Node.js 和 Express 会话处理 - 后退按钮问题
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/6096492/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Node.js and Express session handling - Back button problem
提问by Pono
I have a restricted area '/dashboard' in my Express application. I use a very small function to limit the access:
我的 Express 应用程序中有一个受限区域“/dashboard”。我使用一个非常小的函数来限制访问:
app.get('/dashboard', loadUser, function(req, res){
res.render('dashboard', {
username: req.session.username
});
});
function loadUser(req, res, next){
if (req.session.auth) {
next();
} else {
res.redirect('/login');
}
};
The problem is that when I logout a user by calling...
问题是,当我通过调用注销用户时...
app.get('/logout', function(req, res){
if (req.session) {
req.session.auth = null;
res.clearCookie('auth');
req.session.destroy(function() {});
}
res.redirect('/login');
});
... the session is killed but when I hit Back Button in my browser I got the restricted page from browser's cache. This means no GET on '/dashboard' and no user login validation.
...会话被终止,但是当我在浏览器中点击后退按钮时,我从浏览器的缓存中获得了受限页面。这意味着“/dashboard”上没有 GET,也没有用户登录验证。
I tried using no-cache in meta (Jade Template) but it still doesn't work.
我尝试在元数据(Jade 模板)中使用 no-cache 但它仍然不起作用。
meta(http-equiv='Cache-Control', content='no-store, no-cache, must-revalidate')
meta(http-equiv='Pragma', content='no-cache')
meta(http-equiv='Expires', content='-1')
Anyone?
任何人?
回答by pkyeck
Josh's answer sadly didn't work for me. But after some searching I found this question: What's the best way to deal with cache and the browser back button?
遗憾的是,乔希的回答对我不起作用。但是经过一番搜索,我发现了这个问题:处理缓存和浏览器后退按钮的最佳方法是什么?
and adopted the answer there to this node.js/express problem. You just have to change the following line
并采用了这个 node.js/express 问题的答案。您只需要更改以下行
res.header('Cache-Control', 'no-cache');
to
到
res.header('Cache-Control', 'no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0');
Now, everytime I use the browser back button, the page is reloaded and not cached.
现在,每次我使用浏览器后退按钮时,页面都会重新加载而不是缓存。
* update for express v4.x *
* express v4.x 更新 *
// caching disabled for every route
server.use(function(req, res, next) {
res.set('Cache-Control', 'no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0');
next();
});
// otherwise put the res.set() call into the route-handler you want
回答by Josh
app.get('/dashboard', loadUser, function(req, res){
res.header('Cache-Control', 'no-cache');
res.header('Expires', 'Fri, 31 Dec 1998 12:00:00 GMT');
res.render('dashboard', {
username: req.session.username
});
});
回答by Basil
Am using using Express ^4.16.3 and this worked for me as stated by @pkyeck.
我正在使用 Express ^4.16.3,正如@pkyeck 所述,这对我有用。
I added it to my routes like this and it worked fine:
我像这样将它添加到我的路线中,并且效果很好:
routes
.use(function(req, res, next) {
res.set('Cache-Control', 'no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0');
next();
})
.get('/login', function(req, res, next){
.....
})
回答by Basil
Simple solution is after clearing the session .. again redirect to the same route.. for example: route /sessionedpage has session variables .. after clicking logout button clear session variables by req.session.destroy(function() {});after that you are tring to redirect home page ... INSTEAD of redirecting to home page.. redirect /sessionedpage (same route) ... Write if condition for /sessionedpage if(!res.sessions) then res.redirect('/home')
简单的解决方案是清除会话后..再次重定向到同一路由..例如:路由/sessionedpage有会话变量..单击注销按钮后清除会话变量 req.session.destroy(function() {});之后,您正在尝试重定向主页...... INSTEAD of重定向到主页..重定向/sessionedpage(相同的路线)...写条件为/sessionedpage if(!res.sessions) then res.redirect('/home')
