如何解决一个会话的信息可以看到其他会话的nodejs express
现在,我拥有一切,但用户 1 可以看到用户 2 上传的内容。我已经从 express 实现了会话,但这不起作用,用户 1 和用户 2 仍然可以看到他们上传的文件列表。我希望每个人都有一个包含私人列表的私人帐户。
server.js
const express = require('express');
const session = require('express-session');
const redis = require('redis');
const connectRedis = require('connect-redis');
const bodyParser = require('body-parser');
const app = express();
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended: true}));
const RedisStore = connectRedis(session)
//redis client
const redisClient = redis.createClient({
host: 'localhost',post: 6379
})
redisClient.on('error',function(err){
console.log('no conection redis'+err);
});
redisClient.on('connect',function(err){
console.log('conected');
});
//configure session midleware
app.use(session({
store: new RedisStore({client: redisClient}),secret: 'secret$%^134',resave: false,saveUninitialized: false,cookie:{
secure: false,//true only transmit cookie over https
httpOnly: false,//if true prevent client side js from reading the cookie
maxAge: 10 * 60 //session max age miliseconds
}
}))
app.get("/",(req,res) => {
const sess = req.session;
if (sess.username && sess.password) {
if (sess.username) {
res.write(
`<h3>Home page</h3>`
);
}
} else {
res.sendFile(__dirname + "login.edge")
}
});
app.post("login",res) => {
const sess = req.session;
const { username,password } = req.body
sess.username = username
sess.password = password
res.end("success")
});
app.get("logout",res) => {
req.session.destroy(err => {
if (err) {
return console.log(err);
}
res.redirect("/")
});
});
app.post('/file',res) =>{
res.sendFile(__dirname + "file/index.edge")
res.end('success')
});
app.get('/file/create',res)=>{
req.session.destroy(err => {
if(err){
return console.log(err);
}
const sess = req.session;
const {file} = req.body
sess.file = file
res.redirect('file')
});
});
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
