Do I implement serialize and deserialize NodesJS + Passport + RedisStore?

后端 未结 3 1646
自闭症患者
自闭症患者 2021-01-30 02:07

Do I implement Serialize and Deserialize?

RedisStore is setup as my session store with Express. Does this mean that I DO NOT implement Serialize and Deserialize? Will i

3条回答
  •  悲哀的现实
    2021-01-30 02:33

    If you are using sessions you have to provide passport with a serialize and deserialize function. Implementing Redis as a session store has nothing to do with how passport was implement, it only deals with where the session data is stored.

    Implementing Sessions with passport

    As I said, the serialize and deserialize functions must be provided to passport for sessions to work.

    The purpose of the serialize function is to return sufficient identifying information to recover the user account on any subsequent requests. Specifically the the second parameter of the done() method is the information serialized into the session data.

    The deserialize function that you provide is intended to return the user profile based on the identifying information that was serialized to the session.

    Here is the example from the Passport Guide in the section discussing sessions:

    passport.serializeUser(function(user, done) {
      done(null, user.id);
    });
    
    passport.deserializeUser(function(id, done) {
      User.findById(id, function(err, user) {
        done(err, user);
      });
    });
    

    In the above example passport.serializeUser() is provided a function that takes two parameters, the user profile (user) and a callback function (done). The callback function takes as it's second parameter the identifying information (user.id, but if you're using mongoDB this may be user._id) required to recover the account from the database. This will be called on every authenticated request and stores the identifying information in the session data (whether that is in a cookie or your Redis store).

    passport.deserializeUser() is provided a function that also takes two parameters, the identifying information (id) and again a callback function (done). The identifying information is what was serialized to the session data in the previous request (user.id). The callback function here requires the user profile as it's second parameter, or any error in raised in retrieving the profile as it's first parameter. The User.findById() function is a lookup function for the user profile in the database. In this example User object is an instance of a mongoose model which has the findById() function.

    The function provided to passport.deserializeUser() is called by the passport middleware, passport.session() prior to the route handling to store the user profile (user) to req.user.

    Implementing Redis as a Session Store

    The purpose of using Redis is to store session data server side so the only data stored client side is the session id. Again, this is independant of how you have implemented passport, passport doesn't care where the session data is being stored as long as you have added session support to your app. This previos question on stackoverflow addresses how to implement Redis

提交回复
热议问题