对于类似的情况,我所做的是使用自定义会话 ID,其中在密钥名称中包含用户 ID。也许现在有一种更简单的方法可以做到这一点,但这基本上是我设置自定义会话 ID 所必须做的:
main.js:
var uid = require('uid'),
redis = require('redis'),
session = require('express-session'),
RedisStore = require('connect-redis')(session),
Session = session.Session,
Cookie = session.Cookie;
var utils = require('./utils');
var COOKIE_SECRET = 'somethingrandom',
COOKIE_KEY = 'mycustomsession';
var redisClient = redis.createClient(),
redisStore = new RedisStore({
client: redisClient,
ttl: 24 * 60 * 60, // 1 day session expiration
prefix: 'sess:'
});
// ... then inside the login route after user was successfully authenticated ...
req.sessionStore = redisStore;
req.sessionID = 'sess:' + user.id + ':' + uid(24);
req.session = new Session(req);
req.session.cookie = new Cookie({});
req.session.user = user;
utils.createSession(req, res, COOKIE_KEY, COOKIE_SECRET);
utils.js:
var onHeaders = require('on-headers'),
signature = require('cookie-signature');
exports.createSession = function(req, res, name, secret) {
var trustProxy = true;
// ripped from express-session
onHeaders(res, function() {
if (!req.session)
return;
var cookie = req.session.cookie
, proto = (req.headers['x-forwarded-proto'] || '').split(',')[0].toLowerCase().trim()
, tls = req.connection.encrypted || (trustProxy && 'https' == proto);
// only send secure cookies via https
if (cookie.secure && !tls)
return;
var val = 's:' + signature.sign(req.sessionID, secret);
res.cookie(name, val, cookie.data);
});
// proxy end() to commit the session
var end = res.end;
res.end = function(data, encoding) {
res.end = end;
if (!req.session) return res.end(data, encoding);
req.session.resetMaxAge();
req.session.save(function(err) {
if (err) console.error(err.stack);
res.end(data, encoding);
});
};
};