在 SessionStore 中而不是在 cookie 中设置 Node.js Express 会话过期时间
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/22354004/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Setting Node.js Express session expiration time in SessionStore in stead of in cookie
提问by Redsandro
Everything I can find on Express Sessions expiring times is about setting the cookie.
我能在 Express Session的过期时间上找到的所有内容都是关于设置 cookie 的。
session.cookie.expires = null; // Browser session cookie
session.cookie.expires = 7 * 24 * 3600 * 1000; // Week long cookie
But the expire date of cookies is not 'secured' with your secret, as these are just cookie settings your browser manages.
但是 cookie 的过期日期不是“安全”的secret,因为这些只是您的浏览器管理的 cookie 设置。
How can I set the expire date of the session in the session store? Because theoretically, when someone uses your computer, they can 'fix' the expiration time of an expired cookie and continue the session, if the server side session isn't also expired at the same time as the cookie.
如何在会话存储中设置会话的过期日期?因为理论上,当有人使用您的计算机时,他们可以“修复”过期 cookie 的过期时间并继续会话,如果服务器端会话也没有与 cookie 同时过期。
I can't find anything about how this works or how to set/change this.
我找不到任何关于它是如何工作的或如何设置/更改它的信息。
回答by bnuhero
With the Session middleware, only the encrypted session ID is stored in the client side cookie. The expired date is stored as req.session.cookie.expiresin the server side store. So we can add a custom middle to check whether current session is expired.
使用 Session 中间件,只有加密的会话 ID 存储在客户端 cookie 中。过期日期存储req.session.cookie.expires在服务器端存储中。所以我们可以添加一个自定义的中间件来检查当前会话是否过期。
// ...
app.use(express.cookieParser());
app.use(express.session({secret:'yoursecret', cookie:{maxAge:6000}}));
app.use(function(req, res, next) {
// if now() is after `req.session.cookie.expires`
// regenerate the session
next();
});
// ...
回答by catamphetamine
I wrote the solution today as the project needed that.
由于项目需要,我今天编写了解决方案。
Here it is:
这里是:
https://github.com/expressjs/session/issues/173
https://github.com/expressjs/session/issues/173
There are instructions there.
那里有说明。
