除非初始化password.js，否则会话ID不会持续存在 [英] Session IDs don't persist unless passport.js is initialized

问题描述

我有一个简单的通用快递应用程序.每当打到某条路线时，它就会记录req.sessionID.我希望刷新客户端页面会导致再次记录相同的sessionID. 如果我已经导入了护照并在会话中间件之后添加了护照中间件，则此方法有效.如果我根本不使用护照，或者在会话中间件之前添加了护照中间件，那么sessionID每次都会有所不同.

I have a simple, generic express app. It logs the req.sessionID whenever a certain route is hit. I would expect that refreshing the client page would result in the same sessionID being logged again. This works, if I've imported passport and added the passport middleware after the session middleware. If I either don't use passport at all, or I add passport middleware before the session middleware, then the sessionID is different every time.

我可以接受的是，中间件的订购可能是挑剔的.但是，我的应用程序根本不使用护照，因此我无法理解为什么我不需要护照时为什么我的应用程序无法使用. 工作需要护照吗?

I can accept that the ordering of middleware can be finicky. However, my app doesn't use passport at all, so I can't fathom why my app doesn't work if I don't require passport. Should passport be necessary for sessions to work?

    //generic express initialization
    var http = require('http');
    var express = require('express');
    var cookieParser = require('cookie-parser');
    var passport = require('passport');
    var session = require('express-session');

    var app = express();
    var server = http.createServer(app);
    var sessionMiddleware = session({resave: false, saveUninitialized: false, secret: 'hunter2'});
    app.use(cookieParser());


    //This works:
    app.use(sessionMiddleware);
    app.use(passport.initialize());

    //This doesn't:
    app.use(passport.initialize());
    app.use(sessionMiddleware);

推荐答案

切换到resave: true, saveUninitialized: true

未保存的会话未保存，因此导致反复生成新的会话ID.但是，Passport大概正在对该会话进行一些初始化，这意味着该会话不再是未修改的.

Unmodified sessions were not being saved, thus resulting in repeatedly generating new session IDs. Passport, however, was presumably doing some initialization on the session, meaning that the session was no longer unmodified.

感谢@Dodekeract和@Swaraj Giri在他们的评论中解决了这个问题！

Thanks to @Dodekeract and @Swaraj Giri for figuring the issue in their comments!

这篇关于除非初始化password.js，否则会话ID不会持续存在的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！