javascript express req.session 对象是如何持久化的?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/28789857/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How is the express req.session object persisted?
提问by NicholasFolk
I'm very new to learning Node and Express, and I'm still trying to wrap my head around the code flow with express. Suppose we have code that looks like this in a session.js:
我对学习 Node 和 Express 还很陌生,我仍在尝试用 express 围绕代码流。假设我们在 session.js 中有如下代码:
app.post('/session', notLoggedIn, function(req, res) {
User.findOne({
username: req.body.username,
password: req.body.password
}, function (err, user) {
if (err) {
return next(err);
}
if (user) {
req.session.user = user;
res.redirect('/users');
} else {
res.redirect('/session/new');
}
});
});
Assuming the User is a required mongo schema. What I find strange is the session.user assignment:
假设 User 是必需的 mongo 模式。我觉得奇怪的是 session.user 分配:
req.session.user = user;
Since the req variable will be out of scope after the redirect, but we're obviously doing this to persist the user data, I'm left with figuring out which of the following scenarios describe what is happening. Either (A) the argument that's being assigned to the req parameter (when the callback is called) is stored/somewhere still on the stack, (B) the session is stored/on the stack and being assigned to a new req object before it's passed in to the callback, or (C) the same as B, but on the user field (seems unlikely and maybe contrived on my part).
由于 req 变量在重定向后将超出范围,但我们显然这样做是为了保留用户数据,因此我需要弄清楚以下哪些场景描述了正在发生的事情。(A) 分配给 req 参数的参数(调用回调时)存储/仍在堆栈中的某处,(B)会话存储/在堆栈上并在它之前分配给新的 req 对象传入回调,或 (C) 与 B 相同,但在用户字段上(似乎不太可能,可能是我人为的)。
采纳答案by jfriend00
There's an overall session data structure that stores all session info (like a global, but it could also be in a database - just something that is persistent at least across connections). Each client's session data uses one unique key to index into the session store to get the session data for that client.
有一个存储所有会话信息的整体会话数据结构(就像一个全局的,但它也可以在一个数据库中——至少在连接之间是持久的)。每个客户端的会话数据使用一个唯一的键来索引会话存储以获得该客户端的会话数据。
Part of establishing a session for a given browser client is creating a unique client key (which will usually be stored in a cookie) that becomes the index into the global session object.
为给定的浏览器客户端建立会话的一部分是创建一个唯一的客户端密钥(通常存储在 cookie 中),该密钥成为全局会话对象的索引。
On an incoming http request, Express middleware that supports the session checks a particular client cookie and if that particular cookie is found on the http request and is found in the global session object/database, then it adds that session's stored info to the request object for the http request handler to later use.
在传入的 http 请求中,支持会话的 Express 中间件检查特定的客户端 cookie,如果在 http 请求中找到该特定 cookie 并在全局会话对象/数据库中找到,则将该会话的存储信息添加到请求对象中供以后使用的 http 请求处理程序。
So, here's a typical sequence:
所以,这是一个典型的序列:
- Incoming HTTP request.
- Middleware checks for session cookie.
- If session cookie not there, then create one and, in the process created a unique id to identify this http client.
- In the persistent session store, initialize the session for this new client.
- If session cookie is there, then look in the session store for the session data for this client and add that data to the request object.
- End of session middleware processing
- Later on in the Express processing of this http request, it gets to a matching request handler. The session data from the session store for this particular http client is already attached to the request object and available for the request handler to use.
- 传入的 HTTP 请求。
- 中间件检查会话 cookie。
- 如果会话 cookie 不存在,则创建一个,并在此过程中创建一个唯一的 id 来标识此 http 客户端。
- 在持久会话存储中,为这个新客户端初始化会话。
- 如果存在会话 cookie,则在会话存储中查找此客户端的会话数据并将该数据添加到请求对象中。
- 会话中间件处理结束
- 稍后在此 http 请求的 Express 处理中,它会到达匹配的请求处理程序。来自这个特定 http 客户端的会话存储的会话数据已经附加到请求对象并且可供请求处理程序使用。
