我对Node护照会话中间件如何工作的理解是,一次调用SerializeUser来设置Cookie,它将Session ID存储在Cookie中,并将用户详细信息存储在会话中。在随后的调用中,它使用cookie提取会话,然后调用反序列化用户。所以预期的顺序是 序列化用户 反序列化用户 DeserializeUser(以此类推,直到会话超时)
但是我每两个反序列化调用之间都有一个serializeUser调用。我捕获了堆栈,它显示如下;
DeserializeUser:
at /server/src/utils/passport.js:82:3
at pass (/server/node_modules/passport/lib/authenticator.js:357:9)
at Authenticator.deserializeUser (/server/node_modules/passport/lib/authenticator.js:362:5)
at SessionStrategy.authenticate (/server/node_modules/passport/lib/strategies/session.js:60:10)
at attempt (/server/node_modules/passport/lib/middleware/authenticate.js:361:16)
at authenticate (/server/node_modules/passport/lib/middleware/authenticate.js:362:7)
at Layer.handle [as handle_request] (/server/node_modules/express/lib/router/layer.js:95:5)
at trim_prefix (/server/node_modules/express/lib/router/index.js:317:13)
at /server/node_modules/express/lib/router/index.js:284:7
SerializeUser:
at pass (/server/node_modules/passport/lib/authenticator.js:294:9)
at Authenticator.serializeUser (/server/node_modules/passport/lib/authenticator.js:299:5)
at SessionManager.logIn (/server/node_modules/passport/lib/sessionmanager.js:14:8)
at IncomingMessage.req.login.req.logIn (/server/node_modules/passport/lib/http/request.js:50:33)
at FacebookTokenStrategy.strategy.success (/server/node_modules/passport/lib/middleware/authenticate.js:248:13)
at verified (/server/node_modules/passport-facebook-token/lib/index.js:102:25)
at FacebookTokenStrategy._verify (/server/src/utils/passport.js:64:7)
at <anonymous>
如果有任何指示,为什么会这样呢?如果会话继续进行身份验证,我似乎将失去会话的任何好处。
我一直在进一步研究。当我们要求进行身份验证时,护照会遍历其策略。每种策略都可以响应以下其中一项:成功,失败,通过或错误。如果成功,它将不会尝试下一个策略。这里的问题是,即使会话策略能够成功进行序列化,它也会通过传递响应。然后,护照身份验证器尝试执行下一个策略,即facebook auth,这会导致SerializeUser发生。我不明白为什么SessionStrategy不会立即以Success响应并阻止护照探索以下策略。