Use of Express Session

Use of Express Session

Session brief introduction

Session is another mechanism for recording client state. The difference is that cookies are stored in the client browser, while sessions are stored on the server.

Purpose of Session: The
session runs on the server side, and when the client accesses the server for the first time, the client's login information can be saved.
When a customer visits other pages, the customer's login status can be judged and a prompt is made, which is equivalent to login interception.
Session can be combined with Redis or database for persistent operation, and some customer information (shopping cart) will not be
lost when the server hangs.

Session workflow

When the browser accesses the server and sends the first request, the server will create a session object, generate a
key-value pair similar to key and value, and then return the key (cookie) to the browser (client), the browser The next time you visit again, carry the key (cookie) to
find the corresponding session (value). Customer information is stored in the session

Use of express-session

1. Install express-session

cnpm install express-session --save

2. Introduce express-session

var session = require("express-session");

3. Set up the middleware provided by the official documentation

app.use(session({
        secret: 'keyboard cat',
        resave: true,
        saveUninitialized: true
    }))

4. Use

设置值 req.session.username = "张三";
获取值 req.session.username

Express-session uses the demo:

    /*
    * 1.安装  express-session

    cnpm install express-session  --save
    *
    *
    * 2.引入

     var session = require("express-session");

     3.设置官方文档提供的中间件

     app.use(session({
         secret: 'keyboard cat',
         resave: false,
         saveUninitialized: true
     }))


    4.使用

    设置值
     req.session.username = "张三";

    获取值 req.session.username

    * */

    var express = require("express");
    var app = express();

    var session = require("express-session");

    //配置中间件
    app.use(session({
        secret: 'keyboard cat',
        resave: false,
        saveUninitialized: true
        //cookie: { secure: true }   /*secure https这样的情况才可以访问cookie*/
    }))


    app.get("/",function(req,res){

        //获取sesssion


        if(req.session.userinfo){  /*获取*/
            res.send('你好'+req.session.userinfo+'欢迎回来');

        }else{

            res.send('未登录');
        }



    });

    app.get("/login",function(req,res){


        req.session.userinfo="zhangsan111"; /*设置session*/
        res.send('登录成功');
    });

    app.get("/news",function(req,res){

        //获取sesssion


        if(req.session.userinfo){  /*获取*/
            res.send('你好'+req.session.userinfo+'欢迎回来 news');

        }else{

            res.send('未登录 news');
        }



    });

    app.listen(3000);

Common parameters of express-session

write picture description here

    app.use(session({
        secret: '12345',
        name: 'name',
        cookie: {maxAge: 60000},
        resave: false,
        saveUninitialized: true
    }));

A demo of the parameters in the Session middleware:

    /*
    * 1.安装  express-session

    cnpm install express-session  --save
    *
    *
    * 2.引入

     var session = require("express-session");

     3.设置官方文档提供的中间件

     app.use(session({
         secret: 'keyboard cat',
         resave: false,
         saveUninitialized: true
     }))


    4.使用

    设置值
     req.session.username = "张三";

    获取值 req.session.username

    * */

    var express = require("express");
    var app = express();

    var session = require("express-session");

    //配置中间件
    app.use(session({
        secret: 'this is string key',   // 可以随便写。 一个 String 类型的字符串,作为服务器端生成 session 的签名


        name:'session_id',/*保存在本地cookie的一个名字 默认connect.sid  可以不设置*/
        resave: false,   /*强制保存 session 即使它并没有变化,。默认为 true。建议设置成 false。*/
        saveUninitialized: true,   //强制将未初始化的 session 存储。  默认值是true  建议设置成true
        cookie: {
            maxAge:5000    /*过期时间*/

        },   /*secure https这样的情况才可以访问cookie*/

        //设置过期时间比如是30分钟,只要游览页面,30分钟没有操作的话在过期

        rolling:true //在每次请求时强行设置 cookie,这将重置 cookie 过期时间(默认:false)


    }))


    app.get("/",function(req,res){

        //获取sesssion


        if(req.session.userinfo){  /*获取*/
            res.send('你好'+req.session.userinfo+'欢迎回来');

        }else{

            res.send('未登录');
        }



    });

    app.get("/login",function(req,res){


        req.session.userinfo='张三222';
        res.send('登录成功');
    });

    app.get("/news",function(req,res){

        //获取sesssion


        if(req.session.userinfo){  /*获取*/
            res.send('你好'+req.session.userinfo+'欢迎回来 news');

        }else{

            res.send('未登录 news');
        }



    });

    app.listen(3000);

Common methods of express-session

    req.session.destroy(function(err){ /*销毁 session*/
    }) 

    req.session.username='张三'; //设置 session

    req.session.username //获取 session

    req.session.cookie.maxAge=0; //重新设置 cookie 的过期时间

Demo of common methods of express-session:

    /*
     * 1.安装  express-session

     cnpm install express-session  --save
     *
     *
     * 2.引入

     var session = require("express-session");

     3.设置官方文档提供的中间件

     app.use(session({
     secret: 'keyboard cat',
     resave: false,
     saveUninitialized: true
     }))


     4.使用

     设置值
     req.session.username = "张三";

     获取值 req.session.username

     * */

    var express = require("express");
    var app = express();

    var session = require("express-session");

    //配置中间件
    app.use(session({
        secret: 'this is string key',   // 可以随便写。 一个 String 类型的字符串,作为服务器端生成 session 的签名
        name:'session_id',/*保存在本地cookie的一个名字 默认connect.sid  可以不设置*/
        resave: false,   /*强制保存 session 即使它并没有变化,。默认为 true。建议设置成 false。*/
        saveUninitialized: true,   //强制将未初始化的 session 存储。  默认值是true  建议设置成true
        cookie: {
            maxAge:1000*30*60    /*过期时间*/

        },   /*secure https这样的情况才可以访问cookie*/

        //设置过期时间比如是30分钟,只要游览页面,30分钟没有操作的话在过期

        rolling:true //在每次请求时强行设置 cookie,这将重置 cookie 过期时间(默认:false)


    }))


    app.get("/",function(req,res){

        //获取sesssion

        if(req.session.userinfo){  /*获取*/
            res.send('你好'+req.session.userinfo+'欢迎回来');

        }else{

            res.send('未登录');
        }



    });

    app.get("/login",function(req,res){


        req.session.userinfo='张三222';
        res.send('登录成功');
    });

    app.get("/loginOut",function(req,res){

        //req.session.cookie.maxAge=0;  /*改变cookie的过期时间*/


      //销毁
        req.session.destroy(function(err){
            console.log(err);
        })
        res.send('退出登录成功');
    });

    app.get("/news",function(req,res){

        //获取sesssion


        if(req.session.userinfo){  /*获取*/
            res.send('你好'+req.session.userinfo+'欢迎回来 news');

        }else{

            res.send('未登录 news');
        }



    });

    app.listen(3000);

Load balancing configuration session, save the session to the database

    1.需要安装 express-session 和 connect-mongo 模块
    2.引入模块
    var session = require("express-session");
    const MongoStore = require('connect-mongo')(session);
    3.配置中间件
    app.use(session({
        secret: 'keyboard cat',
        resave: false,
        saveUninitialized: true,
        rolling:true,
        cookie:{
        maxAge:100000
        },
        store: new MongoStore({
        url: 'mongodb://127.0.0.1:27017/student',
        touchAfter: 24 * 3600 // time period in seconds
        })
    }))

Session is stored to the demo in mongodb:

/*
     * 1.需要安装 express-session 和 connect-mongo 模块

     cnpm install express-session  --save

     cnpm install connect-mongo  --save


     2.引入

     var session = require("express-session");


     var  MongoStore  = require("connect-mongo")(session);


     3.设置官方文档提供的中间件

     app.use(session({
        secret: 'keyboard cat',
         resave: false,
         saveUninitialized: true,

         store:new MongoStore({
             url: 'mongodb://127.0.0.1:27017/student',数据库的地址
             touchAfter: 24 * 3600   time period in seconds
         })


     }))


     4.使用

     设置值
     req.session.username = "张三";

     获取值 req.session.username

     * */

    var express = require("express");
    var app = express();

    var session = require("express-session");


    var  MongoStore  = require("connect-mongo")(session);

    //配置中间件
    app.use(session({
        secret: 'this is string key',   // 可以随便写。 一个 String 类型的字符串,作为服务器端生成 session 的签名
        name:'session_id',/*保存在本地cookie的一个名字 默认connect.sid  可以不设置*/
        resave: false,   /*强制保存 session 即使它并没有变化,。默认为 true。建议设置成 false。*/
        saveUninitialized: true,   //强制将未初始化的 session 存储。  默认值是true  建议设置成true
        cookie: {
            maxAge:1000*30*60    /*过期时间*/

        },   /*secure https这样的情况才可以访问cookie*/
        rolling:true,//在每次请求时强行设置 cookie,这将重置 cookie 过期时间(默认:false)
        store:new MongoStore({
                url: 'mongodb://127.0.0.1:27017/shop',  //数据库的地址
                touchAfter: 24 * 3600   //time period in seconds  通过这样做,设置touchAfter:24 * 3600,您在24小时内只更新一次会话,不管有多少请求(除了在会话数据上更改某些内容的除外)
        })


    }))


    app.get("/",function(req,res){

        //获取sesssion

        if(req.session.userinfo){  /*获取*/
            res.send('你好'+req.session.userinfo+'欢迎回来');

        }else{

            res.send('未登录');
        }



    });

    app.get("/login",function(req,res){


        req.session.userinfo='张三222';
        res.send('登录成功');
    });

    app.get("/loginOut",function(req,res){

        //req.session.cookie.maxAge=0;  /*改变cookie的过期时间*/


      //销毁
        req.session.destroy(function(err){
            console.log(err);
        })
        res.send('退出登录成功');
    });

    app.get("/news",function(req,res){

        //获取sesssion


        if(req.session.userinfo){  /*获取*/
            res.send('你好'+req.session.userinfo+'欢迎回来 news');

        }else{

            res.send('未登录 news');
        }



    });

    app.listen(3000);

Difference between Cookie and Session

1. The cookie data is stored on the client's browser, and the session data is stored on the server.

2. The cookie is not very safe. Others can analyze the cookie stored locally and perform cookie deception. Considering the security, session should be used.

3. The session will be saved on the server for a certain period of time. When the number of visits increases, it will take up the performance of your server. In order to reduce the performance of the server, you should use cookies.

4. The data saved by a single cookie cannot exceed 4K. Many browsers limit a site to save a maximum of 20 cookies.

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=325806338&siteId=291194637