【发布时间】:2021-11-29 18:14:15
【问题描述】:
我的身份验证存在这个问题,仅在刷新时才会发生。我的身份验证中间件如下所示:
const jwt = require('jsonwebtoken');
require("dotenv").config();
const express = require('express');
const verifyToken = (req, res, next) => {
const {cookies} = req;
if ('token' in cookies) {
jwt.verify(cookies.token, process.env.ACCESS_TOKEN_SECRET, (err, decoded) => {
if (err) {
console.log('COOKIE ERROR')
res.redirect('/../notLoggedIn');
}
req.userId = decoded.user_id;
next();
});
} else {
console.log('NO VALID TOKEN')
res.redirect('/../notLoggedIn');
}
}
module.exports = verifyToken;
进入路由时它工作得很好,但如果我已经在一个 authRoute 中,例如“profile”,然后刷新页面,我会得到 console.log“NO VALID TOKEN”。但是当我检查 cookie 时,我可以看到它在那里。我唯一的结论是,刷新时 cookie 会在瞬间消失,并且在 cookie 恢复之前触发身份验证中间件。
有人知道如何解决这个问题吗?
附言。我的 sessioncookies 设置如下所示:
app.use(session({
secret: process.env.SECRET,
resave: false,
saveUninitialized: false,
cookie: {
maxAge: 1000*60*30,
//secure: true, //Only have true when deploying on https
sameSite: true
},
rolling: true,
httpOnly: true,
}));
我尝试了多种配置,但仍然无法正常工作。
编辑:
这是我在登录时设置 cookie 的地方
router.post('/', async (req, res) => {
const email = req.body.email;
const password = req.body.password;
await db.query(
'SELECT * FROM users WHERE email = ?', [email],
(err, result) => {
if (err) {
res.send({err: err});
}
if (result.length > 0) {
var date = new Date();
date.setTime(date.getTime() + (30 * 60 * 60 * 1000));
bcrypt.compare(password, result[0].password, (error, response) => {
if (response) {
const user_id = result[0].id;
const email = result[0].email;
data = {
user_id,
email
}
jwt.sign(data, process.env.ACCESS_TOKEN_SECRET, (err, accessToken) => {
if(err){
res.send(err)
} else {
res.cookie('token', accessToken, {httpOnly: true, secret: process.env.SECRET, sameSite: true, maxAge: date}); //Set secure: true when deploying
res.send({auth: true})
}
});
} else {
res.json({message: 'Wrong email/password combination', auth: false,});
}
});
} else {
res.send({message: 'User does not exist!', auth: false,});
}
});
});
【问题讨论】:
标签: javascript node.js authentication cookies session-cookies