I'm very new to learning Node and Express, and I'm still trying to wrap my head around the code flow with express. Suppose we have code that looks like this in a session.js:
我是学习Node和Express的新手,我仍然试图用快速包围代码流。假设我们在session.js中有这样的代码:
app.post('/session', notLoggedIn, function(req, res) {
User.findOne({
username: req.body.username,
password: req.body.password
}, function (err, user) {
if (err) {
return next(err);
}
if (user) {
req.session.user = user;
res.redirect('/users');
} else {
res.redirect('/session/new');
}
});
});
Assuming the User is a required mongo schema. What I find strange is the session.user assignment:
假设User是必需的mongo架构。我发现奇怪的是session.user赋值:
req.session.user = user;
Since the req variable will be out of scope after the redirect, but we're obviously doing this to persist the user data, I'm left with figuring out which of the following scenarios describe what is happening. Either (A) the argument that's being assigned to the req parameter (when the callback is called) is stored/somewhere still on the stack, (B) the session is stored/on the stack and being assigned to a new req object before it's passed in to the callback, or (C) the same as B, but on the user field (seems unlikely and maybe contrived on my part).
由于req变量在重定向后将超出范围,但我们显然是这样做是为了持久保存用户数据,我只想弄清楚以下哪个场景描述了正在发生的事情。要么(A)分配给req参数的参数(当调用回调时)存储/仍然存在于堆栈中,(B)会话存储在堆栈上并被分配给新的req对象。传入回调,或(C)与B相同,但在用户字段上(似乎不太可能,也许我做了个人工作)。
1 个解决方案
#1
8
There's an overall session data structure that stores all session info (like a global, but it could also be in a database - just something that is persistent at least across connections). Each client's session data uses one unique key to index into the session store to get the session data for that client.
有一个整体会话数据结构存储所有会话信息(如全局,但它也可能在数据库中 - 只是在连接中至少持久的东西)。每个客户端的会话数据使用一个唯一密钥索引到会话存储中以获取该客户端的会话数据。
Part of establishing a session for a given browser client is creating a unique client key (which will usually be stored in a cookie) that becomes the index into the global session object.
为给定浏览器客户端建立会话的一部分是创建一个唯一的客户端密钥(通常存储在cookie中),该密钥成为全局会话对象的索引。
On an incoming http request, Express middleware that supports the session checks a particular client cookie and if that particular cookie is found on the http request and is found in the global session object/database, then it adds that session's stored info to the request object for the http request handler to later use.
在传入的http请求中,支持会话的Express中间件检查特定的客户端cookie,如果在http请求中找到该特定的cookie并且在全局会话对象/数据库中找到,则它将该会话的存储信息添加到请求对象用于以后使用的http请求处理程序。
So, here's a typical sequence:
所以,这是一个典型的序列:
- Incoming HTTP request.
- 传入HTTP请求。
- Middleware checks for session cookie.
- 中间件检查会话cookie。
- If session cookie not there, then create one and, in the process created a unique id to identify this http client.
- 如果没有会话cookie,则创建一个,并在此过程中创建一个唯一的ID来标识此http客户端。
- In the persistent session store, initialize the session for this new client.
- 在持久会话存储中,初始化此新客户端的会话。
- If session cookie is there, then look in the session store for the session data for this client and add that data to the request object.
- 如果存在会话cookie,则在会话存储中查找此客户端的会话数据,并将该数据添加到请求对象。
- End of session middleware processing
- 会话中间件处理结束
- Later on in the Express processing of this http request, it gets to a matching request handler. The session data from the session store for this particular http client is already attached to the request object and available for the request handler to use.
- 稍后在此http请求的Express处理中,它将转到匹配的请求处理程序。来自此特定http客户端的会话存储的会话数据已附加到请求对象,可供请求处理程序使用。
#1
8
There's an overall session data structure that stores all session info (like a global, but it could also be in a database - just something that is persistent at least across connections). Each client's session data uses one unique key to index into the session store to get the session data for that client.
有一个整体会话数据结构存储所有会话信息(如全局,但它也可能在数据库中 - 只是在连接中至少持久的东西)。每个客户端的会话数据使用一个唯一密钥索引到会话存储中以获取该客户端的会话数据。
Part of establishing a session for a given browser client is creating a unique client key (which will usually be stored in a cookie) that becomes the index into the global session object.
为给定浏览器客户端建立会话的一部分是创建一个唯一的客户端密钥(通常存储在cookie中),该密钥成为全局会话对象的索引。
On an incoming http request, Express middleware that supports the session checks a particular client cookie and if that particular cookie is found on the http request and is found in the global session object/database, then it adds that session's stored info to the request object for the http request handler to later use.
在传入的http请求中,支持会话的Express中间件检查特定的客户端cookie,如果在http请求中找到该特定的cookie并且在全局会话对象/数据库中找到,则它将该会话的存储信息添加到请求对象用于以后使用的http请求处理程序。
So, here's a typical sequence:
所以,这是一个典型的序列:
- Incoming HTTP request.
- 传入HTTP请求。
- Middleware checks for session cookie.
- 中间件检查会话cookie。
- If session cookie not there, then create one and, in the process created a unique id to identify this http client.
- 如果没有会话cookie,则创建一个,并在此过程中创建一个唯一的ID来标识此http客户端。
- In the persistent session store, initialize the session for this new client.
- 在持久会话存储中,初始化此新客户端的会话。
- If session cookie is there, then look in the session store for the session data for this client and add that data to the request object.
- 如果存在会话cookie,则在会话存储中查找此客户端的会话数据,并将该数据添加到请求对象。
- End of session middleware processing
- 会话中间件处理结束
- Later on in the Express processing of this http request, it gets to a matching request handler. The session data from the session store for this particular http client is already attached to the request object and available for the request handler to use.
- 稍后在此http请求的Express处理中,它将转到匹配的请求处理程序。来自此特定http客户端的会话存储的会话数据已附加到请求对象,可供请求处理程序使用。