我有两个单独的应用程序:
NodeJS API服务器只向客户端提供json数据(并且不提供任何html页面)。
我在sessionStorage中存储有关已识别用户的信息。
问题: 当我登录系统并重新加载页面时,我在sessionStorage中丢失了有关用户的信息。
这是我的AngularJS身份验证服务:
module.exports = function($http, $location, $cookies, $alert, $window) {
$window.sessionStorage.setItem('currentUser', JSON.stringify($cookies.get('user')));
$cookies.remove('user');
return {
login: function(user) {
return $http.post('http://localhost:3000/api/login', user).success(function(data) {
$window.sessionStorage.setItem('currentUser', JSON.stringify(data));
$location.path('/fillprofile');
$alert({
title: 'Cheers!',
content: 'You have successfully logged in.',
placement: 'top-right',
type: 'success',
duration: 3
});
}).error(function() {
$alert({
title: 'Error!',
content: 'Invalid username or password.',
placement: 'top-right',
type: 'danger',
duration: 3
});
});
},
signup: function(user) {
return $http.post('http://localhost:3000/api/signup', user).success(function(data) {
$location.path('/login');
$alert({
title: 'Congratulations!',
content: 'Your account has been created.',
placement: 'top-right',
type: 'success',
duration: 3
});
}).error(function(response) {
$alert({
title: 'Error!',
content: response.data,
placement: 'top-right',
type: 'danger',
duration: 3
});
});
},
logout: function() {
return $http.get('http://localhost:3000/api/logout').success(function() {
$window.sessionStorage.setItem('currentUser', null);
$cookies.remove('user');
$location.path('/login');
$alert({
content: 'You have been logged out.',
placement: 'top-right',
type: 'info',
duration: 3
});
});
}
};
};
NodeJS API
app.use(function(req, res, next) {
if (req.user) {
res.cookie('user', JSON.stringify(req.user));
}
next();
});
function ensureAuthenticated(req, res, next) {
if (req.isAuthenticated()) next();
else res.send(401);
}
passport.serializeUser(function(user, done) {
done(null, user.id);
});
passport.deserializeUser(function(id, done) {
User.findById(id, function(err, user) {
done(err, user);
});
});
passport.use(new LocalStrategy(function(username, password, done) {
User.findOne({ username: username }, function(err, user) {
if (err) return done(err);
if (!user) return done(null, false);
user.comparePassword(password, function(err, isMatch) {
if (err) return done(err);
if (isMatch) return done(null, user);
return done(null, false);
});
});
}));
路线
app.post('/api/login', passport.authenticate('local'), function(req, res) {
res.cookie('user', JSON.stringify(req.user));
res.send(req.user);
});
app.post('/api/signup', function(req, res, next) {
var user = new User({
username: req.body.username,
email: req.body.email,
password: req.body.password
});
user.save(function(err) {
if (err) return next(err);
res.send(200);
});
});
app.get('/api/logout', function(req, res, next) {
req.logout();
res.send(200);
});
答案 0 :(得分:2)
我通过添加标题
解决了这个问题 res.header('Access-Control-Allow-Credentials', true);
到我的NodeJS API服务器(CORS启用部分)。而且我还需要从withCredentials属性的客户端发送http请求。
$http({
method: 'POST',
url: 'http://localhost:3000/api/login',
withCredentials: true,
data: user
});
如上所述cdurth我需要删除$cookies.remove('user');行。最后改变
$window.sessionStorage.setItem('currentUser', JSON.stringify($cookies.get('user')));
到
$window.sessionStorage.setItem('currentUser', $cookies.get('user'));
答案 1 :(得分:1)
尝试删除第3行的$cookies.remove('user');