发表新帖
发表新帖

How can I find the session Id when using express / connect and a session store?

前端 未结
关注
4 573
星月不相逢
星月不相逢 2021-01-31 16:55

If a user is already logged in and tries to login again in a new instance I\'d like it to log out the other user instance. I don\'t want the same user to be logged in twice on m

相关标签:
4条回答
  • 孤独总比滥情好
    2021-01-31 17:06

    For recent readers;

    Connect middlewares are not included in Express since version 4.

    So in order to have req.sessionID work you must do following:

    1. Make sure you have cookie-parser abd express-session modules inside your package.json. If it's not added, add them:
    npm install express-session --save
npm install cookie-parser --save
    1. Be careful about the order while requiring them in your app.js file and add required configuration parameters.
    var cookieParser = require('cookie-parser');
var session = require('express-session')
app.use(cookieParser());
app.use(session({
    secret: '34SDgsdgspxxxxxxxdfsG', // just a long random string
    resave: false,
    saveUninitialized: true
}));
    1. Now you should be using req.sessionID and req.session.id.
    0 讨论(0)
  • 时光取名叫无心
    2021-01-31 17:07

    Store the SID with the account, when the user logs in during the database validation of the user account call .destroy(sid, fn), then update the SID in the database with the current SID of the user.

    In my case using MongoDB this is how i've done it:

    app.post('/login', function(req, res)
{
  var sid = req.sessionID;
  var username = req.body.user;
  var password = req.body.pass;

  users.findOne({username : username, password : password}, function(err, result)
  { 
    ...
    sessionStore.destroy(result.session, function(){
       ...
       users.update({_id: result._id}, {$set:{"session" : sid}});
       ...
    }
    ...
  }
}
    0 讨论(0)
  • 渐次进展
    2021-01-31 17:12

    Question: Is it possible to query Redis to obtain the session id based on the username?

    No. The session keys in redis are not named after the username.

    Here's a thought, though: When an already logged in user tries to login again, can't you see that, in your application, and either destroy the old session immediately, or not allow them to login again?

    0 讨论(0)
  • 渐次进展
    2021-01-31 17:14

    req.sessionID will provide you the session's ID, where req is a request object.

    0 讨论(0)
 看不清?
提交回复
热议问题