Simple use of sessions in Nodejs and methods for identity authentication through sessions _ node. js

The essence of session is implemented using cookies. This article introduces the simple use of session in Nodejs and the method for implementing identity authentication through session. if you are interested in jssession related knowledge, you can learn it together. The session does not need to be described more, so that an http can correspond to an end user.

The essence of session is implemented using cookies.

The principle is probably: http brings the server to set the cookie in advance, the server gets the cookie indicating the user's identity, and then retrieves the corresponding user identity from a fixed location (database, file. Assign the identity value to the request of this request, and the user's identity will be known in the process. (It is automatically implemented in PHP, ASP, or other server languages)

Implement cookie

You need to set a cookie that can identify the user for each user. You can use the following rules:

The MD5 value of the registered email address + the MD5 value of the password + the MD5 value of the random code. (For example, this may not be a good solution)

Server code snippet:

res.setHeader("Set-Cookie", ["sid="+newUser.toCookie()+";path=/;domain="+config.domain+";expires="+new Date("2030") ]); 

Cookie

sid=275fccab7935736ff68c95c3ddbfaaee|275fccab7935736ff68c95c3ddbfaaee|275fccab7935736ff68c95c3ddbfaaee 

Use cookies to get user identities and set Sessions

All requests for non-static resources are directed here for processing. Obtain the cookie, split the cookie, and search for qualified users in the database. Finally, use next to jump to the next request logic.

The next request logic directly uses req. session. user to obtain the user object.

session:function(req, res, next){req.session = {};if( req.cookies && req.cookies.sid ){var a = req.cookies.sid.split("|");var hexMail = a[0];var hexPwd = a[1];var hexRandom = a[2];UserModel.hexFind(hexMail, hexPwd, hexRandom, function( status ){//console.log("hexFind", status );if(status.code == "0"){//req.cookiesSelecter = cookiesSelecter;req.session.user = status.result;}next();});}else{next();} }

Let's talk about nodejs's identity authentication through session.

Nodejs express session authentication

1) Introduction module

var session = require('express-session');var cookieParser = require('cookie-parser');

2) apply cookies and Sessions

app.use(cookieParser());app.use(session({resave: true, // don't save session if unmodifiedsaveUninitialized: false, // don't create session until something storedsecret: 'love'}));

3) application authentication during request

App. use (function (req, res, next) {if (! Req. session. user) {if (req. url = "/login") {next (); // if the requested address is a logon address, the next request is sent.} else {res. redirect ('/login');} else if (req. session. user) {next ();}});

4) login design

app.get('/login',function(req,res){res.render("login");});app.post('/login',function(req,res){if(req.body.username=="love" && req.body.password=="love"){var user = {'username':'love'};req.session.user = user;res.redirect('/admin/app/list');}else{res.redirect('/login');}});app.get('/logout',function(req,res){req.session.user = null;res.redirect('/login');});