使用express.session和https遇到麻烦 [英] Trouble using express.session with https
问题描述
我必须使用身份验证,然后为此创建一个会话,因为我有一个在Expressjs上运行的HTTPS静态网站
I have to use authentication and then create a session for this i have a HTTPS static website running on expressjs
代码:
app.js:
//created the https server
var express = require('express');
var https = require('https');
var http = require('http');
var fs = require('fs');
var mongo = require('mongodb');
var monk = require('monk');
var db = monk('localhost:27017/svgtest1');
// This line is from the Node.js HTTPS documentation.
var options = {
key: fs.readFileSync('privatekey.pem'),
cert: fs.readFileSync('certificate.pem')
};
// Create a service (the app object is just a callback).
var app = express();
app.use(express.static(__dirname + '/public'));
app.use(express.cookieParser());
app.use(express.session({cookie: { httpOnly: false , maxAge: 24*60*60*1000}, secret: '1234567890QWERT'}));
app.use(express.urlencoded());
app.use(express.json());
// middle ware to check auth
function checkAuth(req, res, next) {
if (!req.session.user_id) {
res.send('You are not authorized to view this page');
} else {
next();
}
}
app.get('/', function(req, res) {
console.log('First page called');
res.redirect('xyz.html');
res.end();
});
app.post('/login', function(req, res) {
console.log('login called');
var usrfield = req.body.usrfield;
var passfield = req.body.passfield;
// Play with the username and password
if (usrfield == 'xxx' && passfield == 'xxx') {
req.session.user_id = '123';
res.redirect('abc.html');
} else {
res.send('Bad user/pass');
}
console.log(usrfield);
console.log(passfield);
res.end();
});
// Create an HTTPS service.
https.createServer(options, app).listen(8888);
- 当我访问
https://localhost:8888时,它会连续加载页面,并且不会重定向到xyz.html,我必须在其中输入用于验证用户身份的凭据? -
当我注释掉
- When I visits
https://localhost:8888it continuously loads the page and does not redirect to xyz.html where i have to enter the credentials to authenticate the user ? When I comment out
app.use(express.session({cookie:{httpOnly:false,maxAge:24 * 60 * 60 * 1000},secret:'1234567890QWERT'}));
app.use(express.session({cookie: { httpOnly: false , maxAge: 24*60*60*1000}, secret: '1234567890QWERT'}));
然后正确加载页面,但是当我将表单发布到/login时,它说req.session无法编写.为此,我知道是因为我已经注释掉express.session,但是奇怪的是创建了connect.sid cookie.为什么 ?
Then the page loads correctly but when i post the form to /login then it says req.session cannot be written. For this i know because i have comment out the express.session, but the strange thing is that connect.sid cookie is created. Why ?
我对问题1和2感到困惑.
I am confused regarding question 1 and 2.
推荐答案
我尝试了您的示例,它对我有用.您确定在浏览器中使用https协议吗?默认情况下,浏览器将尝试使用HTTP协议连接,除非您重定向到HTTP.使用您的设置,导航至该URL只会旋转:
I tried your example, and it works for me. Are you sure you're using the https protocol in the browser? By default, a browser will try to connect with HTTP protocol unless you redirect to HTTP. With your set, navigating to this URL will just spin:
http://localhost:8888
但是,如果您导航到该URL:
However, if you navigate to this URL:
https://localhost:8888
它将按预期工作.如果用户通过HTTP进入,大多数使用HTTPS的服务器会自动重定向到HTTPS连接,但是您仍然 必须拥有两台服务器:一台接受HTTP请求,另一台接受HTTPS请求.例如,您可以这样做:
It will work as expected. Most servers that use HTTPS automatically redirect to an HTTPS connection if the user came in over HTTP, but you still have to have two servers: one accepting HTTP request, and the other accepting HTTPS requests. For example, you could do this:
// create an HTTPS service
https.createServer(options, app).listen(443);
// create HTTP service to redirect to HTTPS
http.createServer(express().use(function(req,res){
res.redirect('https://localhost:443' + req.url);
})).listen(8888);
请注意,如果使用低于1024的端口(例如443,这对于HTTPS是常见的),则可能必须根据服务器的设置来具有提升的特权.在OSX/Linux中,只需执行sudo node app.js.当然,您不必在端口443上运行:您可以在8887上运行HTTPS服务器,而在8888上运行HTTP重定向服务器.
Note that if you use ports below 1024 (such as 443, which is common for HTTPS), you'll probably have to have elevated privileges depending on your server set up. In OSX/Linux, you would just do sudo node app.js. Of course you don't have to run on port 443: you could have your HTTPS server run on 8887 and your HTTP redirect server run on 8888.
这篇关于使用express.session和https遇到麻烦的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
