node.js 使用 express / connect 和会话存储时如何找到会话 ID?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/9291548/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How can I find the session Id when using express / connect and a session store?
提问by Hyman
If a user is already logged in and tries to login again in a new instance I'd like it to log out the other user instance. I don't want the same user to be logged in twice on my application.
如果用户已经登录并尝试在新实例中再次登录,我希望它注销另一个用户实例。我不希望同一个用户在我的应用程序上登录两次。
Currently the session is stored in a Redis store, i'm using express / connect to handle the session storage. One of the functions available which could be used to destroy the session is as follows:
当前会话存储在 Redis 存储中,我使用 express / connect 来处理会话存储。可用于销毁会话的可用函数之一如下:
.destroy(sid, callback)
However I need to find that session id before I call .destroy(). In Redis the username is stored as a part of the session.
但是,我需要在调用 .destroy() 之前找到该会话 ID。在 Redis 中,用户名存储为会话的一部分。
Question: Is it possible to query Redis to obtain the session id based on the username?
问:是否可以根据用户名查询Redis获取session id?
回答by Joe H
req.sessionIDwill provide you the session's ID, where req is a request object.
req.sessionID将为您提供会话的 ID,其中 req 是一个请求对象。
回答by scaryguy
For recent readers;
对于最近的读者;
Connect middlewares are not included in Express since version 4.
从版本 4 开始,Express 中不包含 Connect 中间件。
So in order to have req.sessionIDwork you must do following:
因此,为了有req.sessionID工作,您必须执行以下操作:
- Make sure you have
cookie-parserabdexpress-sessionmodules inside your package.json. If it's not added, add them:
- 确保你的 package.json 中有
cookie-parserabdexpress-session模块。如果未添加,请添加它们:
npm install express-session --save npm install cookie-parser --save
npm install express-session --save npm install cookie-parser --save
- Be careful about the order while requiring them in your
app.jsfile and add required configuration parameters.
- 在您的
app.js文件中需要它们并添加所需的配置参数时,请注意顺序。
var cookieParser = require('cookie-parser'); var session = require('express-session') app.use(cookieParser()); app.use(session({ secret: '34SDgsdgspxxxxxxxdfsG', // just a long random string resave: false, saveUninitialized: true }));
var cookieParser = require('cookie-parser'); var session = require('express-session') app.use(cookieParser()); app.use(session({ secret: '34SDgsdgspxxxxxxxdfsG', // just a long random string resave: false, saveUninitialized: true }));
- Now you should be using
req.sessionIDandreq.session.id.
- 现在你应该使用
req.sessionID和req.session.id。
回答by Hyman
Store the SID with the account, when the user logs in during the database validation of the user account call .destroy(sid, fn), then update the SID in the database with the current SID of the user.
将SID与账户一起存储,当用户在用户账户的数据库验证过程中登录时调用.destroy(sid, fn),然后用用户当前的SID更新数据库中的SID。
In my case using MongoDB this is how i've done it:
在我使用 MongoDB 的情况下,我是这样做的:
app.post('/login', function(req, res)
{
var sid = req.sessionID;
var username = req.body.user;
var password = req.body.pass;
users.findOne({username : username, password : password}, function(err, result)
{
...
sessionStore.destroy(result.session, function(){
...
users.update({_id: result._id}, {$set:{"session" : sid}});
...
}
...
}
}
回答by Linus Gustav Larsson Thiel
Question: Is it possible to query Redis to obtain the session id based on the username?
问:是否可以根据用户名查询Redis获取session id?
No. The session keys in redis are not named after the username.
不可以。redis 中的会话键不是以用户名命名的。
Here's a thought, though: When an already logged in user tries to login again, can't you see that, in your application, and either destroy the old session immediately, or not allow them to login again?
不过,这里有一个想法:当已经登录的用户尝试再次登录时,您难道不能在您的应用程序中看到这一点,并立即销毁旧会话,或者不允许他们再次登录吗?
