为什么在刷新时,我的用户不再经过身份验证或返回false?似乎我的用户存储中的数据正在被重置或丢弃。例如,这是我的行动:
class UserActions {
manuallogin(data) {
this.dispatch();
UserWebAPIUtils.manuallogin(data)
.then((response, textStatus) => {
if (textStatus === 'success') {
this.actions.loginsuccess(data.email);
}
}, () => {
});
}
loginsuccess(email) {
this.dispatch(email);
}
logout() {
this.dispatch();
UserWebAPIUtils.logout()
.then((response, textStatus) => {
if (textStatus === 'success') {
this.actions.logoutsuccess();
}
}, () => {
});
}
logoutsuccess() {
this.dispatch();
}
}
export default alt.createActions(UserActions);
我的商店就是这个..
class UserStore {
constructor() {
this.user = Immutable.Map({});
this.on('init', this.bootstrap);
this.on('bootstrap', this.bootstrap);
this.bindListeners({
handleLoginAttempt: UserActions.MANUALLOGIN,
handleLoginSuccess: UserActions.LOGINSUCCESS,
handleLogoutAttempt: UserActions.LOGOUT,
handleLogoutSuccess: UserActions.LOGOUTSUCCESS
});
}
bootstrap() {
if (!Immutable.Map.isMap(this.user)) {
this.user = Immutable.fromJS(this.user);
}
}
handleLoginAttempt() {
this.user = this.user.set('isWaiting', true);
this.emitChange();
}
handleLoginSuccess() {
this.user = this.user.merge({ isWaiting: false, authenticated: true });
this.emitChange();
}
handleLogoutAttempt() {
this.user = this.user.set('isWaiting', true);
this.emitChange();
}
handleLogoutSuccess() {
this.user = this.user.merge({ isWaiting: false, authenticated: false });
this.emitChange();
}
}
// Export our newly created Store
export default alt.createStore(UserStore, 'UserStore');
我通过简单地执行User.getState()。user.get(authenticated)检查我的用户是否经过身份验证,登录后返回true,但是如果我手动输入任何URL或刷新页面,则返回false。我也在使用react-router,我认为这是它崩溃的地方。
<Route>
<Route name ="dash" path="/dashboard" handler={App}>
<Route name ="dashboard" path="/dashboard" handler={Dashboard}/>
<Route name ="reports" path="/reports" handler={Report} />
<Route name ="employees" path="/employees" handler={Employees}/>
<Route name ="MyEmployees" path="/MEmployees" handler={MyEmployees}/>
<Route name ="AllEmployees" path="/AEmployees" handler={AllEmployees}/>
<Route name ="Profile" path="/profile" handler={Profile}/>
<Route name ="reportstocomplete" path="/reportsc" handler={ReportsToComplete}/>
<Route name ="addReport" path="/addReport" handler={AddReports}/>
<Route name ="readme" path="/readme" handler={Readme}/>
<Route name ="statistics" path="/statistics" handler={Stats}/>
<Route name ="signup" path="/signup" handler={Signup} />
<Route name ="login" path="/" handler={Login} />
</Route>
</Route>
登录后,如果成功并且允许用户前往仪表板,它将重新呈现屏幕,一旦我在那里,用户仍然“经过身份验证”,我可以通过我在网页上点击的按钮导航到任何路线或导航栏上的按钮(通过react-router)。但是,如果我刷新,单击链接,或手动键入/ dashboard或/ posts,则会显示用户的状态未在控制台中进行身份验证。我是否将用户信息存储在本地存储中?我正在使用mongo来保存用户数据并且工作正常,但是当你无法弄清楚为什么某些东西能够像这样工作时它非常令人沮丧..
答案 0 :(得分:1)
我弄清楚问题是什么。在服务器上,我使用cookieparser将会话保存到cookie中,并且我已将secure选项设置为true。因此,它不会创建任何非https的cookie。 Localhost不会在https上运行,这就是为什么它会继续忘记我商店中的用户。
app.use(cookieParser());
// Create a session middleware with the given options
// Note session data is not saved in the cookie itself, just the session ID. Session data is stored server-side.
// Options: resave: forces the session to be saved back to the session store, even if the session was never
// modified during the request. Depending on your store this may be necessary, but it can also
// create race conditions where a client has two parallel requests to your server and changes made
// to the session in one request may get overwritten when the other request ends, even if it made no
// changes(this behavior also depends on what store you're using).
// saveUnitialized: Forces a session that is uninitialized to be saved to the store. A session is uninitialized when
// it is new but not modified. Choosing false is useful for implementing login sessions, reducing server storage
// usage, or complying with laws that require permission before setting a cookie. Choosing false will also help with
// race conditions where a client makes multiple parallel requests without a session
// secret: This is the secret used to sign the session ID cookie.
// name: The name of the session ID cookie to set in the response (and read from in the request).
// cookie: Please note that secure: true is a recommended option.
// However, it requires an https-enabled website, i.e., HTTPS is necessary for secure cookies.
// If secure is set, and you access your site over HTTP, the cookie will not be set.
app.use(session({
resave: true,
saveUninitialized: true,
// Use generic cookie name for security purposes
key: 'sessionId',
secret: secrets.sessionSecret,
// Add HTTPOnly, Secure attributes on Session Cookie
cookie: {
httpOnly: true,
secure: true
},
store: new MongoStore({ url: secrets.db, autoReconnect: true})
}));
app.use(passport.initialize());
app.use(passport.session());
app.use(flash());
刚刚摆脱了httpOnly和安全部分的cookie,因为它只运行在https