I didn't know it before, now tidy it up.
Three stages:
1, Cookie-session implementation session needs Cookie-parse
Router.get ('/restricted ', function (req, res, next) {//Session req.session.restricted = True;if (! Req.session.restrictedCount) {req.session.restrictedCount = 1;} else{req.session.restrictedcount++;} Res.redirect ('/library ');}); Router.get ('/library ', function (req, res, next) {Console.log (Util.inspect ({cookie:req.cookies})); req.session.restricted) {res.render (' test ', {title:req.session.restrictedCount});} Else{res.render (' Test ', {title: ' Welcome '})})
2. Basic-auth-connect Basic HTTP Authentication
Two different ways
Global validation
var BasicAuth = require (' Basic-auth-connect '), var auth = BasicAuth (function (user, pass) { return (user = = = ' Test ' & ;& pass = = = ' Test ');
Authentication for a separate route
var BasicAuth = require (' Basic-auth-connect '), var auth = BasicAuth (function (user, pass) { return (user = = = ' Test ' & ;& pass = = = ' Test '); Router.get ('/library ', auth, function (req, res, next) {
3. Express-session Session Authentication: Management session.
Remove authentication: Destroy note to write to
Redirect, do not add {}
The example in the book is Need Body-parse Cookie-parse (secret), the official website example is only need express-session
Tutorial: http://www.cnblogs.com/chenchenluo/p/4197181.html
Server-Side Send session two ways: cookie, url rewrite
If the maxage is not set, the browser will be deactivated.
Memory is typically written to, but can also be written to another database.
Official website Tutorial: https://github.com/expressjs/session
The default is memory storage, after the online, to be deposited into the database.
The properties of the session ()
Cookie:path,httponly, secure, MaxAge
Secure:true->https
Secure:false->http, trust Proxy
GenID
Name: Same host (hostname+port), need name to distinguish session
Proxy
Resave: If you have touch, set false; otherwise set true, which is generally true
Rolling:false
Saveuninitialized:
Secret:store, unset
Method: Regenerate Destory reload Save Touch (with properties of the new MaxAge)
Property: Req.session.id Req.session.cookie Req.sessionid
Store to Database
Have body-parse Cookie-parse can, use alone express-session also can (official website), the following just use destroy regenerate method, still have a lot of function useless.
var bodyparser = require (' Body-parser '); var cookieparser = require (' Cookie-parser '); var session = require (' Express-session '); App.use (Cookieparser (' SFP ')); App.use (session ()); Router.get ('/restricted ', function (req, res, Next) {//session if (Req.session.user) {res.render (' result ', {title: ' title ', success:req.session.success})}else{ Console.log (' error ' +req.session.error); req.session.error = ' access Denied '; Res.redirect ('/login ');}}); Router.get ('/logout ', function (req, res, next) {//Session Req.session.destroy (function () {res.redirect ('/login ');})}); Router.get ('/login ', function (req, res, next) {//session if (Req.session.user) {console.log (' Get login user '); Res.redirect (' /restricted ');} else if (req.session.error) {console.log (' Get login error '); Res.render (' test ', {title: ' Login ', response: Req.session.error})}else{console.log (' Get login '); Res.render (' test ', {title: ' Login ', response: ' Get '})}); Router.post ('/login ', function (req, res, next) {Console.log (req.body.uname); Console.log (REQ.BODY.PW);//session var user = { NamE:req.body.uname, PASSWORD:MD5 (' Test ')};if (User.password = = = MD5 (REQ.BODY.PW)) {Console.log (' Post login success '); Req.session.regenerate (function () {req.session.user = User;req.session.success = ' auth as ' +user.name;res.redirect ('/ Restricted ');})} Else{console.log (' Post login fail '); Req.session.regenerate (function () {req.session.error = ' auth faild '; res.redirect ('/restricted ');})});
Express Session Verification