Express Session Verification

I didn't know it before, now tidy it up.

Three stages:

1, Cookie-session implementation session needs Cookie-parse

Router.get ('/restricted ', function (req, res, next) {//Session req.session.restricted = True;if (! Req.session.restrictedCount) {req.session.restrictedCount = 1;} else{req.session.restrictedcount++;} Res.redirect ('/library ');}); Router.get ('/library ', function (req, res, next) {Console.log (Util.inspect ({cookie:req.cookies})); req.session.restricted) {res.render (' test ', {title:req.session.restrictedCount});} Else{res.render (' Test ', {title: ' Welcome '})})

2. Basic-auth-connect Basic HTTP Authentication

Two different ways

Global validation

var BasicAuth = require (' Basic-auth-connect '), var auth = BasicAuth (function (user, pass) {  return (user = = = ' Test ' & ;& pass = = = ' Test ');

Authentication for a separate route

var BasicAuth = require (' Basic-auth-connect '), var auth = BasicAuth (function (user, pass) {  return (user = = = ' Test ' & ;& pass = = = ' Test '); Router.get ('/library ', auth, function (req, res, next) {

3. Express-session Session Authentication: Management session.

Remove authentication: Destroy note to write to

Redirect, do not add {}

The example in the book is Need Body-parse Cookie-parse (secret), the official website example is only need express-session

Tutorial: http://www.cnblogs.com/chenchenluo/p/4197181.html

Server-Side Send session two ways: cookie, url rewrite

If the maxage is not set, the browser will be deactivated.

Memory is typically written to, but can also be written to another database.

Official website Tutorial: https://github.com/expressjs/session

The default is memory storage, after the online, to be deposited into the database.

The properties of the session ()

Cookie:path,httponly, secure, MaxAge

Secure:true->https

Secure:false->http, trust Proxy

GenID

Name: Same host (hostname+port), need name to distinguish session

Proxy

Resave: If you have touch, set false; otherwise set true, which is generally true

Rolling:false

Saveuninitialized:

Secret:store, unset

Method: Regenerate Destory reload Save Touch (with properties of the new MaxAge)

Property: Req.session.id Req.session.cookie Req.sessionid

Store to Database

Have body-parse Cookie-parse can, use alone express-session also can (official website), the following just use destroy regenerate method, still have a lot of function useless.

var bodyparser = require (' Body-parser '); var cookieparser = require (' Cookie-parser '); var session = require (' Express-session '); App.use (Cookieparser (' SFP ')); App.use (session ()); Router.get ('/restricted ', function (req, res, Next) {//session if (Req.session.user) {res.render (' result ', {title: ' title ', success:req.session.success})}else{ Console.log (' error ' +req.session.error); req.session.error = ' access Denied '; Res.redirect ('/login ');}}); Router.get ('/logout ', function (req, res, next) {//Session Req.session.destroy (function () {res.redirect ('/login ');})}); Router.get ('/login ', function (req, res, next) {//session if (Req.session.user) {console.log (' Get login user '); Res.redirect (' /restricted ');} else if (req.session.error) {console.log (' Get login error '); Res.render (' test ', {title: ' Login ', response: Req.session.error})}else{console.log (' Get login '); Res.render (' test ', {title: ' Login ', response: ' Get '})}); Router.post ('/login ', function (req, res, next) {Console.log (req.body.uname); Console.log (REQ.BODY.PW);//session var user = { NamE:req.body.uname, PASSWORD:MD5 (' Test ')};if (User.password = = = MD5 (REQ.BODY.PW)) {Console.log (' Post login success '); Req.session.regenerate (function () {req.session.user = User;req.session.success = ' auth as ' +user.name;res.redirect ('/ Restricted ');})} Else{console.log (' Post login fail '); Req.session.regenerate (function () {req.session.error = ' auth faild '; res.redirect ('/restricted ');})});

Express Session Verification