这是一个在stack overflow上经常被问到的问题,我查了很多帖子,但都没有用.我试图做一个登录页面,把User_id(成功登录后)保存在session变量中,然后用这个变量来检查用户是否登录。后面的部分我试图在一个中间件中实现它。
但是我的改变并没有保存在不同的路由中。例如:-
这是我的登录路径(我在session会话中存储user_id的地方)
router.post("/login", function(req,res){
User.findOne({EnrollNumber: req.body.EnrollNumber}, function(err, user){
if(err|| !user ||!(bcrypt.compareSync(req.body.password, user.password))){
console.log("Incorrect Email Password");
}else{
console.log("Login is successfull");
//Setting Up the session
req.session.userId= user._id;
console.log(req.session.userId);
}
console.log(req.session);
});
res.redirect("/forum");
这里的 console.log(req.session)的输出为
Session {
cookie: { path: '/', _expires: null,
originalMaxAge: null, httpOnly: true },
userId: 5eb3892938...
}
我的中间件
var middlewareObj ={}
middlewareObj.isLoggedIn= function(req,res,next){
console.log("My Session variable is");
console.log(req.session);
if(req.session.userId){
console.log("Session variable is set");
return next();
}
console.log("User is not logged in");
res.redirect("/login");
}
module.exports = middlewareObj;
这里是输出
My Session variable is
Session {
cookie: { path: '/', _expires: null, originalMaxAge: null, httpOnly: true }
}
User is not logged in
因此,即使我已经登录,也无法访问这些页面。
我的app.js
var express = require("express");
var app = express();
var bodyParser = require("body-parser");
var mongoose = require("mongoose");
var methodOverride = require("method-override");
var session = require('express-session');
//Requiring Routes
var forumRoutes = require("./routes/forums");
var threadRoutes = require("./routes/threads");
var indexRoutes = require("./routes/index");
var commentRoutes= require("./routes/comments");
mongoose.connect("mongodb://localhost/Project_forum");
app.use(bodyParser.urlencoded({ extended: true }));
app.set("view engine", "ejs");
app.use(express.static(__dirname + "/public"));
app.use(methodOverride("_method"));
app.use(session({
resave: false, // don't save session if unmodified
saveUninitialized: false, // don't create session until something stored
secret: 'shhhh, very secret lubba wubba dubba etc etc'
}));
app.use("/", indexRoutes);
app.use("/forum", forumRoutes);
app.use("/forum/:id/thread", threadRoutes);
app.use("/forum/:id/thread/:id/comments", commentRoutes);
app.listen(8000, function () {
console.log("The forum Server Has Started!");
});
把你的登录路径改成这样:-
router.post("/login", function(req,res){
User.findOne({EnrollNumber: req.body.EnrollNumber}, function(err, user){
if(err|| !user ||!(bcrypt.compareSync(req.body.password, user.password))){
console.log("Incorrect Email Password");
res.redirect("someplace");
}else{
console.log("Login is successfull");
//Setting Up the session
req.session.userId= user._id;
console.log(req.session.userId);
res.redirect("Some Another place (i.e ur secret page)");
}
});
在session更改后加入res.sendredirect就可以保存了。