问题描述
我正在考虑以这种方式创建 session:
I'm thinking about creating session this way:
使用
cryto.randomBytes创建一个安全令牌,然后将其存储在 cookie 中.
create a secure token with
cryto.randomBytesthen store it in cookie.
当节点收到新连接时从cookie中提取令牌,并将其存储在全局变量GLOBAL.SESSION[token] = data
extract token from cookie when node receive a new connection, store it inside global variable GLOBAL.SESSION[token] = data
我卡在第 2 步:
如果节点崩溃了怎么办?我是否需要像
PHP那样将 SESSION 存储在一个文件中?
What happend if node is crashed? Do I need to store the SESSION in a file like
PHPdoes?
如果我按照自己的方式去做,为了调用 SESSION,我也需要全球化 token.但是,它的名字会有点长.如果我通过分配GLOBAL.SESSION[token] = GLOBAL.SESSION来缩短session name,当节点收到另一个连接时它会被覆盖.
If I do it my way, in order to call SESSION, I need to globalize the token too. However, it's name will be a little long. If I shorten session name via assigning GLOBAL.SESSION[token] = GLOBAL.SESSION, it will be overwritten when node receive another connection.
我应该走这条路吗?或者对此有什么进一步的想法?
Should I follow this way? Or Any further ideas about this?
推荐答案
是的,您需要将会话数据存储到持久数据库中,该数据库可以是平面文件、SQL 数据库或 noSQL 数据库(如 mongo),沙发数据库等
Yes, you will need to store the session data into a persistent database, which could be anything like a flat file, SQL database, or noSQL db like mongo, couchdb, etc.
如果你使用 node.js 和 express,有一个非常好的库叫做 connect-session:https://github.com/expressjs/session
If you use node.js and express, there is a really good library called connect-session: https://github.com/expressjs/session
您可以轻松使用,而无需重新发明轮子.
you can readily use instead of reinventing the wheel.
这篇关于创建没有外部库的会话的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!