我已尽我所能隔离了问题,但仍然无法解决它。
我创建了一个带有环回的空服务器,添加了
express-sessionbody-parser "session": {
"express-session": {
"params": {
"name": "id",
"secret": "potato with eyes",
"httpOnly": "false"
}
}
},
"auth": {},
"parse": {
"body-parser": {},
"body-parser#json": {},
"body-parser#urlencoded": {"params": { "extended": true }}
}
然后,我向
root.js.session.idmodule.exports = function (app)
{
var cookieParser = require("cookie-parser")
var router = app.loopback.Router()
router.post("/login", function (req, res)
{
req.session.id = req.body.id
console.log("Set id to " + req.body.id)
res.end()
})
router.post("/addLead", function (req, res)
{
console.log("session", req.session)
console.log("got id: ", req.session.id)
console.log("decrypting single id:", cookieParser.signedCookie(req.session.id, "potato with eyes"))
console.log("cookie! ", req.cookie)
console.log("cookie parsed:", cookieParser.JSONCookie(req.cookie, "potato with eyes"))
console.log("cookie parsed:", cookieParser.signedCookie(req.cookie, "potato with eyes"))
res.status(403).send("You must login first")
})
app.use(router)
}
cookie解密失败。解密 id 不会改变它。
Web server listening at: http://localhost:3000
Browse your REST API at http://localhost:3000/explorer
Set id to 15
session Session {
cookie:
{ path: '/',
_expires: null,
originalMaxAge: null,
httpOnly: true } }
got id: XifrUZXLhKcDHYqQwxESQlLQQ6N1j49d
decrypting single id: XifrUZXLhKcDHYqQwxESQlLQQ6N1j49d
cookie! undefined
cookie parsed: undefined
cookie parsed: undefined
这是我用于测试的html:
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta charset="utf-8" />
<title></title>
<script src="https://code.jquery.com/jquery-3.1.0.min.js"
integrity="sha256-cCueBR6CsyA4/9szpPfrX3s49M9vUU5BgtiJj06wt/s="
crossorigin="anonymous"></script>
<script>
function log(data)
{
console.log(JSON.stringify(data))
}
$.post("http://localhost:3000/login", { name: "John Smit", id: 15 }, function (data)
{
log(data)
$.post("http://localhost:3000/addLead", {
name: "Anton Berezin", phone: "337225", model: "1234",
mark: "Toyota", yearFrom: "2014", yearTo: "2017"
}, function (data)
{
log(data)
alert(JSON.stringify(data))
})
.fail(function (error)
{
log(error)
})
})
.fail(function(error)
{
alert(JSON.stringify(error))
})
</script>
</head>
<body>
</body>
</html>
还有一个项目的存档: http://www.filedropper.com/cookietest
我将不胜感激任何帮助
编辑: 使用
req.cookiereq.session.cookie您不再需要将
cookie-parserexpress-session既然你注册了express-session,我就这样修改你的代码
module.exports = function (app)
{
var router = app.loopback.Router()
// serialize the session
router.post("/login", function (req, res)
{
req.session = {
userId: 123,
accessToken: 'eadeadaew'
// or whatever data you want to store in the session
};
console.log("Set session");
res.end();
});
// deserialize the session
router.post("/addLead", function (req, res)
{
if(req.session) {
console.log("session", req.session);
console.log("user id: ", req.session.userId);
console.log("token ", req.session.accessToken);
res.end();
} else {
res.status(403).send("You must login first");
}
})
app.use(router);
}