Passport + Express-用户会话冲突

时间:2018-10-15 17:23:09

标签: node.js express passport.js

我有一个具有Passport Local身份验证的简单Node + Express应用程序,它运行得非常完美(提供了正确的页面,登录/注销工作等)。

但是,一个问题是,如果第二个用户登录,该会话将“接管”第一个用户的会话,并且突然第一个用户现在以第二个用户身份登录!

几乎可以肯定这是中间件顺序的问题,但是我找不到它-我对Passport和Express还是陌生的。该代码是从文档和示例中大量获取的,但是我可能会弄乱顺序。

我已经按照this answer中的顺序进行操作,但是仍然无法使用。谁能建议我可能会混在一起?

主服务器:

var express = require('express');
var passport = require('passport');
var Strategy = require('passport-local').Strategy;
var url = require('url');
var db = require('./db');

// Configure the local strategy for use by Passport.

passport.use(new Strategy(
  function(username, password, cb) {
    db.users.findByUsername(username, function(err, user) {
      if (err) { return cb(err); }
      if (!user) { return cb(null, false); }
      if (user.password != password) { return cb(null, false); }
      return cb(null, user);
    });
  }));

// Configure Passport authenticated session persistence.

passport.serializeUser(function(user, cb) {    
  console.log('DEBUG: serializeUser called ' + user.id);    
  cb(null, user.id);
});

passport.deserializeUser(function(id, cb) {    
  console.log('DEBUG: deserializeUser called ' + id);    
  db.users.findById(id, function (err, user) {
    if (err) { return cb(err); }
    cb(null, user);
  });
});

// Create a new Express application.

// Use application-level middleware for common functionality  (Order is important!)
// Initialize Passport and restore authentication state, if any, from the session.

var app = express();

app.use(require('cookie-parser')());
app.use(require('body-parser').urlencoded({ extended: true }));
app.use(require('express-session')({ secret: 'qwerty', resave: false, saveUninitialized: false }));  // Step 2.
app.use(passport.initialize());
app.use(passport.session()); 


app.post('/login', 
  passport.authenticate('local', { failureRedirect: '/login.html' }),
  function(req, res) {
    console.log('Logged In: ' + req.user.username);
    res.redirect('/');
  });

app.get('/logout', function(req, res){

    if (req.user != null) {          
        console.log('Logged Out: ' + req.user.username);
        req.logout();    
    } else {
        console.log('Warning: null user logging out');
    }

    res.redirect('/login.html');
});

app.get('/user', function(req, res){   
    if (req.user != null) {          
        res.send(req.user.displayName);      
    } else {
        res.send('ERROR: No current user?');
    }
});

function isAuthenticated(req, res, next) {

    if (req.user) {   // User is logged in
        return next();
    }

   if (req.url.startsWith('/login')) {   // Allow login through to avoid infinite loop
       return next();
   }

   res.redirect('/login.html');
}

app.use('/', isAuthenticated, express.static('/public/'));

db / users.js文件:

var records = [
    { id: 1, username: 'jill', password: 'birthday', displayName: 'Jill'}
    { id: 2, username: 'jack', password: 'hello',    displayName: 'Jack'}
];

exports.findById = function(id, cb) {
  process.nextTick(function() {
    var idx = id - 1;
    if (records[idx]) {
      cb(null, records[idx]);
    } else {
      cb(new Error('User ' + id + ' does not exist'));
    }
  });
}

exports.findByUsername = function(username, cb) {
  process.nextTick(function() {
    for (var i = 0, len = records.length; i < len; i++) {
      var record = records[i];
      if (record.username === username) {
        return cb(null, record);
      }
    }
    return cb(null, null);
  });
}

1 个答案:

答案 0 :(得分:0)

风滚草!

因此,事实证明它工作正常-问题仅在于Chrome在各个标签之间重用了其会话。我在该问题的答案中发现了一条有用的意见。从Chrome一次登录,从IE再次登录可以正常工作,没有冲突。

Node + Passport - multiple users