节点应用程序之间的共享会话？ [英] Shared Sessions between Node Apps?

问题描述

我目前有两个独立的节点应用程序运行在两个不同的端口，但共享相同的后端数据存储。我需要在两个应用程序之间共享用户会话，以便当用户通过一个应用程序登录时，他们的会话可用，并且似乎登录到其他应用程序。在这种情况下，它是一个面向公众的网站和一个管理后端。

我们的设置如下：

• 节点与快递


• 护照正在用于使用本地策略处理身份验证


• 我们正在使用connect-redis我们的域名如下所示：www.mydomain.com和adm.mydomain.com

这两个应用程序的会话内容（和redis）的配置是一样的：

 会话：{
选项：{
秘密：我的秘密，
 cookie：{
域：mydomain.com，
 maxAge：1000 * 60 * 60 * 24 
} 
}，
 redis：{
主机：'我的主机'，
 maxAge：86400000，
秘密：我的秘密
} 
} 
  

app.js中的会话内容配置看起来像这样：

  if（app.settings.env ===production）{
 session.options.store = new RedisStore（session.redis）; 
} 
 app.use（express.session（session.options））; 
 app.use（passport.initialize（））; 
 app.use（passport.session（{secret：'a different secret'}））; 
  

我期望做什么：让我们看到同一个会话这个两个应用程序之间的cookie中的ID。

所以我的问题是：我如何设置快递，redis和护照，以便您可以在不同的子域中共享会话？

解决方案

Express会话似乎不能识别Cookie的域选项，因此您的问题。存储会话ID的cookie会自动绑定到每个应用的域，因此无法共享。

一个选项是编写自己的单点登录模块在webapps之间共享会话。它可能会在执行顺序早期生活在一个app.use（）声明中，并且将简单地创建一个单独的cookie（将是跨域），创建一个单独的SSO会话ID，并将SSO id存储在此新的cookie中。之后，您只需根据需要交叉填充req.session和req.sso-session。

I currently have two separate node apps running on two different ports but share the same backend data store. I need to share users sessions between the two apps so that when a user logs into through one app, their session is available and they appear to logged into the other app. In this case, its' a public facing website and an administrative backend.

Our setup is the following:

• node with express
• passport is being used to handle auth with Local Strategy
• we're using connect-redis to allow us to share sessions via redis.
• our domains look like this: www.mydomain.com and adm.mydomain.com

The config for for session stuff (and redis) is the same for both apps:

session: {
    options: {
        secret: "my secret",
        cookie: {
            domain: "mydomain.com",
            maxAge:1000*60*60*24
        }
    },
    redis: {
        host: 'my host',
        maxAge: 86400000,
        secret: "my secret"
    }
}

The config for session stuff in app.js looks like this:

if ( app.settings.env === "production" ) {
    session.options.store = new RedisStore(session.redis);
}
app.use(express.session(session.options));
app.use(passport.initialize());
app.use(passport.session({ secret: 'a different secret' }));

What I expect it to do: Allow us to see the same session id in the cookie between the two apps.

So my question is: How do I set up express, redis and passport so that you can have sessions shared across different subdomains?

解决方案

Express-session does not seem to recognize the "domain" option for cookies hence your problem. The cookie storing the session id is automatically tied to the domain for each app and so it cannot be shared.

One option is to write your own single-sign-on module to share sessions across webapps. It would probably live in an app.use() declaration fairly early in the execution order and would simply create a separate cookie (which would be cross-domain), create a separate SSO session id, and store the SSO id in this new cookie. Afterwards, you simply cross-populate req.session and req.sso-session as needed.

这篇关于节点应用程序之间的共享会话？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！