在Redis上共享一个用于Django和Express.js应用程序的会话存储 [英] Sharing a session store on Redis for a Django and a Express.js Application

问题描述

我想用一些登录的用户创建一个Django应用程序。另一方面，由于我想要一些实时功能，我想使用一个Express.js应用程序。

I want to create a Django application with some logged-in users. On another side, since I want some real-time capabilities, I want to use an Express.js application.

现在，问题是，我不想要未经身份验证用户访问Express.js应用程序的数据。所以我必须在Express.js和Django应用程序之间共享一个会话存储。

Now, the problem is, I don't want unauthentified users to access Express.js application's datas. So I have to share a session store between the Express.js and the Django applications.

我以为使用Redis是个好主意，因为易失性的键是完美的这个适合，我已经使用Redis作为应用程序的另一部分。

I thought using Redis would be a good idea, since the volatile keys are perfect for this fit, and I already use Redis for another part of the application.

在Express.js应用程序中，我会有这样的代码：

On the Express.js application, I'd have this kind of code :

[...]
this.sessionStore = new RedisStore;
this.use(express.session({
  // Private crypting key
  secret: 'keyboard cat', // I'm worried about this for session sharing
  store: this.sessionStore,
  cookie: {
    maxAge: 1800000
  }
}))
[...]

rel =noreferrer> django-redis-session 应用程序。

On the Django side, I'd think of using the django-redis-session app.

那么这是一个好主意吗？不会有什么问题吗？特别是关于秘密密钥，我不知道他们会共享相同的会话。

So, is this a good idea? Won't there be any problem? Especially about the secret key, I'm not sure they will both share the same sessions.

推荐答案

你将不得不写一个Express或Django的自定义会话存储。默认情况下，Django（以及django-redis-sessions）将会话存储为腌制的Python对象。将会话快速存储为JSON字符串。 Express，with connect-redis，在redis中的密钥 sess：sessionId 下存储会话，而Django（不完全确定）似乎将它们存储在密钥的sessionId 。您可能可以使用django-redis-sessions作为基础，并覆盖 encode ， decode ， _get_session_key ， _set_session_key 或许还有其他几个。您还必须确保以相同的方式存储和加密Cookie。

You will have to write a custom session store for either Express or Django. Django, by default (as well as in django-redis-sessions) stores sessions as pickled Python objects. Express stores sessions as JSON strings. Express, with connect-redis, stores sessions under the key sess:sessionId in redis, while Django (not totally sure about this) seems to store them under the key sessionId. You might be able to use django-redis-sessions as a base, and override encode, decode, _get_session_key, _set_session_key and perhaps a few others. You would also have to make sure that cookies are stored and encrypted in the same way.

显然，为Express创建可以腌制的会话存储将变得更加困难并解开Python对象。

Obviously, it will be way harder to create a session store for Express that can pickle and unpickle Python objects.

这篇关于在Redis上共享一个用于Django和Express.js应用程序的会话存储的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！