My application is using connect-mongo, express-session, keystone and passport handling login and user sessions.
我的应用程序使用connect-mongo,express-session,keystone和passport处理登录和用户会话。
However, when a session ends (user logs out or closing the browser window) the session is not removed from the MongoDB session store.
但是,当会话结束时(用户注销或关闭浏览器窗口),会话不会从MongoDB会话存储中删除。
Here's my middleware setup:
这是我的中间件设置:
var express = require('express')
, path = require('path')
, cookieParser = require('cookie-parser')
, bodyParser = require('body-parser')
, passport = require('passport')
, session = require('express-session')
, mongoStore = require('connect-mongo')(session)
, compression = require('compression')
, favicon = require('serve-favicon')
, config = require('../config')
, flash = require('connect-flash');
app.use(bodyParser.json({limit: '50mb'}));
app.use(bodyParser.urlencoded({limit: '50mb', parameterLimit: 52428800, extended: true}));
app.use(cookieParser(process.env.COOKIE_SECRET));
app.use(compression());
app.use(express.static(path.join(__dirname, '../', config.get('staticContentPath')), {
maxAge: (60 * 60 * 24 * 7) * 1000
}));
app.use(session({
secret: process.env.COOKIE_SECRET,
resave: false,
saveUninitialized: true,
cookie: {
maxAge: 24 * 60 * 60 * 1000 // 24 hrs
},
store: new mongoStore({
url: config.get('mongo')
})
}));
app.use(passport.initialize());
app.use(passport.session());
The collection name for sessions in MongoDB is app_sessions. A search in my dependency tree reveals that this is handled by the Keystone CMS.
MongoDB中会话的集合名称是app_sessions。在我的依赖关系树中搜索显示这是由Keystone CMS处理的。
Also the cookie name is keystone.sid
cookie名称也是keystone.sid
This is my Keystone config:
这是我的Keystone配置:
var config = require('../../lib/config')
, keystone = require('keystone');
module.exports = function(app){
keystone.init({
'app': app,
'port': config.get('keystone').port,
'brand': config.get('sitename'),
'views': app.get('views'),
'view engine': app.get('view engine'),
'custom engine': app.get('custom engine'),
'auto update': false,
'session': true,
'session store': 'mongo',
'auth': true,
'user model': 'Account',
'cookie secret': process.env.COOKIE_SECRET,
'compress': true,
'frame_guard': 'deny',
'mongo': config.get('mongo')
});
keystone.import('../../lib/models');
keystone.start();
};
And finally some example session objects from MongoDB:
最后来自MongoDB的一些示例会话对象:
{
"_id" : "GUL2jwhCvqZHO7Gqy8KCHod1qJmrl6j4",
"session" : "{\"cookie\":{\"originalMaxAge\":null,\"expires\":null,\"httpOnly\":true,\"path\":\"/\"},\"_garbage\":\"2016-08-17T13:01:53.475Z\",\"guestPageViews\":1,\"flash\":{}}",
"expires" : ISODate("2016-08-31T13:01:57.642+0000")
},
{
"_id" : "C-4cuoyIGHgYM8hLGhQVOv3bRwChwkxq",
"session" : "{\"cookie\":{\"originalMaxAge\":null,\"expires\":null,\"httpOnly\":true,\"path\":\"/\"},\"_garbage\":\"2016-08-17T13:02:44.000Z\",\"guestPageViews\":1,\"flash\":{}}",
"expires" : ISODate("2016-08-31T13:02:51.473+0000")
},
{
"_id" : "foE9ewU3eoJXIzkW97GSbMGNzFt2W4ww",
"session" : "{\"cookie\":{\"originalMaxAge\":null,\"expires\":null,\"httpOnly\":true,\"path\":\"/\"},\"_garbage\":\"2016-08-17T13:04:35.294Z\",\"guestPageViews\":1,\"flash\":{}}",
"expires" : ISODate("2016-08-31T13:04:38.979+0000")
},
{
"_id" : "P8ugG4TFHJAuCzNS9aCMSybIS25uFtL1",
"session" : "{\"cookie\":{\"originalMaxAge\":null,\"expires\":null,\"httpOnly\":true,\"path\":\"/\"},\"userId\":\"56cadedbc580346a1bd0ee0c\",\"_garbage\":\"2016-08-17T23:57:03.615Z\",\"flash\":{}}",
"expires" : ISODate("2016-08-31T23:57:05.203+0000")
}
Can you spot why the sessions would not be destroyed?
你能发现为什么会议不会被销毁吗?
1 个解决方案
#1
0
Why user is logged in even after closing browser?
为什么用户即使在关闭浏览器后也会登录?
Obviously because its is a good feature. to maintain a session even after browser is closed. but any how If you want to expire session on closing of browser then you can set the maxAge to -1
显然是因为它是一个很好的功能。即使在浏览器关闭后仍保持会话。但是如果你想在关闭浏览器时使会话到期,那么你可以将maxAge设置为-1
Why it is not removing the session data even after logged out?
为什么即使在注销后也没有删除会话数据?
I think thats what developer of keystone.JS might have chosen. I was just looking at signout function in the keystone/lib/session.js.
我认为这是keystone.JS的开发者可能选择的。我只是在keystone / lib / session.js中查看signout函数。
Here it is calling req.session.regenerate.
这里是调用req.session.regenerate。
probably it should have called req.session.destroy instead. I just tried to do that change and test. but still I could see the sessions in Database. Then I think. the solution is clear_interval
可能它本应该调用req.session.destroy。我只是尝试做那个改变和测试。但我仍然可以在数据库中看到会话。然后我想。解决方案是clear_interval
#1
0
Why user is logged in even after closing browser?
为什么用户即使在关闭浏览器后也会登录?
Obviously because its is a good feature. to maintain a session even after browser is closed. but any how If you want to expire session on closing of browser then you can set the maxAge to -1
显然是因为它是一个很好的功能。即使在浏览器关闭后仍保持会话。但是如果你想在关闭浏览器时使会话到期,那么你可以将maxAge设置为-1
Why it is not removing the session data even after logged out?
为什么即使在注销后也没有删除会话数据?
I think thats what developer of keystone.JS might have chosen. I was just looking at signout function in the keystone/lib/session.js.
我认为这是keystone.JS的开发者可能选择的。我只是在keystone / lib / session.js中查看signout函数。
Here it is calling req.session.regenerate.
这里是调用req.session.regenerate。
probably it should have called req.session.destroy instead. I just tried to do that change and test. but still I could see the sessions in Database. Then I think. the solution is clear_interval
可能它本应该调用req.session.destroy。我只是尝试做那个改变和测试。但我仍然可以在数据库中看到会话。然后我想。解决方案是clear_interval