标签:
之前不知道了,现在整理一下。
三个阶段:
1、cookie-session 实现会话 需要cookie-parse
router.get(‘/restricted‘, function(req, res, next) {
// 会话
req.session.restricted = true;
if(!req.session.restrictedCount){
req.session.restrictedCount = 1;
}else{
req.session.restrictedCount++;
}
res.redirect(‘/library‘);
});
router.get(‘/library‘, function(req, res, next){
console.log(util.inspect({cookie:req.cookies}));
if(req.session.restricted){
res.render(‘test‘,{title:req.session.restrictedCount});
}else{
res.render(‘test‘,{title:‘welcome‘});
}
})
2、basic-auth-connect 基本的http身份验证
两种方式
全局验证
var basicAuth = require(‘basic-auth-connect‘);
var auth = basicAuth(function(user, pass){
return (user === ‘test‘ && pass === ‘test‘);
});
为一个单独的路由验证
var basicAuth = require(‘basic-auth-connect‘);
var auth = basicAuth(function(user, pass){
return (user === ‘test‘ && pass === ‘test‘);
});
router.get(‘/library‘, auth, function(req, res, next){
3、express-session 会话身份验证:管理会话。
删除身份验证:destroy 注意要写对
redirect时,不要加{}
书上的例子是需要body-parse cookie-parse(secret), 官网的例子是只需要express-session
教程:http://www.cnblogs.com/chenchenluo/p/4197181.html
服务器端发送session两种方式:cookie, url重写
不设置maxage的话,浏览器关闭就会失效
一般会写入内存,但也可以写入其他数据库。
官网教程:https://github.com/expressjs/session
默认是内存存储;上线之后,要存入到数据库中。
session()的属性
cookie:path,httponly, secure, maxAge
secure:true->https
secure:false->http, trust proxy
genid
name:同一主机(hostname+port),需用name区分session
proxy
resave: 如果有touch,则设false;否则设true,一般为true
rolling:false
saveUninitialized:
secret:store, unset
方法:regenerate destory reload save touch(跟新maxAge的属性)
属性:req.session.id req.session.cookie req.sessionID
存储到数据库
有body-parse cookie-parse可以,单独使用express-session也可以(官网),以下只是使用了destroy regenerate方法,还有很多功能没用到。
var bodyParser = require(‘body-parser‘);
var cookieParser = require(‘cookie-parser‘);
var session = require(‘express-session‘);
app.use(cookieParser(‘sfp‘));
app.use(session());
router.get(‘/restricted‘, function(req, res, next) {
// 会话
if(req.session.user){
res.render(‘result‘, {
title: ‘title‘,
success: req.session.success
})
}else{
console.log(‘error‘+req.session.error);
req.session.error = ‘access denied‘;
res.redirect(‘/login‘);
}
});
router.get(‘/logout‘, function(req, res, next) {
// 会话
req.session.destroy(function(){
res.redirect(‘/login‘);
})
});
router.get(‘/login‘, function(req, res, next) {
// 会话
if(req.session.user){
console.log(‘get login user‘);
res.redirect(‘/restricted‘);
}else if(req.session.error){
console.log(‘get login error‘);
res.render(‘test‘, {
title: ‘login‘,
response: req.session.error
})
}else{
console.log(‘get login‘);
res.render(‘test‘, {
title: ‘login‘,
response: ‘get‘
})
}
});
router.post(‘/login‘, function(req, res, next) {
console.log(req.body.uname);
console.log(req.body.pw);
// 会话
var user = {name: req.body.uname, password:md5(‘test‘)};
if(user.password === md5(req.body.pw)){
console.log(‘post login success‘);
req.session.regenerate(function(){
req.session.user = user;
req.session.success = ‘auth as ‘+user.name;
res.redirect(‘/restricted‘);
})
}else{
console.log(‘post login fail‘);
req.session.regenerate(function(){
req.session.error = ‘auth faild‘;
res.redirect(‘/restricted‘);
})
}
});
标签:
原文地址:http://www.cnblogs.com/wang-jing/p/4977685.html
