何时在 express-session 中使用 saveUninitialized 和 resave [英] When to use saveUninitialized and resave in express-session

问题描述

我是 MEAN 堆栈的新手.我阅读了 express-session github doc，但有些选项我不清楚.这些选项是 saveUninitialized 和 resave.

I am newbie with the MEAN stack. I read the express-session github doc but there are some options which are unclear to me. Those options are saveUninitialized and resave.

谁能用例子解释一下使用saveUninitialized和resave的好处是什么，如果我们改变这些选项中的布尔值.

Can anyone please explain with examples what are the advatanges of using saveUninitialized and resave, and what will the effect be if we change the boolean values in those options.

语法:-

app.use(session({
  resave: false,
  saveUninitialized: true,
}))

推荐答案

假设会话是全局启用的(对于所有请求).

Let's assume that sessions are enabled globally (for all requests).

当客户端发出 HTTP 请求并且该请求不包含会话 cookie 时，express-session 将创建一个新会话.创建新会话有以下作用:

When a client makes an HTTP request, and that request doesn't contain a session cookie, a new session will be created by express-session. Creating a new session does a few things:

• 生成唯一的会话 ID
• 将该会话 ID 存储在会话 cookie 中(以便可以识别客户端发出的后续请求)
• 创建一个空会话对象，如req.session
• 根据saveUninitialized的值，在请求结束时，会话对象将存储在会话存储(通常是某种数据库)中

• generate a unique session id
• store that session id in a session cookie (so subsequent requests made by the client can be identified)
• create an empty session object, as req.session
• depending on the value of saveUninitialized, at the end of the request, the session object will be stored in the session store (which is generally some sort of database)

如果在请求的生命周期内会话对象没有被修改，那么在请求结束时，当 saveUninitialized 为 false 时，(仍然为空，因为未修改)会话对象将不会存储在会话存储中.

If during the lifetime of the request the session object isn't modified then, at the end of the request and when saveUninitialized is false, the (still empty, because unmodified) session object will not be stored in the session store.

这背后的原因是，这将防止在会话存储中存储大量空会话对象.由于没有什么可存储的，会话在请求结束时被遗忘".

The reasoning behind this is that this will prevent a lot of empty session objects being stored in the session store. Since there's nothing useful to store, the session is "forgotten" at the end of the request.

您想什么时候启用此功能?例如，当您希望能够识别经常性访问者时.您可以识别这样的访问者，因为他们发送包含唯一 ID 的会话 cookie.

When do you want to enable this? When you want to be able to identify recurring visitors, for example. You'd be able to recognize such a visitor because they send the session cookie containing the unique id.

关于resave:对于不支持touch"命令的会话存储，可能必须启用此功能.这样做是告诉会话存储特定会话仍然处于活动状态，这是必要的，因为一些存储会在一段时间后删除空闲(未使用)会话.

About resave: this may have to be enabled for session stores that don't support the "touch" command. What this does is tell the session store that a particular session is still active, which is necessary because some stores will delete idle (unused) sessions after some time.

如果会话存储驱动程序没有实现 touch 命令，那么您应该启用 resave 以便即使会话在请求期间没有更改，它仍然在存储中更新(从而将其标记为活动状态).

If a session store driver doesn't implement the touch command, then you should enable resave so that even when a session wasn't changed during a request, it is still updated in the store (thereby marking it active).

因此，是否需要启用此选项完全取决于您使用的会话存储.

So it entirely depends on the session store that you're using if you need to enable this option or not.

这篇关于何时在 express-session 中使用 saveUninitialized 和 resave的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！