React Router 和 Flux(可选)
ReactRouter and Flux(altjs)
为什么在刷新时,我的用户不再经过身份验证或 returns 错误?似乎我的用户存储中的数据正在被重置或丢弃。例如这是我的行为:
class UserActions {
manuallogin(data) {
this.dispatch();
UserWebAPIUtils.manuallogin(data)
.then((response, textStatus) => {
if (textStatus === 'success') {
this.actions.loginsuccess(data.email);
}
}, () => {
});
}
loginsuccess(email) {
this.dispatch(email);
}
logout() {
this.dispatch();
UserWebAPIUtils.logout()
.then((response, textStatus) => {
if (textStatus === 'success') {
this.actions.logoutsuccess();
}
}, () => {
});
}
logoutsuccess() {
this.dispatch();
}
}
export default alt.createActions(UserActions);
我的店是这个..
class UserStore {
constructor() {
this.user = Immutable.Map({});
this.on('init', this.bootstrap);
this.on('bootstrap', this.bootstrap);
this.bindListeners({
handleLoginAttempt: UserActions.MANUALLOGIN,
handleLoginSuccess: UserActions.LOGINSUCCESS,
handleLogoutAttempt: UserActions.LOGOUT,
handleLogoutSuccess: UserActions.LOGOUTSUCCESS
});
}
bootstrap() {
if (!Immutable.Map.isMap(this.user)) {
this.user = Immutable.fromJS(this.user);
}
}
handleLoginAttempt() {
this.user = this.user.set('isWaiting', true);
this.emitChange();
}
handleLoginSuccess() {
this.user = this.user.merge({ isWaiting: false, authenticated: true });
this.emitChange();
}
handleLogoutAttempt() {
this.user = this.user.set('isWaiting', true);
this.emitChange();
}
handleLogoutSuccess() {
this.user = this.user.merge({ isWaiting: false, authenticated: false });
this.emitChange();
}
}
// Export our newly created Store
export default alt.createStore(UserStore, 'UserStore');
我通过简单地执行 User.getState().user.get(authenticated) 来检查我的用户是否经过身份验证,登录后它返回 true,但是如果我输入任何 url手动或刷新页面后 returns false。我也在使用 react-router,我认为这是它崩溃的地方。
<Route>
<Route name ="dash" path="/dashboard" handler={App}>
<Route name ="dashboard" path="/dashboard" handler={Dashboard}/>
<Route name ="reports" path="/reports" handler={Report} />
<Route name ="employees" path="/employees" handler={Employees}/>
<Route name ="MyEmployees" path="/MEmployees" handler={MyEmployees}/>
<Route name ="AllEmployees" path="/AEmployees" handler={AllEmployees}/>
<Route name ="Profile" path="/profile" handler={Profile}/>
<Route name ="reportstocomplete" path="/reportsc" handler={ReportsToComplete}/>
<Route name ="addReport" path="/addReport" handler={AddReports}/>
<Route name ="readme" path="/readme" handler={Readme}/>
<Route name ="statistics" path="/statistics" handler={Stats}/>
<Route name ="signup" path="/signup" handler={Signup} />
<Route name ="login" path="/" handler={Login} />
</Route>
</Route>
登录后,如果成功,它会重新呈现屏幕并允许用户前往仪表板,一旦我在那里,用户仍然 'authenticated',我可以通过单击按钮导航到任何路线在网页上或导航栏上的按钮(通过反应路由器)。但是,如果我刷新,单击 link,或手动输入 /dashboard 或 /posts,它将显示用户的状态未在控制台中进行身份验证。我是否将用户信息存储在本地存储或其他东西中?我正在使用 mongo 来保存用户数据并且工作正常,但是当您无法弄清楚为什么某些东西会像这样工作时,它非常令人沮丧..
我知道问题出在哪里了。在服务器上,我使用 cookieparser 将会话保存到 cookie 中,并将安全选项设置为 true。因此它不会在非 https 的任何内容上创建 cookie。 Localhost 不在 https 上 运行,这就是为什么它会继续忘记我商店中的用户。
app.use(cookieParser());
// Create a session middleware with the given options
// Note session data is not saved in the cookie itself, just the session ID. Session data is stored server-side.
// Options: resave: forces the session to be saved back to the session store, even if the session was never
// modified during the request. Depending on your store this may be necessary, but it can also
// create race conditions where a client has two parallel requests to your server and changes made
// to the session in one request may get overwritten when the other request ends, even if it made no
// changes(this behavior also depends on what store you're using).
// saveUnitialized: Forces a session that is uninitialized to be saved to the store. A session is uninitialized when
// it is new but not modified. Choosing false is useful for implementing login sessions, reducing server storage
// usage, or complying with laws that require permission before setting a cookie. Choosing false will also help with
// race conditions where a client makes multiple parallel requests without a session
// secret: This is the secret used to sign the session ID cookie.
// name: The name of the session ID cookie to set in the response (and read from in the request).
// cookie: Please note that secure: true is a recommended option.
// However, it requires an https-enabled website, i.e., HTTPS is necessary for secure cookies.
// If secure is set, and you access your site over HTTP, the cookie will not be set.
app.use(session({
resave: true,
saveUninitialized: true,
// Use generic cookie name for security purposes
key: 'sessionId',
secret: secrets.sessionSecret,
// Add HTTPOnly, Secure attributes on Session Cookie
cookie: {
httpOnly: true,
secure: true
},
store: new MongoStore({ url: secrets.db, autoReconnect: true})
}));
app.use(passport.initialize());
app.use(passport.session());
app.use(flash());
刚刚删除了 cookie 的 httpOnly 和安全部分,因为它仅通过 https运行s
为什么在刷新时,我的用户不再经过身份验证或 returns 错误?似乎我的用户存储中的数据正在被重置或丢弃。例如这是我的行为:
class UserActions {
manuallogin(data) {
this.dispatch();
UserWebAPIUtils.manuallogin(data)
.then((response, textStatus) => {
if (textStatus === 'success') {
this.actions.loginsuccess(data.email);
}
}, () => {
});
}
loginsuccess(email) {
this.dispatch(email);
}
logout() {
this.dispatch();
UserWebAPIUtils.logout()
.then((response, textStatus) => {
if (textStatus === 'success') {
this.actions.logoutsuccess();
}
}, () => {
});
}
logoutsuccess() {
this.dispatch();
}
}
export default alt.createActions(UserActions);
我的店是这个..
class UserStore {
constructor() {
this.user = Immutable.Map({});
this.on('init', this.bootstrap);
this.on('bootstrap', this.bootstrap);
this.bindListeners({
handleLoginAttempt: UserActions.MANUALLOGIN,
handleLoginSuccess: UserActions.LOGINSUCCESS,
handleLogoutAttempt: UserActions.LOGOUT,
handleLogoutSuccess: UserActions.LOGOUTSUCCESS
});
}
bootstrap() {
if (!Immutable.Map.isMap(this.user)) {
this.user = Immutable.fromJS(this.user);
}
}
handleLoginAttempt() {
this.user = this.user.set('isWaiting', true);
this.emitChange();
}
handleLoginSuccess() {
this.user = this.user.merge({ isWaiting: false, authenticated: true });
this.emitChange();
}
handleLogoutAttempt() {
this.user = this.user.set('isWaiting', true);
this.emitChange();
}
handleLogoutSuccess() {
this.user = this.user.merge({ isWaiting: false, authenticated: false });
this.emitChange();
}
}
// Export our newly created Store
export default alt.createStore(UserStore, 'UserStore');
我通过简单地执行 User.getState().user.get(authenticated) 来检查我的用户是否经过身份验证,登录后它返回 true,但是如果我输入任何 url手动或刷新页面后 returns false。我也在使用 react-router,我认为这是它崩溃的地方。
<Route>
<Route name ="dash" path="/dashboard" handler={App}>
<Route name ="dashboard" path="/dashboard" handler={Dashboard}/>
<Route name ="reports" path="/reports" handler={Report} />
<Route name ="employees" path="/employees" handler={Employees}/>
<Route name ="MyEmployees" path="/MEmployees" handler={MyEmployees}/>
<Route name ="AllEmployees" path="/AEmployees" handler={AllEmployees}/>
<Route name ="Profile" path="/profile" handler={Profile}/>
<Route name ="reportstocomplete" path="/reportsc" handler={ReportsToComplete}/>
<Route name ="addReport" path="/addReport" handler={AddReports}/>
<Route name ="readme" path="/readme" handler={Readme}/>
<Route name ="statistics" path="/statistics" handler={Stats}/>
<Route name ="signup" path="/signup" handler={Signup} />
<Route name ="login" path="/" handler={Login} />
</Route>
</Route>
登录后,如果成功,它会重新呈现屏幕并允许用户前往仪表板,一旦我在那里,用户仍然 'authenticated',我可以通过单击按钮导航到任何路线在网页上或导航栏上的按钮(通过反应路由器)。但是,如果我刷新,单击 link,或手动输入 /dashboard 或 /posts,它将显示用户的状态未在控制台中进行身份验证。我是否将用户信息存储在本地存储或其他东西中?我正在使用 mongo 来保存用户数据并且工作正常,但是当您无法弄清楚为什么某些东西会像这样工作时,它非常令人沮丧..
我知道问题出在哪里了。在服务器上,我使用 cookieparser 将会话保存到 cookie 中,并将安全选项设置为 true。因此它不会在非 https 的任何内容上创建 cookie。 Localhost 不在 https 上 运行,这就是为什么它会继续忘记我商店中的用户。
app.use(cookieParser());
// Create a session middleware with the given options
// Note session data is not saved in the cookie itself, just the session ID. Session data is stored server-side.
// Options: resave: forces the session to be saved back to the session store, even if the session was never
// modified during the request. Depending on your store this may be necessary, but it can also
// create race conditions where a client has two parallel requests to your server and changes made
// to the session in one request may get overwritten when the other request ends, even if it made no
// changes(this behavior also depends on what store you're using).
// saveUnitialized: Forces a session that is uninitialized to be saved to the store. A session is uninitialized when
// it is new but not modified. Choosing false is useful for implementing login sessions, reducing server storage
// usage, or complying with laws that require permission before setting a cookie. Choosing false will also help with
// race conditions where a client makes multiple parallel requests without a session
// secret: This is the secret used to sign the session ID cookie.
// name: The name of the session ID cookie to set in the response (and read from in the request).
// cookie: Please note that secure: true is a recommended option.
// However, it requires an https-enabled website, i.e., HTTPS is necessary for secure cookies.
// If secure is set, and you access your site over HTTP, the cookie will not be set.
app.use(session({
resave: true,
saveUninitialized: true,
// Use generic cookie name for security purposes
key: 'sessionId',
secret: secrets.sessionSecret,
// Add HTTPOnly, Secure attributes on Session Cookie
cookie: {
httpOnly: true,
secure: true
},
store: new MongoStore({ url: secrets.db, autoReconnect: true})
}));
app.use(passport.initialize());
app.use(passport.session());
app.use(flash());
刚刚删除了 cookie 的 httpOnly 和安全部分,因为它仅通过 https运行s