Use of Express Session
Session brief introduction
Session is another mechanism for recording client state. The difference is that cookies are stored in the client browser, while sessions are stored on the server.
Purpose of Session: The
session runs on the server side, and when the client accesses the server for the first time, the client's login information can be saved.
When a customer visits other pages, the customer's login status can be judged and a prompt is made, which is equivalent to login interception.
Session can be combined with Redis or database for persistent operation, and some customer information (shopping cart) will not be
lost when the server hangs.
Session workflow
When the browser accesses the server and sends the first request, the server will create a session object, generate a
key-value pair similar to key and value, and then return the key (cookie) to the browser (client), the browser The next time you visit again, carry the key (cookie) to
find the corresponding session (value). Customer information is stored in the session
Use of express-session
1. Install express-session
cnpm install express-session --save
2. Introduce express-session
var session = require("express-session");
3. Set up the middleware provided by the official documentation
app.use(session({
secret: 'keyboard cat',
resave: true,
saveUninitialized: true
}))
4. Use
设置值 req.session.username = "张三";
获取值 req.session.username
Express-session uses the demo:
/*
* 1.安装 express-session
cnpm install express-session --save
*
*
* 2.引入
var session = require("express-session");
3.设置官方文档提供的中间件
app.use(session({
secret: 'keyboard cat',
resave: false,
saveUninitialized: true
}))
4.使用
设置值
req.session.username = "张三";
获取值 req.session.username
* */
var express = require("express");
var app = express();
var session = require("express-session");
//配置中间件
app.use(session({
secret: 'keyboard cat',
resave: false,
saveUninitialized: true
//cookie: { secure: true } /*secure https这样的情况才可以访问cookie*/
}))
app.get("/",function(req,res){
//获取sesssion
if(req.session.userinfo){ /*获取*/
res.send('你好'+req.session.userinfo+'欢迎回来');
}else{
res.send('未登录');
}
});
app.get("/login",function(req,res){
req.session.userinfo="zhangsan111"; /*设置session*/
res.send('登录成功');
});
app.get("/news",function(req,res){
//获取sesssion
if(req.session.userinfo){ /*获取*/
res.send('你好'+req.session.userinfo+'欢迎回来 news');
}else{
res.send('未登录 news');
}
});
app.listen(3000);
Common parameters of express-session
app.use(session({
secret: '12345',
name: 'name',
cookie: {maxAge: 60000},
resave: false,
saveUninitialized: true
}));
A demo of the parameters in the Session middleware:
/*
* 1.安装 express-session
cnpm install express-session --save
*
*
* 2.引入
var session = require("express-session");
3.设置官方文档提供的中间件
app.use(session({
secret: 'keyboard cat',
resave: false,
saveUninitialized: true
}))
4.使用
设置值
req.session.username = "张三";
获取值 req.session.username
* */
var express = require("express");
var app = express();
var session = require("express-session");
//配置中间件
app.use(session({
secret: 'this is string key', // 可以随便写。 一个 String 类型的字符串,作为服务器端生成 session 的签名
name:'session_id',/*保存在本地cookie的一个名字 默认connect.sid 可以不设置*/
resave: false, /*强制保存 session 即使它并没有变化,。默认为 true。建议设置成 false。*/
saveUninitialized: true, //强制将未初始化的 session 存储。 默认值是true 建议设置成true
cookie: {
maxAge:5000 /*过期时间*/
}, /*secure https这样的情况才可以访问cookie*/
//设置过期时间比如是30分钟,只要游览页面,30分钟没有操作的话在过期
rolling:true //在每次请求时强行设置 cookie,这将重置 cookie 过期时间(默认:false)
}))
app.get("/",function(req,res){
//获取sesssion
if(req.session.userinfo){ /*获取*/
res.send('你好'+req.session.userinfo+'欢迎回来');
}else{
res.send('未登录');
}
});
app.get("/login",function(req,res){
req.session.userinfo='张三222';
res.send('登录成功');
});
app.get("/news",function(req,res){
//获取sesssion
if(req.session.userinfo){ /*获取*/
res.send('你好'+req.session.userinfo+'欢迎回来 news');
}else{
res.send('未登录 news');
}
});
app.listen(3000);
Common methods of express-session
req.session.destroy(function(err){ /*销毁 session*/
})
req.session.username='张三'; //设置 session
req.session.username //获取 session
req.session.cookie.maxAge=0; //重新设置 cookie 的过期时间
Demo of common methods of express-session:
/*
* 1.安装 express-session
cnpm install express-session --save
*
*
* 2.引入
var session = require("express-session");
3.设置官方文档提供的中间件
app.use(session({
secret: 'keyboard cat',
resave: false,
saveUninitialized: true
}))
4.使用
设置值
req.session.username = "张三";
获取值 req.session.username
* */
var express = require("express");
var app = express();
var session = require("express-session");
//配置中间件
app.use(session({
secret: 'this is string key', // 可以随便写。 一个 String 类型的字符串,作为服务器端生成 session 的签名
name:'session_id',/*保存在本地cookie的一个名字 默认connect.sid 可以不设置*/
resave: false, /*强制保存 session 即使它并没有变化,。默认为 true。建议设置成 false。*/
saveUninitialized: true, //强制将未初始化的 session 存储。 默认值是true 建议设置成true
cookie: {
maxAge:1000*30*60 /*过期时间*/
}, /*secure https这样的情况才可以访问cookie*/
//设置过期时间比如是30分钟,只要游览页面,30分钟没有操作的话在过期
rolling:true //在每次请求时强行设置 cookie,这将重置 cookie 过期时间(默认:false)
}))
app.get("/",function(req,res){
//获取sesssion
if(req.session.userinfo){ /*获取*/
res.send('你好'+req.session.userinfo+'欢迎回来');
}else{
res.send('未登录');
}
});
app.get("/login",function(req,res){
req.session.userinfo='张三222';
res.send('登录成功');
});
app.get("/loginOut",function(req,res){
//req.session.cookie.maxAge=0; /*改变cookie的过期时间*/
//销毁
req.session.destroy(function(err){
console.log(err);
})
res.send('退出登录成功');
});
app.get("/news",function(req,res){
//获取sesssion
if(req.session.userinfo){ /*获取*/
res.send('你好'+req.session.userinfo+'欢迎回来 news');
}else{
res.send('未登录 news');
}
});
app.listen(3000);
Load balancing configuration session, save the session to the database
1.需要安装 express-session 和 connect-mongo 模块
2.引入模块
var session = require("express-session");
const MongoStore = require('connect-mongo')(session);
3.配置中间件
app.use(session({
secret: 'keyboard cat',
resave: false,
saveUninitialized: true,
rolling:true,
cookie:{
maxAge:100000
},
store: new MongoStore({
url: 'mongodb://127.0.0.1:27017/student',
touchAfter: 24 * 3600 // time period in seconds
})
}))
Session is stored to the demo in mongodb:
/*
* 1.需要安装 express-session 和 connect-mongo 模块
cnpm install express-session --save
cnpm install connect-mongo --save
2.引入
var session = require("express-session");
var MongoStore = require("connect-mongo")(session);
3.设置官方文档提供的中间件
app.use(session({
secret: 'keyboard cat',
resave: false,
saveUninitialized: true,
store:new MongoStore({
url: 'mongodb://127.0.0.1:27017/student',数据库的地址
touchAfter: 24 * 3600 time period in seconds
})
}))
4.使用
设置值
req.session.username = "张三";
获取值 req.session.username
* */
var express = require("express");
var app = express();
var session = require("express-session");
var MongoStore = require("connect-mongo")(session);
//配置中间件
app.use(session({
secret: 'this is string key', // 可以随便写。 一个 String 类型的字符串,作为服务器端生成 session 的签名
name:'session_id',/*保存在本地cookie的一个名字 默认connect.sid 可以不设置*/
resave: false, /*强制保存 session 即使它并没有变化,。默认为 true。建议设置成 false。*/
saveUninitialized: true, //强制将未初始化的 session 存储。 默认值是true 建议设置成true
cookie: {
maxAge:1000*30*60 /*过期时间*/
}, /*secure https这样的情况才可以访问cookie*/
rolling:true,//在每次请求时强行设置 cookie,这将重置 cookie 过期时间(默认:false)
store:new MongoStore({
url: 'mongodb://127.0.0.1:27017/shop', //数据库的地址
touchAfter: 24 * 3600 //time period in seconds 通过这样做,设置touchAfter:24 * 3600,您在24小时内只更新一次会话,不管有多少请求(除了在会话数据上更改某些内容的除外)
})
}))
app.get("/",function(req,res){
//获取sesssion
if(req.session.userinfo){ /*获取*/
res.send('你好'+req.session.userinfo+'欢迎回来');
}else{
res.send('未登录');
}
});
app.get("/login",function(req,res){
req.session.userinfo='张三222';
res.send('登录成功');
});
app.get("/loginOut",function(req,res){
//req.session.cookie.maxAge=0; /*改变cookie的过期时间*/
//销毁
req.session.destroy(function(err){
console.log(err);
})
res.send('退出登录成功');
});
app.get("/news",function(req,res){
//获取sesssion
if(req.session.userinfo){ /*获取*/
res.send('你好'+req.session.userinfo+'欢迎回来 news');
}else{
res.send('未登录 news');
}
});
app.listen(3000);
Difference between Cookie and Session
1. The cookie data is stored on the client's browser, and the session data is stored on the server.
2. The cookie is not very safe. Others can analyze the cookie stored locally and perform cookie deception. Considering the security, session should be used.
3. The session will be saved on the server for a certain period of time. When the number of visits increases, it will take up the performance of your server. In order to reduce the performance of the server, you should use cookies.
4. The data saved by a single cookie cannot exceed 4K. Many browsers limit a site to save a maximum of 20 cookies.