如何阻止Firebase Auth处理的后端继续进行其他浏览器/会话 [英] How to stop Firebase auth handled backend from carrying on to other browsers / sessions
问题描述
我正在创建基于身份验证的Web应用程序.当只有一个会话正在运行时,它可以正常工作,但是如果另一个会话上的用户登录,它将一直连接到所有会话,从而使每个人都可以查看该用户的信息并使用他们的权限.
I'm in the process of creating an authentication based web app. It works fine when only one session is running, but if a user on another session is logged in, it carries through to all sessions allowing everyone to see that user's information and use their permissions.
我确定这是因为我处理了这篇文章中的所有身份验证后端: Firebase Auth:用户会话已携带到不同的浏览器
I've determined that this is because I handle all of my authentication backend from this post: Firebase Auth : User session carried to different browser
但是我想知道是否有任何修复而不必处理客户端.上面的帖子未提供任何修复或建议.
But I'd like to know whether there are any fixes without having to handle anything client-side. The post above doesn't give any fixes or advice.
这是登录路线:
app.post('/postSignIn', function(req, res) {
console.log(req.body);
let password = req.body.password;
let email = req.body.email;
let user = firebase.auth().currentUser;
if (user) {
//TODO: Show user info is correct and redirect
success = "You're already logged in!";
res.render('login', {
success: success
})
} else {
firebase.auth().signInWithEmailAndPassword(email, password).catch(function(error) {
var errorCode = error.code;
var errorMessage = error.message;
console.log(errorMessage)
res.render('login', {
error: errorMessage
})
})
.then(
).catch(
firebase.auth().onAuthStateChanged(function(user) {
if (user) {
success = "You're logged in!";
res.render('login', {
success: success
})
} else {
res.render('login', {
error: errorMessage
})
}
})
);
}
})
这是如何检查身份验证状态的示例:
And here is an example of how the auth states are checked:
app.get('/makeThing', function(req, res) {
if (firebase.auth().currentUser) {
res.render('makeThing')
} else {
res.render('things', {
error: 'Login first.',
things: things,
})
}
});
我认为这将处理不同的会话,但不会,并且所有会话都记住firebase.auth().currentUser,因此,如果一个用户登录,则所有其他会话都将登录到他们的帐户.如果有人可以描述一个前端或后端解决方案,包括使用Passport或Auth0之类的修复程序,那将是很好的.
I thought this would handle different sessions, but it doesn't and firebase.auth().currentUser is remembered for all sessions, so if one user is logged in, all other sessions are logged into their account. It would be great if someone could describe either a front end or backend solution including a fix using something like Passport or Auth0.
该应用程序也托管在Heroku上,因此,通过该应用程序进行的任何修复(例如,为每个用户运行不同的实例)也将受到赞赏.
The app is also being hosted on Heroku, so any fixes through there, such as running a different instance per user, would be appreciated as well.
推荐答案
如果有人遇到相同的问题,请使用cookie!经过一段时间的研究,我确定这是最好的解决方案.
If anyone is having the same problem, use cookies! After researching for a while I determined that it was the best solution.
此溢出页很好地解释了如何使用它们. 如何使用以下方法在节点js中设置cookie表达框架?
This overflow page does a good job of explaining how to use them. How to set cookie in node js using express framework?
这有效,因为cookie是在客户端处理的.我建议在登录时设置Cookie,并通过它们(而不是Firebase当前用户功能)通过它们检查当前身份验证状态.它对我有用!
This works because cookies are handled client side. I would recommend setting the cookies on log in and checking the current auth state through them instead of the Firebase current user functions. It worked for me!
这篇关于如何阻止Firebase Auth处理的后端继续进行其他浏览器/会话的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
