Loopback(express)使用其他访问令牌响应请求

时间:2015-10-28 02:20:06

标签: node.js express authorization loopbackjs

有时当有多个人登录系统时,它似乎有问题:在个人资料页面上,它不显示我的用户,而是显示其他用户。刷新页面后,它恢复正常,显示正确的用户信息。

我的程序使用访问令牌进行授权,因此我决定使用访问令牌响应配置文件页面的请求,以检查浏览器是否相同。事实证明,有时它是,有时它不是。什么可能导致这个问题?

// routes.js

/**
 * I include this middleware just in case
 * but I don't think It's the cause.
 */ 
app.use('/login', function(req, res, next) {
    if(!req.cookies.Authorization) {
        return next();
    }

    AccessToken.findOne(
        { where: { id: req.cookies.Authorization}},
        onFoundAccessToken
    );

    function onFoundAccessToken(err, access_token) {
        if(err || !access_token) {
            return next();
        }
        res.redirect('/app/agenda');
    }
});


/**
 * profile page route handler
 */ 
app.get('/app/profile', function(req, res) {
    var Session = app.models.Session;
    AccessToken.findOne(
        { where: { id: req.cookies.Authorization}},
        onFoundAccessToken
    );

    function onFoundAccessToken(err, accessToken) {
        if(err || !accessToken) {
            return res
                .status(403)
                .redirect('/login');
        }

        accessToken.user(onFoundUser);
    }

    function onFoundUser(err, user) {
        if(err || !user) {
            console.log(err || 'no user found');
        }

        var data = {
            scripts: ['profile.js'],
            user: user,
            /**
             * accessToken is returned to client
             * in order to check if it's the same
             * as the one stored in the cookie at
             * the browser
             */
            accessToken: req.cookies.Authorization
        };

        res.render('pages/profile', data);
    }
});

1 个答案:

答案 0 :(得分:0)

我发现代码没有任何问题。我在互联网上的生产环境中对它进行了测试,并且有一个ISP缓存有时会处理请求而不是生产服务器。

所以我补充说:

<meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate" />
<meta http-equiv="Pragma" content="no-cache" />
<meta http-equiv="Expires" content="0" />

告诉任何ISP和浏览器不要缓存此页面。

参考:How to control web page caching, across all browsers?