当在多个node.js实例上部署时,passport.js是否需要会话关联

时间:2013-06-24 11:32:01

标签: node.js session

当在多个Node.js实例上部署时,passport.js是否需要会话亲和性?当我使用会话亲和性时,身份验证可以与多个实例(在负载均衡器后面)正常工作。我使用redis作为会话存储。但是,当不使用会话亲缘关系时,passport.js失败并出现下面给出的错误。使用单个实例它始终有效。有没有办法让passport.js在没有会话亲和力的情况下工作。

    500 Failed to verify assertion (message: Invalid association handle)

    at Strategy.authenticate.identifier (node_modules/passport-google/node_modules/passport-openid/lib/passport-openid/strategy.js:184:36)
    at _verifyAssertionData (node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1053:12)
    at _verifyAssertionAgainstProvider (node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1178:14)
    at _checkSignatureUsingAssociation (node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1229:14)
    at Object.openid.loadAssociation (node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:111:5)
    at _checkSignatureUsingAssociation (node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1221:10)
    at _checkSignature (node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1211:5)
    at _verifyAssertionAgainstProvider (node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1174:3)
    at _verifyDiscoveredInformation node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1145:16)
    at openid.discover (node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:668:7)

使用护照的代码段:

app.set('port', process.env.PORT || 8080);
app.set('views', __dirname + '/views');
app.set('view engine', 'ejs');
app.use(express.favicon());
app.use(express.logger('dev'));
app.use(express.query());
app.use(express.bodyParser());
app.use(express.methodOverride());
app.use(express.cookieParser()); 
app.use(express.session({ key: 'JSESSIONID', secret: '****', cookie : {httpOnly:false, 
   maxAge: 5*60*1000, path: '/'},
    store: new RedisStore({ prefix: 'sid:', client: redisClient })
                    }));
app.use(passport.initialize());
app.use(passport.session());
app.use(app.router);
app.use(express.static(path.join(__dirname, 'public')));
app.get('/auth/google', passport.authenticate('google'));
app.get('/auth/google/return', 
      passport.authenticate('google', { successRedirect: '/success',
                                        failureRedirect: '/login' }));

我还有serializeUser和deserializeUser,它使用redis存储来存储/检索用户对象 - 但是当身份提供程序重定向回回调URI时会发生此错误。我正在AppFog中部署我的应用程序并使用JSESSIONID cookie密钥设置会话亲缘关系(这就是cloudfoundry负载平衡器的工作方式)。如果我使用任何其他密钥(这意味着会话亲和关闭),那么passport.js会抛出错误。

1 个答案:

答案 0 :(得分:7)

我想我已修好了。有一个选项:'无状态'可以传递给GoogleStrategy。我通过查看来源找出了它:https://github.com/jaredhanson/passport-openid/blob/master/lib/passport-openid/strategy.js。因此,GoogleStrategy实例化必须是:

new GoogleStrategy({
   returnURL: BASE + '/auth/google/return',
   realm: BASE + "/",
   stateless: true
}

感谢Jared Hanson实施这样的选择! (希望它会在主站点上记录下来。)

相关问题
最新问题