Simple use of sessions in Nodejs and methods for identity authentication through sessions _ node. js

Source: Internet
Author: User
The essence of session is implemented using cookies. This article introduces the simple use of session in Nodejs and the method for implementing identity authentication through session. if you are interested in jssession related knowledge, you can learn it together. The session does not need to be described more, so that an http can correspond to an end user.

The essence of session is implemented using cookies.

The principle is probably: http brings the server to set the cookie in advance, the server gets the cookie indicating the user's identity, and then retrieves the corresponding user identity from a fixed location (database, file. Assign the identity value to the request of this request, and the user's identity will be known in the process. (It is automatically implemented in PHP, ASP, or other server languages)

Implement cookie

You need to set a cookie that can identify the user for each user. You can use the following rules:

The MD5 value of the registered email address + the MD5 value of the password + the MD5 value of the random code. (For example, this may not be a good solution)

Server code snippet:

res.setHeader("Set-Cookie", ["sid="+newUser.toCookie()+";path=/;domain="+config.domain+";expires="+new Date("2030") ]); 

Cookie

sid=275fccab7935736ff68c95c3ddbfaaee|275fccab7935736ff68c95c3ddbfaaee|275fccab7935736ff68c95c3ddbfaaee 

Use cookies to get user identities and set Sessions

All requests for non-static resources are directed here for processing. Obtain the cookie, split the cookie, and search for qualified users in the database. Finally, use next to jump to the next request logic.

The next request logic directly uses req. session. user to obtain the user object.

session:function(req, res, next){req.session = {};if( req.cookies && req.cookies.sid ){var a = req.cookies.sid.split("|");var hexMail = a[0];var hexPwd = a[1];var hexRandom = a[2];UserModel.hexFind(hexMail, hexPwd, hexRandom, function( status ){//console.log("hexFind", status );if(status.code == "0"){//req.cookiesSelecter = cookiesSelecter;req.session.user = status.result;}next();});}else{next();} }

Let's talk about nodejs's identity authentication through session.

Nodejs express session authentication

1) Introduction module

var session = require('express-session');var cookieParser = require('cookie-parser');

2) apply cookies and Sessions

app.use(cookieParser());app.use(session({resave: true, // don't save session if unmodifiedsaveUninitialized: false, // don't create session until something storedsecret: 'love'}));

3) application authentication during request

App. use (function (req, res, next) {if (! Req. session. user) {if (req. url = "/login") {next (); // if the requested address is a logon address, the next request is sent.} else {res. redirect ('/login');} else if (req. session. user) {next ();}});

4) login design

app.get('/login',function(req,res){res.render("login");});app.post('/login',function(req,res){if(req.body.username=="love" && req.body.password=="love"){var user = {'username':'love'};req.session.user = user;res.redirect('/admin/app/list');}else{res.redirect('/login');}});app.get('/logout',function(req,res){req.session.user = null;res.redirect('/login');});

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.