加载新页面时,连接会话未定义。 [英] Connect session undefined when loading new page.
问题描述
我对会话有点陌生,现在,当我尝试使用会话时,例如,成功登录后进入下一页时,会话始终是不确定的。
I'm a bit new to sessions and now when I'm trying to use them the session is always undefined for me when coming to the next page after a successful login as an example.
如果登录成功,我将执行以下操作
If my login is successful I do the following
var session = req.session;
session.user_id = String(item._id);
session.user_secure = security.security(session.user_id);
然后我重定向到另一页:
Then I redirect to another page:
res.writeHead(302, {
'Location': '/backstageArea'
});
res.end();
然后我尝试再次执行以下操作:
And then I try to fin the session again doing this:
var session = req.session;
console.log("uid: " + String(session.user_id));
console.log("hid: " + session.user_secure);
这会导致会话未定义。
which results in the session being undefined.
这些是我在app.configure中的最后三件事:
these are my last three things in my app.configure:
app.use(express.cookieParser());
app.use(express.session({secret: 'secret', store: store, key: 'sid', cookie:{secure:true}}));
app.use(app.router);
是否是因为我重定向到新页面而导致会话丢失?
还是我做错了其他事情?
Could it be since I'm redirecting to a new page that I loose the session? Or am I doing something else wrongly?
推荐答案
通过使用 cookie:{安全: true}
,则您告诉快速应用程序和浏览器仅通过 https 发送该Cookie。
By using cookie:{secure:true}
, you tell your express application and browsers to send that cookie over https only.
因此,如果您不使用 https
,则可以删除 secure:true
So if you don't use https
, you can remove secure: true
安全Cookie是有用的功能,可保护您的敏感Cookie免受中间人的攻击攻击,当您在同一域中同时使用 http
和 https
时,它们将更加有用。
Secured cookies are useful feature to protect your sensitive cookies from mand-in-the-middle attack, They are much more useful when you use both http
and https
on the same domain.
如果要通过 nginx
或 apache
使用https,则可以需要:
If you want to use https on via nginx
or apache
, you may need:
app.set('trust proxy', true); // if remove this line, express will refuse to send https cookie to nginx or apache
这篇关于加载新页面时,连接会话未定义。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!