React Router 和 Flux(可选)

ReactRouter and Flux(altjs)

为什么在刷新时,我的用户不再经过身份验证或 returns 错误?似乎我的用户存储中的数据正在被重置或丢弃。例如这是我的行为:

class UserActions {

  manuallogin(data) {
    this.dispatch();
    UserWebAPIUtils.manuallogin(data)
      .then((response, textStatus) => {
        if (textStatus === 'success') {
          this.actions.loginsuccess(data.email);
        }
      }, () => {
      });
  }

  loginsuccess(email) {
    this.dispatch(email);
  }


  logout() {
    this.dispatch();
    UserWebAPIUtils.logout()
      .then((response, textStatus) => {
        if (textStatus === 'success') {
          this.actions.logoutsuccess();
        }
      }, () => {
      });
  }

  logoutsuccess() {
    this.dispatch();
  }
}

export default alt.createActions(UserActions);

我的店是这个..

class UserStore {


  constructor() {
    this.user = Immutable.Map({});
    this.on('init', this.bootstrap);
    this.on('bootstrap', this.bootstrap);
    this.bindListeners({
      handleLoginAttempt: UserActions.MANUALLOGIN,
      handleLoginSuccess: UserActions.LOGINSUCCESS,
      handleLogoutAttempt: UserActions.LOGOUT,
      handleLogoutSuccess: UserActions.LOGOUTSUCCESS
    });
  }

  bootstrap() {
    if (!Immutable.Map.isMap(this.user)) {
      this.user = Immutable.fromJS(this.user);
    }
  }

  handleLoginAttempt() {
    this.user = this.user.set('isWaiting', true);
    this.emitChange();
  }

  handleLoginSuccess() {
    this.user = this.user.merge({ isWaiting: false, authenticated: true });
    this.emitChange();
  }

  handleLogoutAttempt() {
    this.user = this.user.set('isWaiting', true);
    this.emitChange();
  }

  handleLogoutSuccess() {
    this.user = this.user.merge({ isWaiting: false, authenticated: false });
    this.emitChange();
  }

}

// Export our newly created Store
export default alt.createStore(UserStore, 'UserStore');

我通过简单地执行 User.getState().user.get(authenticated) 来检查我的用户是否经过身份验证,登录后它返回 true,但是如果我输入任何 url手动或刷新页面后 returns false。我也在使用 react-router,我认为这是它崩溃的地方。

<Route>
 <Route name ="dash" path="/dashboard" handler={App}>
    <Route name ="dashboard" path="/dashboard" handler={Dashboard}/>
    <Route name ="reports" path="/reports" handler={Report} />
    <Route name ="employees" path="/employees" handler={Employees}/>
      <Route name ="MyEmployees" path="/MEmployees" handler={MyEmployees}/>
      <Route name ="AllEmployees" path="/AEmployees" handler={AllEmployees}/>
      <Route name ="Profile" path="/profile" handler={Profile}/>
      <Route name ="reportstocomplete" path="/reportsc" handler={ReportsToComplete}/>
    <Route name ="addReport" path="/addReport" handler={AddReports}/>
    <Route name ="readme" path="/readme" handler={Readme}/>
    <Route name ="statistics" path="/statistics" handler={Stats}/>
    <Route name ="signup" path="/signup" handler={Signup} />
 <Route name ="login" path="/" handler={Login} />
 </Route>
</Route>

登录后,如果成功,它会重新呈现屏幕并允许用户前往仪表板,一旦我在那里,用户仍然 'authenticated',我可以通过单击按钮导航到任何路线在网页上或导航栏上的按钮(通过反应路由器)。但是,如果我刷新,单击 link,或手动输入 /dashboard 或 /posts,它将显示用户的状态未在控制台中进行身份验证。我是否将用户信息存储在本地存储或其他东西中?我正在使用 mongo 来保存用户数据并且工作正常,但是当您无法弄清楚为什么某些东西会像这样工作时,它非常令人沮丧..

我知道问题出在哪里了。在服务器上,我使用 cookieparser 将会话保存到 cookie 中,并将安全选项设置为 true。因此它不会在非 https 的任何内容上创建 cookie。 Localhost 不在 https 上 运行,这就是为什么它会继续忘记我商店中的用户。

app.use(cookieParser());
  // Create a session middleware with the given options
  // Note session data is not saved in the cookie itself, just the session ID. Session data is stored server-side.
  // Options: resave: forces the session to be saved back to the session store, even if the session was never
  //                  modified during the request. Depending on your store this may be necessary, but it can also
  //                  create race conditions where a client has two parallel requests to your server and changes made
  //                  to the session in one request may get overwritten when the other request ends, even if it made no
  //                  changes(this behavior also depends on what store you're using).
  //          saveUnitialized: Forces a session that is uninitialized to be saved to the store. A session is uninitialized when
  //                  it is new but not modified. Choosing false is useful for implementing login sessions, reducing server storage
  //                  usage, or complying with laws that require permission before setting a cookie. Choosing false will also help with
  //                  race conditions where a client makes multiple parallel requests without a session
  //          secret: This is the secret used to sign the session ID cookie.
  //          name: The name of the session ID cookie to set in the response (and read from in the request).
  //          cookie: Please note that secure: true is a recommended option.
  //                  However, it requires an https-enabled website, i.e., HTTPS is necessary for secure cookies.
  //                  If secure is set, and you access your site over HTTP, the cookie will not be set.
  app.use(session({
    resave: true,
    saveUninitialized: true,
    // Use generic cookie name for security purposes
    key: 'sessionId',
    secret: secrets.sessionSecret,
    // Add HTTPOnly, Secure attributes on Session Cookie
    cookie: {
      httpOnly: true,
      secure: true
    },
    store: new MongoStore({ url: secrets.db, autoReconnect: true})
  }));

  app.use(passport.initialize());
  app.use(passport.session());

  app.use(flash());

刚刚删除了 cookie 的 httpOnly 和安全部分,因为它仅通过 https运行s