admin管理员组文章数量:1332687
I have setup an express REST API backend , React Front End . When user launches front end app , it will be redirecting user to signin page using oauth and express server creates session id after successful authentication. I could see a browser cookie connect.sid.
In my react app i have a private route which i defined to check user is not logged in or not before dashboard or user profile page. But i am not sure what check i can do to validate user session.
<Route path='/' exact ponent={Home} />
<Route path='/login' ponent={Login} />
<Route path='/register' ponent={Register} />
<PrivateRoute authed={this.props.isSessionActive} path='/dashboard' ponent={Dashboard} />
<PrivateRoute authed={this.props.isSessionActive} path='/user-profile' ponent={UserProfile} />
One solution i can think of is calling in my redux action e.g. isSessionActive call express REST API and check for req.isAuthenticate() on REST API middleware. I am not sure if calling the API before each page navigation is a good idea.
I have setup an express REST API backend , React Front End . When user launches front end app , it will be redirecting user to signin page using oauth and express server creates session id after successful authentication. I could see a browser cookie connect.sid.
In my react app i have a private route which i defined to check user is not logged in or not before dashboard or user profile page. But i am not sure what check i can do to validate user session.
<Route path='/' exact ponent={Home} />
<Route path='/login' ponent={Login} />
<Route path='/register' ponent={Register} />
<PrivateRoute authed={this.props.isSessionActive} path='/dashboard' ponent={Dashboard} />
<PrivateRoute authed={this.props.isSessionActive} path='/user-profile' ponent={UserProfile} />
One solution i can think of is calling in my redux action e.g. isSessionActive call express REST API and check for req.isAuthenticate() on REST API middleware. I am not sure if calling the API before each page navigation is a good idea.
Share Improve this question asked Mar 4, 2020 at 23:56 Full Stack BrainFull Stack Brain 4852 gold badges8 silver badges22 bronze badges1 Answer
Reset to default 4If the cookie with the session id is readable, you can just read the cookie from your react app and if there is a session id, you know the user is logged in.
If you cannot read the cookie because it's HttpOnly, you would have to make an endpoint that lets you check if there is a session, and if there is a valid session, return some information about the user. Then you can store that user data in a global state.
Example:
import Cookies from 'js-cookie'
const sid = Cookies.get('session') || ''
if(sid){
this.setState({ isLoggedIn: true })
}
If your cookie is HttpOnly:
Lets say you're using express.
app.get('/session/', (req, res) => {
const token = req.cookies.session || ''
if(token){
... perform some operation to get user data based on reading the token
res.status(200).send({user})
else{
res.status(200).send({message: 'No valid session'})
}
})
I choose to send 200 regardless, because the request is read successfully, we just don't have an active session.
});
本文标签:
版权声明:本文标题:javascript - how to validate session on react client after successful authentication from express session - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1742342172a2456821.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论