session handling in expressjs with router

China☆狼群 提交于 2020-08-10 04:35:52

问题


I'm using expressJS, and I'm a bit confused about sessions. I have 1 single expressJS server, which is reachable from different URLs. Depending on where the connection is coming frmo (which URL is opened), a different database is used to provide the responses. And I can see that the sessions are conflicting.

My assumption is that I should be setting different cookie names, based on the URL of the request, but it seems I can't specify a function within the session config.

Any ideas?

var app = express();
var session = require('express-session');

var router = express.Router();

app.use('/a_route', router);
app.use('/b_route', router);

router.use(session({
    genid: function(req) {
    return require('crypto').randomBytes(48).toString('hex'); // use UUIDs for session IDs
    },
    secret: 'JollynakAjollynakAjollynakApamPam',
    resave: false,
    saveUninitialized: false,
    name: **THIS SHOULD BE DYNAMIC BASED ON URL???**
}));

EDIT

//declare session variable
var sess ="";


router.post('/login', function (req, res, next) {

    sess = req.session;

    var uname = req.body.username;
    var pwd = req.body.password;
    var authResult = null;

    sess.username = uname;
    sess.instance = req.baseUrl.replace('/', '');
})

And an example AJAX call

router.get('/getSomething', function (req, res) {

    service.getCaps(sess.instance, function (response) {
        res.send(JSON.stringify(response));
    });
});

回答1:


Your cookies aren't necessarily tied to your databases. All of your routes share one cookie store. "Name" refers to the name of your session cookie and this applies to all of your routes (that's why express-session is middleware called in app.use). In general you will only have one session per express app. If you really want to distinguish these with multiple session stores, you'll want to create multiple express apps to handle your routes.

In your situation, it looks like you should really be using two entirely different routers with two entirely separate sets of URLS. You'll have some duplicate code, but since you're dealing with two separate databases, two different "sessions", and two different URLs it makes sense to separate them. Then you can have unique session variables for each route (e.g. req.session.aLogin and req.session.bLogin);

var routerA = express.Router();
var routerB = express.Router();

app.use('/a_route', routerA);
app.use('/b_route', routerB);

Another approach is just to juggle separate session variables within your routes.

router.post('/login', function (req, res) {
   req.session[req.baseUrl + 'auth'] = true;
});

router.get('/something', function (req, res) {
   if (req.session[req.baseUrl + 'auth'] { //User is authenticated for this particular database
       //Rest of your code
   }
});


来源:https://stackoverflow.com/questions/33616559/session-handling-in-expressjs-with-router

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!