node.js 何时在 express-session 中使用 saveUninitialized 和 resave
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/40381401/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
When to use saveUninitialized and resave in express-session
提问by user7104874
I am newbie with the MEAN stack. I read the express-session github docbut there are some options which are unclear to me. Those options are saveUninitializedand resave.
我是 MEAN 堆栈的新手。我阅读了 express-session github 文档,但有一些选项我不清楚。这些选项是saveUninitialized和resave。
Can anyone please explain with exampleswhat are the advatanges of using saveUninitializedand resave, and what will the effect be if we change the boolean values in those options.
谁能用例子解释一下使用saveUninitializedand的好处是resave什么,如果我们改变这些选项中的布尔值会有什么影响。
Syntax:-
句法:-
app.use(session({
resave: false,
saveUninitialized: true,
}))
回答by robertklep
Let's assume that sessions are enabled globally (for all requests).
让我们假设会话是全局启用的(对于所有请求)。
When a client makes an HTTP request, and that request doesn't contain a session cookie, a new session will be created by express-session. Creating a new session does a few things:
当客户端发出 HTTP 请求,并且该请求不包含会话 cookie 时,将创建一个新会话express-session。创建一个新会话会做一些事情:
- generate a unique session id
- store that session id in a session cookie (so subsequent requests made by the client can be identified)
- create an empty session object, as
req.session - depending on the value of
saveUninitialized, at the end of the request, the session object will be stored in the session store (which is generally some sort of database)
- 生成唯一的会话 ID
- 将该会话 ID 存储在会话 cookie 中(以便可以识别客户端发出的后续请求)
- 创建一个空的会话对象,如
req.session - 根据 的值
saveUninitialized,在请求结束时,会话对象将存储在会话存储中(通常是某种数据库)
If during the lifetime of the request the session object isn't modified then, at the end of the request and when saveUninitializedis false, the (still empty, because unmodified) session object will not be stored in the session store.
如果在请求的生命周期内会话对象没有被修改,那么在请求结束时并且当saveUninitialized为false 时,(仍然是空的,因为未修改)会话对象将不会存储在会话存储中。
The reasoning behind this is that this will prevent a lot of empty session objects being stored in the session store. Since there's nothing useful to store, the session is "forgotten" at the end of the request.
这背后的原因是,这将防止在会话存储中存储大量空会话对象。由于没有任何有用的存储,会话在请求结束时被“忘记”。
When do you want to enable this? When you want to be able to identify recurring visitors, for example. You'd be able to recognize such a visitor because they send the session cookie containing the unique id.
您希望何时启用此功能?例如,当您希望能够识别经常性访问者时。您将能够识别这样的访问者,因为他们发送包含唯一 ID 的会话 cookie。
About resave: this may have to be enabled for session stores that don't support the "touch" command. What this does is tell the session store that a particular session is still active, which is necessary because some stores will delete idle (unused) sessions after some time.
关于resave:这可能必须为不支持“触摸”命令的会话存储启用。这样做是告诉会话存储特定会话仍处于活动状态,这是必要的,因为某些存储将在一段时间后删除空闲(未使用)会话。
If a session store driver doesn't implement the touch command, then you should enable resaveso that even when a session wasn't changed during a request, it is still updated in the store (thereby marking it active).
如果会话存储驱动程序没有实现 touch 命令,那么您应该启用,resave以便即使在请求期间会话未更改,它仍会在存储中更新(从而将其标记为活动)。
So it entirely depends on the session store that you're using if you need to enable this option or not.
因此,如果您需要启用此选项,这完全取决于您使用的会话存储。
回答by spencer.sm
One thing to note is that if you set saveUninitializedto false, the session cookie will not be set on the browser unless the session is modified. That behavior may be implied but it was not clear to me when I was first reading through the documentation.
需要注意的一件事是,如果您设置saveUninitialized为false,则除非修改会话,否则不会在浏览器上设置会话 cookie。这种行为可能是隐含的,但当我第一次阅读文档时并不清楚。
