Node Basics Ten: Session Control

Language 2023-09-07 05:31:30 views: null

cookie、session、token

1. cookie

A cookie is a small piece of data that the server sends to the client

Cookies are saved according to domain names

Features: When sending a request to the server, the cookie will be automatically set in the request header, and will be destroyed when the browser is closed.

// 设置 cookie
res.cookie('name', 'lisi', { maxAge: 1000 * 60 })
// 删除 cookie
res.clearCookie('name');
// 获取 cookie
npm i cookie-parser
const cookieParser = require("cookie-parser");
app.use(cookieParser());
req.cookies; // { name: 'lisi' }

2. session

session is a piece of data stored on the server

Process: After logging in, the server saves [{ sid: 'xxxx', username: 'lisi', user_id: '1' }], saves the value of sid by setting a cookie, and sends a request next time with a cookie to determine the user's identity by sid

// 设置 session 中间件,生成 sessionId
npm i express-session connect-mongo
const session = require("express-session");
const MongoStore = require("connect-mongo");
app.use(session{
  name: 'sid', // 设置cookie的name
  secret: "yqcoder", // 参与加密的字符串
  saveUninitializad: false, // 是否为每一个请求都设置cookie
  resave: true, // 是否在每次请求后重新保存session
  store: MongoStore({
    mongoUrl: 'mongodb://127.0.0.1:27017/demo'
  }),
  cookie: {
    httpOnly: true, // 开启后前端无法通过js操作
    maxAge: 1000 * 60 // 过期时间
  }
})

// 设置 session 信息
// req.query.username 获取url上的参数
req.session.username = 'yqcoder';
req.session.uid = '888';

// 读取 session 信息
req.session.username

// 销毁 session
req.session.destroy(() => {})

3. The difference between cookie and session

Storage location

cookie: browser

session: server

safety

cookie: less secure

session: relatively good

network transmission

cookie: too much content, affecting transmission efficiency

session: does not affect transmission efficiency

storage limit

cookie: no more than 4k

session: no limit

4. md5 password one-way encryption

npm i md5
const md5 = require("md5");
md5(req.body.password);

5. token

token is a string of encrypted strings generated by the server and returned to the client, and the user information is stored in the token

Features: less pressure on the server side, relatively safer, and more scalable

npm i jsonwebtoken
const jwt = require("jsonwebtoken");

// 创建 token
// jwt.sign(用户数据, 加密字符串, 配置对象)
let token = jws.sign({
  username: 'lisi'
}, 'yqcoder', {
  expiresIn: 60 // 单位秒
})

// 解析 token
let token = req.get('token');
jwt.verify(token, 'yqcoder', (err, data) => {})

Guess you like

Origin blog.csdn.net/weixin_64684095/article/details/132670022
Recommended
Rushing to the GitHub hot list——How can open source programming languages and frameworks be so cute?
Beijing Humanoid Robot Innovation Center launches Tiangong, the world's first full-size humanoid robot with purely electric drive for anthropomorphic running
Ranking
8个无需编写代码即可使用 Python 内置库的方法
Java collections interview knowledge Lite
Machine learning algorithms foundation - Introduction a (watermelon materials for the book)
(Easy) Ransom Note - LeetCode
[Five days] Qt from entry to actual combat: the second day
Remember once extremely pit father can not download Maven Jar package of issues: IDEA question
The minimum cost Shortest
OSPF study map (the most complete version)
Network Takeaways
GnuPG
Daily
More
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)

Code World

© 2018 codetd.com