我将SQL Server用作数据库,但无法获取列出的会话存储npm软件包以使SQL Server正常工作。直接将sessionID插入数据库中,然后验证客户端作为sessionID发送的内容是否与数据库sessionID匹配,是否有任何问题?我需要以某种方式告诉它不要将会话保存在内存中吗?
const uuidv1 = require('uuid/v1');
const bcrypt = require('bcrypt');
app.use(session({
genid: uuidv1,
name: 'session',
secret: 'thesecretcode',
resave: false,
saveUninitialized: false,
cookie: {
secure: false, /*no https*/
httpOnly: true,
sameSite: true,
maxAge: 600
}
}));
app.all('*', requireAuthentication);
function requireAuthentication(req, res, next) {
console.log(req.sessionID);
if (req.session.user) {
req.session.views++;
console.log(req.session.user)
res.render('home'); /*when logged in*/
} else {
req.session.views = 1;
req.session.user = 'MrUser';
next();
}
}
app.get('/', (req, res) => {
const saltRounds = 10;
bcrypt.hash(req.sessionID, saltRounds, function(err, hash) {
let promise = insert(req.session.user, hash);
});
res.render('landing'); /*when not logged in*/
})
function insert(theuser, sessionID) {
var thequery = "insert into session (sessiondata,sessionid,lasttouchedutc) values(@theuser,@sessionID,getdate())";
return new Promise(function(resolve, reject) {
var con = new msSqlConnecter.msSqlConnecter(config);
con.connect().then(function() {
new con.Request(thequery)
.addParam("theuser", TYPES.VarChar, theuser)
.addParam("sessionID", TYPES.VarChar, sessionID)
.onComplate(function(count, datas) {
resolve(datas);
// res.end()
}).onError(function(err) {
console.log(err);
}).Run();
}).catch(function(ex) {
console.log(ex);
});
});
}
答案 0 :(得分:0)
使用Redis的性能更高,但是您正在做的很好。始终通过将服务器端Cookie值与RDBMS中通常存储的值进行匹配来管理会话。
摘要: