express req.session对象如何持久化? [英] How is the express req.session object persisted?

问题描述

我对学习Node和Express还是很陌生，但我仍在尝试用express围绕代码流.假设我们在session.js中有如下代码:

I'm very new to learning Node and Express, and I'm still trying to wrap my head around the code flow with express. Suppose we have code that looks like this in a session.js:

app.post('/session', notLoggedIn, function(req, res) {
    User.findOne({
        username: req.body.username, 
        password: req.body.password
    }, function (err, user) {
        if (err) {
            return next(err);
        }
        if (user) {
            req.session.user = user;
            res.redirect('/users');
        } else {
            res.redirect('/session/new');
        }
    }); 
});

假设用户是必需的mongo模式.我发现奇怪的是session.user分配:

Assuming the User is a required mongo schema. What I find strange is the session.user assignment:

req.session.user = user;

由于req变量在重定向后将超出范围，但是显然我们这样做是为了保留用户数据，因此我需要弄清楚以下哪种情况描述了正在发生的情况. (A)被分配给req参数的参数(在调用回调时)存储在/仍在堆栈中的某个位置，(B)会话被存储/在堆栈中，并在分配给新的req对象之前被分配传递给回调函数，或(C)与B相同，但在用户字段上(似乎不太可能，可能是我做的).

Since the req variable will be out of scope after the redirect, but we're obviously doing this to persist the user data, I'm left with figuring out which of the following scenarios describe what is happening. Either (A) the argument that's being assigned to the req parameter (when the callback is called) is stored/somewhere still on the stack, (B) the session is stored/on the stack and being assigned to a new req object before it's passed in to the callback, or (C) the same as B, but on the user field (seems unlikely and maybe contrived on my part).

推荐答案

有一个整体会话数据结构，用于存储所有会话信息(例如全局变量，但也可以存储在数据库中-至少在整个数据库中都是持久的)连接).每个客户端的会话数据使用一个唯一的密钥索引到会话存储中，以获取该客户端的会话数据.

There's an overall session data structure that stores all session info (like a global, but it could also be in a database - just something that is persistent at least across connections). Each client's session data uses one unique key to index into the session store to get the session data for that client.

为给定浏览器客户端建立会话的一部分是创建唯一的客户端密钥(通常将其存储在cookie中)，该客户端密钥成为全局会话对象的索引.

Part of establishing a session for a given browser client is creating a unique client key (which will usually be stored in a cookie) that becomes the index into the global session object.

在传入的HTTP请求上，支持会话的Express中间件检查特定的客户端cookie，并且如果该特定cookie在http请求上找到并在全局会话对象/数据库中找到，则它将该会话的存储信息添加到http请求处理程序供以后使用的请求对象.

On an incoming http request, Express middleware that supports the session checks a particular client cookie and if that particular cookie is found on the http request and is found in the global session object/database, then it adds that session's stored info to the request object for the http request handler to later use.

所以，这是一个典型的序列:

So, here's a typical sequence:

1. 传入的HTTP请求.
2. 中间件检查会话cookie.
3. 如果会话cookie不存在，则创建一个，然后在该过程中创建一个唯一的ID，以标识此http客户端.
4. 在持久会话存储中，为此新客户端初始化会话.
5. 如果存在会话cookie，则在会话存储中查找该客户端的会话数据，并将该数据添加到请求对象中.
6. 会话中间件处理结束
7. 此HTTP请求的Express处理之后，将到达匹配的请求处理程序.来自会话存储的该特定http客户端的会话数据已经附加到请求对象，并且可供请求处理程序使用.

这篇关于express req.session对象如何持久化?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！