Home >Web Front-end >JS Tutorial >Simple use of sessions in Nodejs and methods of authentication through sessions_node.js
Session needs no introduction, so that one http can correspond to one end user.
The essence of session is implemented using cookies.
The principle is probably: http brings the server to set cookies in advance, the server gets the cookie indicating the user's identity, and then goes to a fixed location (database, file) to retrieve the corresponding user identity. Assign the identity to the request of this request, and the user's identity will be known during program processing. (It is automatically implemented for you in PHP, ASP or other server-side languages)
Implement cookies
A cookie that identifies the user needs to be set for each user. You can use the following rules
MD5 value of registered email + MD5 value of password + MD5 value of random code. (Just an example, this may not be a good solution)
Server-side code snippet:
res.setHeader("Set-Cookie", ["sid="+newUser.toCookie()+";path=/;domain="+config.domain+";expires="+new Date("2030") ]);
cookie
sid=275fccab7935736ff68c95c3ddbfaaee|275fccab7935736ff68c95c3ddbfaaee|275fccab7935736ff68c95c3ddbfaaee
Use cookies to obtain user identity and set up session
Direct all non-static resource requests here for processing. Get the cookie, split the cookie and find qualified users in the database. Finally, use next to jump to the next request logic.
The next request logic is to directly use req.session.user to obtain the user object.
session:function(req, res, next){ req.session = {}; if( req.cookies && req.cookies.sid ){ var a = req.cookies.sid.split("|"); var hexMail = a[0]; var hexPwd = a[1]; var hexRandom = a[2]; UserModel.hexFind(hexMail, hexPwd, hexRandom, function( status ){ //console.log("hexFind", status ); if(status.code == "0"){ //req.cookiesSelecter = cookiesSelecter; req.session.user = status.result; } next(); }); }else{ next(); } }
Let me talk about how nodejs implements identity authentication through session
nodejs express session authentication
1) Import module
var session = require('express-session'); var cookieParser = require('cookie-parser');
2) Apply cookie and session
app.use(cookieParser()); app.use(session({ resave: true, // don't save session if unmodified saveUninitialized: false, // don't create session until something stored secret: 'love' }));
3) When requesting, apply authentication
app.use(function(req,res,next){ if (!req.session.user) { if(req.url=="/login"){ next();//如果请求的地址是登录则通过,进行下一个请求 } else { res.redirect('/login'); } } else if (req.session.user) { next(); } });
4) Login design
app.get('/login',function(req,res){ res.render("login"); }); app.post('/login',function(req,res){ if(req.body.username=="love" && req.body.password=="love"){ var user = {'username':'love'}; req.session.user = user; res.redirect('/admin/app/list'); } else { res.redirect('/login'); } }); app.get('/logout',function(req,res){ req.session.user = null; res.redirect('/login'); });