我下面有一个nodejs登录应用程序。我没有使用passportjs。除了注销破坏 session 问题之外,一切都很好。问题就在这里。当用户单击注销按钮时,用户将注销,但 session 不会因此被破坏,我仍然可以在仪表板上访问用户 session 数据。
初始化 session 后,我添加了下面的代码,但没有办法。
if(userId == null){
res.redirect("/login");
return;
}
这是app.js代码
var express = require('express')
, routes = require('./routes')
, user = require('./routes/user')
, http = require('http')
, path = require('path');
//var methodOverride = require('method-override');
var session = require('express-session');
var app = express();
var mysql = require('mysql');
var bodyParser=require("body-parser");
var connection = mysql.createConnection({
host : 'localhost',
user : 'root',
password : '',
database : 'nodejs'
});
connection.connect();
global.db = connection;
// all environments
app.set('port', process.env.PORT || 8080);
app.set('views', __dirname + '/views');
app.set('view engine', 'ejs');
app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json());
app.use(express.static(path.join(__dirname, 'public')));
app.use(session({
secret: 'Star boyoyo44',
resave: false,
saveUninitialized: true,
cookie: { maxAge: 60000 }
}))
// development only
app.get('/', routes.index);//call for main index page
app.get('/login', routes.index);//call for login page
app.post('/login', user.login);//call for login post
app.get('/home/dashboard', user.dashboard);//call for dashboard page after login
app.get('/home/logout', user.logout);//call for logout
//Middleware
app.listen(8080)
这里是user.js
//-----------------------------------------------login page call------------------------------------------------------
exports.login = function(req, res){
var message = '';
var sess = req.session;
if(req.method == "POST"){
var post = req.body;
var name= post.user_name;
var pass= post.password;
db.query('SELECT * FROM users1 WHERE user_name = ? and password =?',[name,pass], function (err, results, fields) {
if(results.length){
req.session.userId = results[0].id;
req.session.user = results[0].id;
req.session.last_name = results[0].last_name;
console.log(results[0].id);
console.log(req.session.last_name);
res.redirect('/home/dashboard');
}
else{
message = 'Wrong Credentials.';
res.render('index.ejs',{message: message});
}
});
} else {
res.render('index.ejs',{message: message});
}
};
//-----------------------------------------------dashboard page functionality----------------------------------------------
exports.dashboard = function(req, res, next){
var user = req.session.user,
userId = req.session.userId;
console.log('ddd='+userId);
var seco= req.session.last_name;
console.log(seco);
if(userId == null){
res.redirect("/login");
return;
}
res.render('dashboard.ejs', {user:user, sec1:seco, user1:userId});
/*
var sql="SELECT * FROM `users1` WHERE `id`='"+userId+"'";
db.query(sql, function(err, results){
res.render('dashboard.ejs', {user:user, sec1:seco, user1:userId});
});
*/
};
//------------------------------------logout functionality----------------------------------------------
exports.logout=function(req,res){
res.clearCookie('myCookie');
res.clearCookie('connect.sid');
req.session.destroy(function(err) {
res.redirect("/login");
})
};
最佳答案
我已经找到解决办法了。我必须清除浏览器上的 cookie 并将注销代码更改为以下内容并解决问题
exports.logout=function(req,res){
sess=req.session;
var data = {
"Data":""
};
sess.destroy(function(err) {
if(err){
data["Data"] = 'Error destroying session';
res.json(data);
}else{
data["Data"] = 'Session destroy successfully';
res.json(data);
//res.redirect("/login");
}
});
};
我还按照下面的代码将注销用户的缓存控制 header 有条件地设置为无缓存,以强制浏览器获取页面的新副本,即使他们点击“后退”也是如此。
//在所有路由器之前设置此代码
app.use(function(req, res, next) {
if (!req.user)
res.header('Cache-Control', 'private, no-cache, no-store, must-revalidate');
next();
});
关于node.js - 注销后nodejs实际上并没有销毁 session ,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/51883119/