如何解码快递会话cookie?

时间:2016-07-26 19:13:20

标签: node.js session encryption loopbackjs

我尽可能地解决了问题,但仍无法解决问题。

我创建了一个带有环回的空服务器,添加了express-sessionbody-parser 中间件

 "session": {
    "express-session": {
      "params": {
        "name": "id",
        "secret": "potato with eyes",
        "httpOnly": "false"
      }
    }
  },
  "auth": {},
  "parse": {
    "body-parser": {},
    "body-parser#json": {},
    "body-parser#urlencoded": {"params": { "extended": true }}
  }

然后,我向root.js.添加了一对方法。第一个将session.id设置为变量。第二个在下一个请求中记录它:

module.exports = function (app)
{
    var cookieParser = require("cookie-parser")
    var router = app.loopback.Router()
    router.post("/login", function (req, res)
    {
        req.session.id = req.body.id
        console.log("Set id to " + req.body.id)
        res.end()
    })
    router.post("/addLead", function (req, res)
    {
        console.log("session", req.session)
        console.log("got id: ", req.session.id)
        console.log("decrypting single id:", cookieParser.signedCookie(req.session.id, "potato with eyes"))
        console.log("cookie! ", req.cookie)
        console.log("cookie parsed:", cookieParser.JSONCookie(req.cookie, "potato with eyes"))
        console.log("cookie parsed:", cookieParser.signedCookie(req.cookie, "potato with eyes"))
        res.status(403).send("You must login first")
    })
    app.use(router)
}

Cookie的解密失败。 id的解密不会改变它。

Web server listening at: http://localhost:3000
Browse your REST API at http://localhost:3000/explorer
Set id to 15
session Session {
  cookie:
   { path: '/',
     _expires: null,
     originalMaxAge: null,
     httpOnly: true } }
got id:  XifrUZXLhKcDHYqQwxESQlLQQ6N1j49d
decrypting single id: XifrUZXLhKcDHYqQwxESQlLQQ6N1j49d
cookie!  undefined
cookie parsed: undefined
cookie parsed: undefined

以下是我用于测试的html:

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <meta charset="utf-8" />
    <title></title>
    <script src="https://code.jquery.com/jquery-3.1.0.min.js"
            integrity="sha256-cCueBR6CsyA4/9szpPfrX3s49M9vUU5BgtiJj06wt/s="
            crossorigin="anonymous"></script>

    <script>
        function log(data)
        {
            console.log(JSON.stringify(data))
        }
        $.post("http://localhost:3000/login", { name: "John Smit", id: 15 }, function (data)
        {
            log(data)
            $.post("http://localhost:3000/addLead", {
                name: "Anton Berezin", phone: "337225", model: "1234",
                mark: "Toyota", yearFrom: "2014", yearTo: "2017"
            }, function (data)
            {
                log(data)
                alert(JSON.stringify(data))
            })
            .fail(function (error)
            {
                log(error)
            })

        })
        .fail(function(error)
        {
            alert(JSON.stringify(error))
        })
    </script>
</head>
<body>

</body>
</html>

带有项目的档案: http://www.filedropper.com/cookietest

我会感激任何帮助

编辑: 使用req.cookie代替req.session.cookie进行了测试。没有改变输出。

1 个答案:

答案 0 :(得分:0)

您不应将cookie-parserexpress-session anymore一起使用。

由于您注册了express-session,我会以这种方式修改您的代码

module.exports = function (app)
{
    var router = app.loopback.Router()

    // serialize the session
    router.post("/login", function (req, res)
    {
        req.session = {
           userId: 123,
           accessToken: 'eadeadaew'
           // or whatever data you want to store in the session
        };
        console.log("Set session");
        res.end();
    });

    // deserialize the session
    router.post("/addLead", function (req, res)
    {
        if(req.session) {
            console.log("session", req.session);
            console.log("user id: ", req.session.userId);
            console.log("token ", req.session.accessToken);
            res.end();
        } else {
            res.status(403).send("You must login first");
        }
    })
    app.use(router);
}
相关问题
最新问题