可保护您的敏感Cookie免受中间人的攻击攻击，当您在同一域中同时使用 http 和 https 时，它们将更加有用。

Secured cookies are useful feature to protect your sensitive cookies from mand-in-the-middle attack, They are much more useful when you use both http and https on the same domain.

如果要通过 nginx 或 apache 使用https，则可以需要：

If you want to use https on via nginx or apache, you may need:

app.set('trust proxy', true); // if remove this line, express will refuse to send https cookie to nginx or apache

这篇关于加载新页面时，连接会话未定义。的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！