在 node.js 中重定向后,Express 会话不会持续存在
Express sessions not persisting after redirect in node.js
使用 node.js 和 pgAdmin。我已经为服务器、会话、cookie 等设置了所有必要的代码。我收到的错误是“类型错误:无法读取未定义的 属性 'username'”。从一个页面重定向到另一个页面后,会话将不会持续存在。特别是从登录注册页面到订单。重定向后如何让会话保持不变?任何帮助将不胜感激,谢谢!
const LocalStrategy = require("passport-local").Strategy;
const { pool } = require('./dbConfig');
const bcrypt = require('bcryptjs');
function initialize (passport) {
const authenticateUser = (username, password, done) => {
pool.query(
`SELECT * FROM credentials WHERE username = `,
[username], (err, results) => {
if(err) {
throw err;
}
if(results.rows.length === 1) {
const user = results.rows[0];
bcrypt.compare(password, user.password, (err, isMatch) => {
if(err){
throw err
}
if(isMatch){
return done(null, user);
}
else {
return done(null, false, {message: "Incorrect password"});
}
})
}
else {
return done(null, false, {message: "Account does not exist"});
}
}
);
}
passport.use('user-local', new LocalStrategy({
usernameField: "username",
passwordField: "password"
}, authenticateUser));
passport.serializeUser(function (user, done)
{
done(null, user.user_id);
});
passport.deserializeUser(function (id, done) { console.log("---------------------------------------------");
pool.query(
`SELECT * FROM credentials WHERE user_id = `,
[id],
(err, results) => {
if(err) {
throw err;
}
return done(null, results.rows[0]);
}
)
});
const authenticateEmp = (username, password, done)=>{
pool.query(
`SELECT * FROM employee WHERE username = `,
[username], (err, results) => {
if(err) {
throw err;
}
if(results.rows.length == 1) {
const user = results.rows[0];
bcrypt.compare(password, user.password, (err, isMatch) => {
if(err){
throw err
}
if(isMatch){
return done(null, user);
}
else {
return done(null, false, {message: "Incorrect password"});
}
});
}
else {
return done(null, false, {message: "Account does not exist"});
}
}
);
}
passport.use('emp-local', new LocalStrategy({//Create admin controler
usernameField: "username",
passwordField: "password"
}, authenticateEmp));
passport.serializeUser((user, done) => done(null, user.user_id));
passport.deserializeUser((id, done) => {
pool.query(
`SELECT * FROM employee WHERE emp_id = `,
[id],
(err, results) => {
if(err) {
throw err;
}
return done(null, results.rows[0]);
}
);
});
}
module.exports = initialize;
userRouter.get("/loginregister", (req, res) => {
res.render("../views/loginRegister");
});
userRouter.get("/orderform", (req, res) => {
console.log(req.user);
res.send(`Hello ${req.user.username}. Your session ID is ${req.sessionID}
and your session expires in ${req.session.cookie.maxAge}
milliseconds.<br><br>
<a href="/logout">Log Out</a><br><br>
<a href="/secret">Members Only</a>`);
//res.render("../views/orderForm");
});
function loginController (req, res, next) {
passport.authenticate('user-local', function(err, user, info) {
if (err) { return next(err); }
if (!user) { return res.redirect('/loginregister'); } // Can attach flash message here and personalize req.body.email
req.logIn(user, function(err) {
if (err) { return next(err); }
console.log(req.sessionID);
return res.redirect('/user/orderform');
});
})(req, res, next);
};
const { name } = require("ejs");
const express = require("express");
const app = express();
const path = require('path');
const parseurl = require('parseurl')
const session = require("express-session");
const flash = require("express-flash");
const uid = require('uid-safe');
const assert = require('assert');
const pgStore = require('connect-pg-simple')(session);
const router = require('../views/routes');
const passport = require('passport');
const { pool } = require('./dbConfig');
const passportConfig = require("./passportConfig");
const PORT = process.env.PORT || 4000;
app.set('view engine', 'ejs');
app.use(express.urlencoded({ extended: false }));
uid(18, function (err, val) {
if (err) return done(err)
assert.strictEqual(Buffer.byteLength(val), 24);
})
app.use(session({
genid: function(req) {
return uid(18) // use UUIDs for session IDs
},
secret: process.env.SECRET_KEY,
resave: 'false',
saveUninitialized: 'false',
cookie: {
secure: false,
maxAge: 24 * 60 * 60 * 1000 // One day
},
store: new pgStore({
pool : pool, // Connection pool
tableName : process.env.TABLE_NAME
// Insert connect-pg-simple options here
})
}));
if (app.get("env") === "production") {
// Serve secure cookies, requires HTTPS
session.Cookie.secure = true;
}
app.use(flash());
passportConfig(passport);
app.use(passport.initialize());
app.use(passport.session());
app.use(express.json());
app.use ('/', router);
app.use(express.static(path.resolve(__dirname, './css')));
app.listen(PORT, () => {
console.log(`Server running on port ${PORT}`);
});
要调试您没有获得会话 cookie 的原因,请将您现有的会话中间件替换为:
app.use(session({
secret: 'keyboard cat',
}));
验证您的会话 cookie 是否适用。然后,如果是这样,开始一次添加一个会话选项,直到找到导致事情停止的那个。
一些其他注意事项。
您对 express-session 的 uid 实现没有正确实现。
首先,express-session 内置了自己的 uid 生成器。您不需要自己提供一个,除非您有一些内置生成器无法满足的特定独特要求。
根据 doc 的 uid-safe,同步 UID 生成为:
uid.sync(18)
不是,你用的是uid(18)。那只是 returns 一个 promise 对象,它不适用于唯一的 id。
所以,这个:
genid: function(req) {
return uid(18);
},
应该是这样的:
genid: function(req) {
return uid.sync(18);
},
或者,让 express-session 自行生成 uid。
哦,这是一个有趣的事实,express-session 中的默认实现已经使用 uid-safe。
使用 node.js 和 pgAdmin。我已经为服务器、会话、cookie 等设置了所有必要的代码。我收到的错误是“类型错误:无法读取未定义的 属性 'username'”。从一个页面重定向到另一个页面后,会话将不会持续存在。特别是从登录注册页面到订单。重定向后如何让会话保持不变?任何帮助将不胜感激,谢谢!
const LocalStrategy = require("passport-local").Strategy;
const { pool } = require('./dbConfig');
const bcrypt = require('bcryptjs');
function initialize (passport) {
const authenticateUser = (username, password, done) => {
pool.query(
`SELECT * FROM credentials WHERE username = `,
[username], (err, results) => {
if(err) {
throw err;
}
if(results.rows.length === 1) {
const user = results.rows[0];
bcrypt.compare(password, user.password, (err, isMatch) => {
if(err){
throw err
}
if(isMatch){
return done(null, user);
}
else {
return done(null, false, {message: "Incorrect password"});
}
})
}
else {
return done(null, false, {message: "Account does not exist"});
}
}
);
}
passport.use('user-local', new LocalStrategy({
usernameField: "username",
passwordField: "password"
}, authenticateUser));
passport.serializeUser(function (user, done)
{
done(null, user.user_id);
});
passport.deserializeUser(function (id, done) { console.log("---------------------------------------------");
pool.query(
`SELECT * FROM credentials WHERE user_id = `,
[id],
(err, results) => {
if(err) {
throw err;
}
return done(null, results.rows[0]);
}
)
});
const authenticateEmp = (username, password, done)=>{
pool.query(
`SELECT * FROM employee WHERE username = `,
[username], (err, results) => {
if(err) {
throw err;
}
if(results.rows.length == 1) {
const user = results.rows[0];
bcrypt.compare(password, user.password, (err, isMatch) => {
if(err){
throw err
}
if(isMatch){
return done(null, user);
}
else {
return done(null, false, {message: "Incorrect password"});
}
});
}
else {
return done(null, false, {message: "Account does not exist"});
}
}
);
}
passport.use('emp-local', new LocalStrategy({//Create admin controler
usernameField: "username",
passwordField: "password"
}, authenticateEmp));
passport.serializeUser((user, done) => done(null, user.user_id));
passport.deserializeUser((id, done) => {
pool.query(
`SELECT * FROM employee WHERE emp_id = `,
[id],
(err, results) => {
if(err) {
throw err;
}
return done(null, results.rows[0]);
}
);
});
}
module.exports = initialize;
userRouter.get("/loginregister", (req, res) => {
res.render("../views/loginRegister");
});
userRouter.get("/orderform", (req, res) => {
console.log(req.user);
res.send(`Hello ${req.user.username}. Your session ID is ${req.sessionID}
and your session expires in ${req.session.cookie.maxAge}
milliseconds.<br><br>
<a href="/logout">Log Out</a><br><br>
<a href="/secret">Members Only</a>`);
//res.render("../views/orderForm");
});
function loginController (req, res, next) {
passport.authenticate('user-local', function(err, user, info) {
if (err) { return next(err); }
if (!user) { return res.redirect('/loginregister'); } // Can attach flash message here and personalize req.body.email
req.logIn(user, function(err) {
if (err) { return next(err); }
console.log(req.sessionID);
return res.redirect('/user/orderform');
});
})(req, res, next);
};
const { name } = require("ejs");
const express = require("express");
const app = express();
const path = require('path');
const parseurl = require('parseurl')
const session = require("express-session");
const flash = require("express-flash");
const uid = require('uid-safe');
const assert = require('assert');
const pgStore = require('connect-pg-simple')(session);
const router = require('../views/routes');
const passport = require('passport');
const { pool } = require('./dbConfig');
const passportConfig = require("./passportConfig");
const PORT = process.env.PORT || 4000;
app.set('view engine', 'ejs');
app.use(express.urlencoded({ extended: false }));
uid(18, function (err, val) {
if (err) return done(err)
assert.strictEqual(Buffer.byteLength(val), 24);
})
app.use(session({
genid: function(req) {
return uid(18) // use UUIDs for session IDs
},
secret: process.env.SECRET_KEY,
resave: 'false',
saveUninitialized: 'false',
cookie: {
secure: false,
maxAge: 24 * 60 * 60 * 1000 // One day
},
store: new pgStore({
pool : pool, // Connection pool
tableName : process.env.TABLE_NAME
// Insert connect-pg-simple options here
})
}));
if (app.get("env") === "production") {
// Serve secure cookies, requires HTTPS
session.Cookie.secure = true;
}
app.use(flash());
passportConfig(passport);
app.use(passport.initialize());
app.use(passport.session());
app.use(express.json());
app.use ('/', router);
app.use(express.static(path.resolve(__dirname, './css')));
app.listen(PORT, () => {
console.log(`Server running on port ${PORT}`);
});
要调试您没有获得会话 cookie 的原因,请将您现有的会话中间件替换为:
app.use(session({
secret: 'keyboard cat',
}));
验证您的会话 cookie 是否适用。然后,如果是这样,开始一次添加一个会话选项,直到找到导致事情停止的那个。
一些其他注意事项。
您对 express-session 的 uid 实现没有正确实现。
首先,express-session 内置了自己的 uid 生成器。您不需要自己提供一个,除非您有一些内置生成器无法满足的特定独特要求。
根据 doc 的 uid-safe,同步 UID 生成为:
uid.sync(18)
不是,你用的是uid(18)。那只是 returns 一个 promise 对象,它不适用于唯一的 id。
所以,这个:
genid: function(req) {
return uid(18);
},
应该是这样的:
genid: function(req) {
return uid.sync(18);
},
或者,让 express-session 自行生成 uid。
哦,这是一个有趣的事实,express-session 中的默认实现已经使用 uid-safe。