express-session

用户983477825698
78 阅读1分钟 
const express = require('express');
const cookieParser = require('cookie-parser');
const session = require('express-session');
const app = express();


app.use(cookieParser());
app.use(session({
    secret: 'keyboard cat',
    resave: false,
    saveUninitialized: true
}))

// 2.1) middleware to test if authenticated
function isAuthenticated(req, res, next) {
    if (req.session.user) next()
    else next('route')
}

// 2)
app.get('/', isAuthenticated, function (req, res) {
    // this is only called when there is an authentication user due to isAuthenticated
    res.send(' <a href="/logout">Logout</a>')
});

// 3)
app.get('/', function (req, res) {
    res.send('<form action="/login" method="post">' +
        'Username: <input name="user"><br>' +
        'Password: <input name="pass" type="password"><br>' +
        '<input type="submit" text="Login"></form>')
});

app.post('/login', express.urlencoded({ extended: false }), function (req, res) {
    // login logic to validate req.body.user and req.body.pass
    // would be implemented here. for this example any combo works
  
    // regenerate the session, which is good practice to help
    // guard against forms of session fixation
    // 1)
    req.session.regenerate(function (err) {
      if (err) next(err)
  
      // store user information in session, typically a user id
      // 2)
      req.session.user = req.body.user
      req.session.gj = 'gj'
        console.log(req.body.user,'req.body.user')
        console.log(req.session.user,'req.session.user')
        console.log(req.session.gj,'req.session.gj')
      // save the session before redirection to ensure page
      // load does not happen before session is saved
      // 3)
      req.session.save(function (err) {
        if (err) return next(err)
        // 4)
        res.redirect('/')
      })
    })
})

app.get('/logout', function (req, res, next) {
    // logout logic
  
    // clear the user from the session object and save.
    // this will ensure that re-using the old sessionId
    // does not have a logged in user
    // 1)
    req.session.user = null
    // 2)
    req.session.save(function (err) {
      if (err) next(err)
  
      // regenerate the session, which is good practice to help
      // guard against forms of session fixation
      // 3)
      req.session.regenerate(function (err) {
        if (err) next(err)
        // 4)
        res.redirect('/')
      })
    })
  })
avatar
文章
阅读
粉丝