快速会话请求会话不持久

时间:2020-06-05 03:54:06

标签: node.js express session express-session

我当前正在使用具有connect-session-knex作为存储的快速会话,我的问题是该会话不会在API调用之间持续。在以后的请求期间,无法访问任何设置为req.session的变量,并且sessionID每次也不同。

例如,在下面的代码中,调用login将正确设置req.session.user(我可以在数据库和console.log中看到这一点),但是当之后调用checkAuth时,req.session.user由于开始了新的会话,因此未定义。

我已经阅读了有关此主题的其他答案,并尝试了每个建议的修复程序(手动调用req.session.save,检查cors配置,重新排序中间件调用,在express-session配置中设置“安全:假”,设置客户端上的“凭据:包含”),但它们似乎都不起作用。非常感谢任何建议!

1。配置 

app.use(cors({
    origin: 'http://localhost:3000',
    credentials: true
  }))

app.use(session({
  secret: process.env.SESSION_SECRET,
  saveUninitialized: false,
  resave: false, 
  cookie: {
    httpOnly: false, 
    maxAge: 14400000, 
    sameSite: true,
    secure: false
  }
}))

app.use('/session', routes.session);
app.use('/user', routes.user);
app.use('/schedule', routes.schedule);
app.use('/message', routes.message);

2。 API方法 

//example values for simplicity
let correctEmail = "bob@gmail.com"
let correctPassword = "password"
let userId = 31 

router.post('/login', (req, res) => {
    const {email, password} = req.body
    if (email === correctEmail && password === correctPassword) { 
        req.session.user = userId
        req.session.save()
        console.log(req.session.user)     //31
        return res.sendStatus(200)
    } else {
        return res.status(400).send({error: "Those account details don't match our records"})
    } 
});

router.post('/checkAuth', (req, res) => {
  console.log(req.session.user)     //undefined
  if (req.session.user) {
    return res.sendStatus(200)
  } else {
    return res.status(400).send({error: "Not authenticated"})
  }
});

3。客户端通话 

const login = async () => {
        const requestHeaders = {
            Accept: 'application/json',  
            'Content-Type': 'application/json',
            'Access-Control-Request-Method': 'POST',
        }
        fetch(serverAddress + "/session/onboard/provider", { 
            method: 'POST',
            credentials: 'include',
            mode: 'cors',
            headers: requestHeaders, 
            body: JSON.stringify(person)
        });
    }
    
const checkAuth = async () => {
        const requestHeaders = {
            Accept: 'application/json',  
            'Content-Type': 'application/json',
            'Access-Control-Request-Method': 'POST',
        }
        fetch(serverAddress + "/session/checkAuth", { 
            method: 'POST',
            credentials: 'include',
            mode: 'cors',
            headers: requestHeaders, 
            body: JSON.stringify(data),
        });
    }

0 个答案:

没有答案
相关问题
最新问题