【发布时间】:2014-06-19 06:03:21
【问题描述】:
我在 node.js 中使用 express + passport.js。 并希望保护我的 RestAPI。我已将会话中的令牌设置为:
saveUser = function (req, res) {
User.findOrCreate({ user_id: req.body.user_id, user_name: req.body.username })
.success(function(result){
req.session.token = 'dfgsfd4g564fg456d4gsgsdfg4';
res.send({status:"ok"});
}).error(function(error){
res.send(error);
}); };
但是这是在 req.sessionStore.sessions 中设置的,为什么。? 并且每次更改密钥时,如何从 req.sessionStore.sessions 访问令牌?
sessionStore:
{ sessions: { E8DRcn3lWkTfAJb3FsPnoeaF: '{"cookie":{"originalMaxAge":null,"expires":null,"secure":true,"httpOnly":true,"path":"/"},"passport":{},"username":"testing.user","token":"3iqZ31YdUaTtyvI6"}' },
generate: [Function],
_events: { disconnect: [Function], connect: [Function] } },
sessionID: 'Ykl9ONPvbxsTOa9Fonb6GFEP',
session:
{ cookie:
{ path: '/',
_expires: null,
originalMaxAge: null,
httpOnly: true,
secure: true },
passport: {} },
我的 app.js 文件中的这个配置。
app.configure (function () {
app.use (express.cookieParser());
app.use (express.bodyParser ());
app.use (express.methodOverride ());
app.use (express.session({ secret: 'secret_code' })); // session secret
app.use (flash());
app.use (express.json());
app.use (passport.initialize());
app.use (passport.session());
app.use (express.static(path.join(__dirname, 'public')));
app.set ('view engine', 'ejs');
app.use (app.router);
});
提前致谢。
【问题讨论】:
标签: node.js express session-cookies