A preliminary study on express----cookie+session

As node's heat increased, I had to go back to learning about node. JS (a little bit last year). Say two important things today. Cookies and session;

All right, let's talk first about Cookie;cookie. OK, Baidu a bit. It seems complicated. Talk about my understanding. A cookie is a straightforward one that is stored on your client's identity card. When you enter the website of a website, he (server) will ask you to, you will also take the initiative to him. We can easily see the cookie.

Well, this is just a big push on cookies. We can not only look at, but also can change casually. Then we'll talk about what it's for. We often see a website log in when there is a next automatic login, right? So why would he be able to log in directly next time we go? Yes, it's a cookie. When the server sets a cookie to our computer, we can give the token to the server. And then you put us in. Maybe some of the classmates thought. If you can change it, you can pretend to be one. It's dripping. Yes, that's what we always say. Cookies disguised. Anyway, the security of cookies is still very large. No more talking. Let's start by studying how to set up cookies. (Generally speaking, the session and the cookie have a certain connection relationship.) We are only learning now, simply try, do not write Sessionle. My Express is 4.x---x several forgotten. This has little effect)

Clear the cookie first.

function (req, res, next) {
Plus this sentence    Res.cookie (true})     res.redirect ('/user ')});

We're looking at it now.

Good. Our cookie has already appeared. So next time we how to judge a user there is no cookie, OK, just use this

Console.log (Req.cookies.name)

We can get to that, right, then judge that he does not exist on the line. Here I want to explain. Several values of the cookie. Domian is a domain. Invalid if the domain is different. Path is the route, and HTTP hits a groove that the client can access. All right. We already know what the cookie is, but obviously it doesn't work. We can only judge that he has not been able to judge his information. Then the session is over.

Tell me what the session is. The session is stored on the server side. Also part of HTTP. The session is effectively saved for 20 minutes. A concept called SessionID is mentioned here. Let's talk about the process first. When you access the server (assuming the developer has set the session). Generates a SessionID this thing will become set-cookie in the response head, in fact this thing is a local browser of a SessionID. Then there will be something called SessionID on the server side. This ID will point to the session. So there's a problem. Closing the browser ID will disappear. But the super boss of the session will still exist. Until the time has passed. That's not what the crap is. Let's take a look at the effect

Routing:

Router.get ('/',function(req, res, next) {Console.log (Req.session.user)if(!Req.session.user) {Res.render (' Index ')     }     Else{res.redirect ('/user ')}}); Router.post (‘/‘,function(req,res) {varuser ={name:req.body.nicai, pass:req.body.pass} req.session.user=user; Res.redirect ('/user ')}) Router.get ('/user ',function(req, res) {Console.log (Req.session.user) res.send (Req.session.user.name)})

App.use (Session ({//SessionID name to be sent back in cookieName: ' session_id ',  //use it to sign the session cookie, prevent tampering, and fill in the stringSecret: ' AAAA ',  //Force Save session even if it doesn't changeResave:true,  //forces the uninitialized session to be stored. When a session is created and a property or value is not set, it is in an uninitialized state.   //before setting a cookie, this is helpful for login verification, reducing the storage pressure on the server and controlling the permissions. Saveuninitialized:true,  //set the cookie properties. Set secure to True when your connection is HTTPSCookie: {path: '/', HttpOnly:true, Secure:false },}));

This will allow you to read the session. Of course I am in memory, this is not good, it consumes memory. You can save the database.

Say another question. We can see that the session and the cookie are actually together with the SessionID connection, then there is a problem. If we say that the cookie is not disabled, we will lose the session. The workaround is URL rewriting, of course this is also a way to improve performance (of course, I will not.) Hey. Later study again)

All right, that's it for today. Other Express is not complicated. Let me know when you are free.

A preliminary study on express----cookie+session