admin管理员组文章数量:1418706
I'm using express-session Node module for secure session cookies.
// Secure session cookie that ensures certain requests require an active session
app.use(expressSession({
secret: "wouldn'tyouliketoknow",
cookie: {
maxAge: new Date(Date.now() + 3600), // 1 hour
httpOnly: true,
secure: true, // Requires https connection
},
// Stores sessions in Mongo DB
store: new MongoStore({
host: mongo,
port: 27017,
db: 'iod',
collection: 'sessions'
}),
// Gets rid of the annoying deprecated messages
resave: false,
saveUninitialized: false
}));
This creates a secure session cookie no matter what the request is. I only wanna create a session only for when a user successfully logs in, e.g. a request like this:
app.get("/authenticate/:username/:password", function(req, res, next) {
...
});
Basically I want the cookie created only when a condition is successfully met within the get handler.
How would I go about doing that? Appreciated
I'm using express-session Node module for secure session cookies.
// Secure session cookie that ensures certain requests require an active session
app.use(expressSession({
secret: "wouldn'tyouliketoknow",
cookie: {
maxAge: new Date(Date.now() + 3600), // 1 hour
httpOnly: true,
secure: true, // Requires https connection
},
// Stores sessions in Mongo DB
store: new MongoStore({
host: mongo,
port: 27017,
db: 'iod',
collection: 'sessions'
}),
// Gets rid of the annoying deprecated messages
resave: false,
saveUninitialized: false
}));
This creates a secure session cookie no matter what the request is. I only wanna create a session only for when a user successfully logs in, e.g. a request like this:
app.get("/authenticate/:username/:password", function(req, res, next) {
...
});
Basically I want the cookie created only when a condition is successfully met within the get handler.
How would I go about doing that? Appreciated
Share Improve this question edited Oct 29, 2014 at 15:13 Wes asked Oct 29, 2014 at 14:46 WesWes 1,2913 gold badges27 silver badges53 bronze badges1 Answer
Reset to default 5So express will run middleware in the order you add it to the app. So the normal strategy here to achieve your goal would be to make sure you define:
- All static and non-session routes (images, fonts, css, marketing pages, etc)
- The session middleware
- All application routes. You can't just have this on your login route because you'll need to enforce a logged-in user on all application routes requiring both a session as well as an authenticated user.
But specifically to answer you question even though this approach is not ultimately viable, you would just convert your session from a global middleware to a middleware added just to that one route:
var sessionMW = expressSession({
secret: "wouldn'tyouliketoknow",
cookie: {
maxAge: new Date(Date.now() + 3600), // 1 hour
httpOnly: true,
secure: true, // Requires https connection
},
// Stores sessions in Mongo DB
store: new MongoStore({
host: mongo,
port: 27017,
db: 'iod',
collection: 'sessions'
}),
// Gets rid of the annoying deprecated messages
resave: false,
saveUninitialized: false
});
app.get("/authenticate/:username/:password", sessionMW, function(req, res, next) {
...
});
本文标签: javascriptExpress js session Create only for logged in usersStack Overflow
版权声明:本文标题:javascript - Express js session-- Create only for logged in users - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1745244651a2649501.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论