因为http会话的无状态性,为了标记用户的登录状态,便出现了cookie。cookie分为很多种,有普通cookie、签名cookie、json cookie等,这里主要记录下在express应用中如何配置使用cookie及session。
cookie、session的区别:
cookie
首先是app.js中的配置:
...
var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');
...
app.use(cookieParser('this is the secret key for singed cookie'));
...
js路由中使用比较简单:
router.post("/setCookie",function(req,res, next){
var addr = req.body.a;
//设置cookie,配置signed: true的话可以配置签名cookie res.cookie("addr", addr, {maxAge: 1000*60*60*24*30,httpOnly: true}); //, signed: true
next();
});
//获取cookie
var a = req.cookies.addr;
//var a = req.signedCookies['addr']; 获取签名cookie
console.log(a);
直接在html页面中通过js获取cookie
function getCookie(objName){//获取指定名称的cookie的值
var arrStr = document.cookie.split("; ");
for(var i = 0;i < arrStr.length;i ++){
var temp = arrStr[i].split("=");
if(temp[0] == objName){
jQuery("#isLogin").replaceWith("欢迎您 <a href='/user/list/true/1' class='t-reg mrgL10' id='isLogin'>"+decodeURIComponent(temp[1])+"</a>");
jQuery("#isLogout").replaceWith("<a href='/reguser/logout' class='t-reg mrgL10 ' id='isLogout'>退出</a> | ");
}
}
}
session
app.js配置:
...
var session = require("express-session");
var cookieParser = require('cookie-parser');
...
app.use(session({
secret: 'this is the secret for cookie',
resave: false,
saveUninitialized: true
}));
app.use(function (req, res, next) {
var url = req.originalUrl;
if (url != "/" && undefined == req.session.user) {
res.send('<script>top.location.href="/";</script>'); //解决内嵌iframe时session拦截问题
return;
}
}
next();
});
在路由中直接通过如下设置或者获取session数据:
var user = req.session.user;
console.dir(user);
session的清除:
req.session.destroy(function(err) {
res.redirect('/');
})
将session存储到mongodb数据库当中:
var session = require('express-session');
var MongoStore = require('connect-mongo')(session);
mongoose.connect('mongodb://127.0.0.1:27017/hubwiz'); //连接数据库
mongoose.connection.on('open', function () {
console.log('-----------数据库连接成功!------------');
});
app.use(session({
secret: config.cookieSecret, //secret的值建议使用128个随机字符串
cookie: {maxAge: 60 * 1000 * 60 * 24 * 14}, //过期时间
resave: true, // 即使 session 没有被修改,也保存 session 值,默认为 true
saveUninitialized: true,
store: new mongoStore({
mongooseConnection: mongoose.connection //使用已有的数据库连接
})
}));
app.listen(80);
将session数据同步到redis中:
var express = require('express');
var session = require('express-session');
var RedisStore = require('connect-redis')(session);
var app = express();
var options = {
"host": "127.0.0.1",
"port": "6379",
"ttl": 60 * 60 * 24 * 30, //session的有效期为30天(秒)
};
// 此时req对象还没有session这个属性
app.use(session({
store: new RedisStore(options),
secret: 'express is powerful'
}));
app.listen(80);