使用 Nodejs Connect 重新生成会话 ID
我正在使用 Node.js 服务器,并使用 Connect 框架进行开发。我试图在给定的时间间隔后重新生成 SID,以避免会话固定。有一个名为 req.session.regenerate 的方法,根据文档,它应该可以做到这一点。
« 简单地重新生成会话 调用该方法,一旦完成 新的 SID 和会话实例将是 在 req.session 处初始化 »
示例代码:
req.session.regenerate(function(err){
// will have a new session here
});
调用上述方法后,我检查了req.sessionID的值,发现该值与之前的值相同。
如果我尝试从 req.session.regenerate 中获取 sessionID 并将其写入终端,我会得到一个新的 SID,这更令人困惑 ~ IE 为什么您希望仅在回调范围内生成 SID?如果我将该值分配给全局变量,则它的值是未定义的。
我有一种感觉,我忽略了一些非常明显的事情。
任何帮助表示赞赏。
I'm using a Node.js server and I'm developing with the Connect framework. I'm trying to regenerate SIDs after a given interval to avoid session fixation. There's a method called req.session.regenerate which, according to the docs, should do just that.
« To regenerate the session simply
invoke the method, once complete a
new SID and Session instance will be
initialized at req.session »
Example code:
req.session.regenerate(function(err){
// will have a new session here
});
After calling the above method, I check the value of req.sessionID, only to find that the value is the same as before.
If I try to get the sessionID from within req.session.regenerate and write it to the terminal I get a new SID, which is even more perplexing ~ I.E why would you want the SID generated only within the scope of the callback? If I assign the value to a global variable, it's value is undefined.
I've a feeling that it's something really obvious that I'm overlooking.
Any help is appreciated.
只需在重新生成函数的回调中发送回响应即可。由于会话重新生成是异步的,因此当您返回客户端时,它仍然具有旧的会话。
Just send the response back in the callback of the regenerate function. Since the session regeneration is async, when you return to the client it will still have the older session.