目前我的代码看起来像这样
var express = require('express');
...
...
app.engine('.html', require('ejs').__express);
app.set('views', __dirname + '/views');
app.set('view engine', 'html');
app.use(express.static(__dirname, '/public'));
app.use(bodyParser());
app.use(validator());
app.use(cookieParser());
app.use(connect.session({secret: "wewse43hgkvcret"}));
app.use(connect.csrf());
app.use(function(req, res, next){
res.locals.token = req.session._csrf;
next();
});
我的视图文件看起来像这样
<form role="form" method="post" action="/login">
<input type="hidden" name="_csrf" value="<%= token %>">
<div class="form-group">
<input type="text" class="form-control" id="username" name="username" placeholder="Enter username">
</div>
<div class="form-group">
<input type="password" class="form-control" id="password" name="password" placeholder="Enter password">
</div>
<button type="submit" class="btn btn-primary">Login</button>
</form>
</div>
但是在csrf令牌中我总是得到'undefined'的值..