# express-session
[![NPM Version][npm-image]][npm-url]
[![NPM Downloads][downloads-image]][downloads-url]
[![Build Status][travis-image]][travis-url]
[![Test Coverage][coveralls-image]][coveralls-url]
[![Gratipay][gratipay-image]][gratipay-url]
## Installation
```bash
$ npm install express-session
```
## API
```js
var session = require('express-session')
```
### session(options)
Create a session middleware with the given `options`.
**Note** Session data is _not_ saved in the cookie itself, just the session ID.
Session data is stored server-side.
**Warning** The default server-side session storage, `MemoryStore`, is _purposely_
not designed for a production environment. It will leak memory under most
conditions, does not scale past a single process, and is meant for debugging and
developing.
For a list of stores, see [compatible session stores](#compatible-session-stores).
#### Options
`express-session` accepts these properties in the options object.
##### cookie
Settings for the session ID cookie. See the "Cookie options" section below for
more information on the different values.
The default value is `{ path: '/', httpOnly: true, secure: false, maxAge: null }`.
##### genid
Function to call to generate a new session ID. Provide a function that returns
a string that will be used as a session ID. The function is given `req` as the
first argument if you want to use some value attached to `req` when generating
the ID.
The default value is a function which uses the `uid2` library to generate IDs.
**NOTE** be careful to generate unique IDs so your sessions do not conflict.
```js
app.use(session({
genid: function(req) {
return genuuid() // use UUIDs for session IDs
},
secret: 'keyboard cat'
}))
```
##### name
The name of the session ID cookie to set in the response (and read from in the
request).
The default value is `'connect.sid'`.
**Note** if you have multiple apps running on the same host (hostname + port),
then you need to separate the session cookies from each other. The simplest
method is to simply set different `name`s per app.
##### proxy
Trust the reverse proxy when setting secure cookies (via the "X-Forwarded-Proto"
header).
The default value is `undefined`.
- `true` The "X-Forwarded-Proto" header will be used.
- `false` All headers are ignored and the connection is considered secure only
if there is a direct TLS/SSL connection.
- `undefined` Uses the "trust proxy" setting from express
##### resave
Forces the session to be saved back to the session store, even if the session
was never modified during the request. Depending on your store this may be
necessary, but it can also create race conditions where a client makes two
parallel requests to your server and changes made to the session in one
request may get overwritten when the other request ends, even if it made no
changes (this behavior also depends on what store you're using).
The default value is `true`, but using the default has been deprecated,
as the default will change in the future. Please research into this setting
and choose what is appropriate to your use-case. Typically, you'll want
`false`.
How do I know if this is necessary for my store? The best way to know is to
check with your store if it implements the `touch` method. If it does, then
you can safely set `resave: false`. If it does not implement the `touch`
method and your store sets an expiration date on stored sessions, then you
likely need `resave: true`.
##### rolling
Force a cookie to be set on every response. This resets the expiration date.
The default value is `false`.
##### saveUninitialized
Forces a session that is "uninitialized" to be saved to the store. A session is
uninitialized when it is new but not modified. Choosing `false` is useful for
implementing login sessions, reducing server storage usage, or complying with
laws that require permission before setting a cookie. Choosing `false` will also
help with race conditions where a client makes multiple parallel requests
without a session.
The default value is `true`, but using the default has been deprecated, as the
default will change in the future. Please research into this setting and
choose what is appropriate to your use-case.
**Note** if you are using Session in conjunction with PassportJS, Passport
will add an empty Passport object to the session for use after a user is
authenticated, which will be treated as a modification to the session, causing
it to be saved.
##### secret
**Required option**
This is the secret used to sign the session ID cookie. This can be either a string
for a single secret, or an array of multiple secrets. If an array of secrets is
provided, only the first element will be used to sign the session ID cookie, while
all the elements will be considered when verifying the signature in requests.
##### store
The session store instance, defaults to a new `MemoryStore` instance.
##### unset
Control the result of unsetting `req.session` (through `delete`, setting to `null`,
etc.).
The default value is `'keep'`.
- `'destroy'` The session will be destroyed (deleted) when the response ends.
- `'keep'` The session in the store will be kept, but modifications made during
the request are ignored and not saved.
#### Cookie options
**Note** Since version 1.5.0, the [`cookie-parser` middleware](https://www.npmjs.com/package/cookie-parser)
no longer needs to be used for this module to work. This module now directly reads
and writes cookies on `req`/`res`. Using `cookie-parser` may result in issues
if the `secret` is not the same between this module and `cookie-parser`.
Please note that `secure: true` is a **recommended** option. However, it requires an https-enabled website, i.e., HTTPS is necessary for secure cookies.
If `secure` is set, and you access your site over HTTP, the cookie will not be set. If you have your node.js behind a proxy and are using `secure: true`, you need to set "trust proxy" in express:
```js
var app = express()
app.set('trust proxy', 1) // trust first proxy
app.use(session({
secret: 'keyboard cat',
resave: false,
saveUninitialized: true,
cookie: { secure: true }
}))
```
For using secure cookies in production, but allowing for testing in development, the following is an example of enabling this setup based on `NODE_ENV` in express:
```js
var app = express()
var sess = {
secret: 'keyboard cat',
cookie: {}
}
if (app.get('env') === 'production') {
app.set('trust proxy', 1) // trust first proxy
sess.cookie.secure = true // serve secure cookies
}
app.use(session(sess))
```
The `cookie.secure` option can also be set to the special value `'auto'` to have
this setting automatically match the determined security of the connection. Be
careful when using this setting if the site is available both as HTTP and HTTPS,
as once the cookie is set on HTTPS, it will no longer be visible over HTTP. This
is useful when the Express `"trust proxy"` setting is properly setup to simplify
development vs production configuration.
By default `cookie.maxAge` is `null`, meaning no "expires" parameter is set
so the cookie becomes a browser-session cookie. When the user closes the
browser the cookie (and session) will be removed.
### req.session
To store or access session data, simply use the request property `req.session`,
which is (generally) serialized as JSON by the store, so nested objects
are typically fine. For example below is a user-specific view counter:
```js
app.use(session({ secret: 'keyboard cat', cookie: { maxAge: 60000 }}))
app.use(function(req, res, next) {
var sess = req.session
if (sess.views) {
sess.views++
res.setHeader('Content-Type', 'text/html')
res.write('<p>views: ' + sess.views + '</p>')
res.write('<p>expires in: ' + (sess.cookie.maxAge / 1000) + 's</p>')
res.end()
} else {
sess.views = 1
res.end('welcome to the session demo. refresh!')
}
})
```
#### Session.regenerate()
To regenerate the se
没有合适的资源?快使用搜索试试~ 我知道了~
session存用户名密码实现用户登录和退出
共690个文件
js:216个
md:159个
json:118个
需积分: 29 7 下载量 67 浏览量
2015-11-27
09:31:41
上传
评论 1
收藏 1009KB RAR 举报
温馨提示
用WebStorm工具实现用户登录和退出,用户名用session记录,用户登录过后,session会记录下来用户名字
资源推荐
资源详情
资源评论
收起资源包目录
session存用户名密码实现用户登录和退出 (690个子文件)
Cakefile 624B
mime.cmd 170B
ipaddr.test.coffee 12KB
ipaddr.coffee 12KB
style.css 111B
style.css 32B
comments.ejs 387B
rmWhitespace.ejs 353B
menu_preprocessor.ejs 251B
menu.ejs 222B
menu_var.ejs 183B
newlines.mixed.ejs 131B
no.semicolons.ejs 131B
include-abspath.ejs 114B
literal.ejs 114B
include.ejs 98B
space-and-tab-slurp.ejs 98B
no.newlines.ejs 90B
newlines.ejs 90B
include_preprocessor.ejs 80B
messed.ejs 72B
error.ejs 63B
include_preprocessor.css.ejs 62B
include.css.ejs 60B
no.newlines.error.ejs 47B
consecutive-tags.ejs 47B
include-simple.ejs 44B
include_preprocessor_cache.ejs 43B
double-quote.ejs 41B
item.ejs 39B
bom.ejs 35B
fail.ejs 35B
single-quote.ejs 34B
menu-item.ejs 33B
include_cache.ejs 33B
user-no-with.ejs 28B
pet.ejs 25B
user.ejs 21B
hello-world.ejs 20B
with-context.ejs 16B
para.ejs 11B
include.ejs 10B
include_preprocessor.ejs 10B
renderFile.ejs 10B
backslash.ejs 5B
.eslintignore 5B
.eslintignore 5B
login.html 406B
sign.html 250B
rmWhitespace.html 227B
comments.html 179B
error.html 127B
literal.html 113B
menu.html 105B
menu_preprocessor.html 104B
include.html 81B
include_preprocessor.html 81B
newlines.html 78B
no.semicolons.html 75B
no.newlines.html 68B
space-and-tab-slurp.html 66B
messed.html 50B
include_preprocessor.css.html 39B
include.css.html 39B
include-simple.html 34B
double-quote.html 27B
single-quote.html 25B
newlines.mixed.html 21B
include_preprocessor_cache.html 11B
include_cache.html 11B
backslash.html 5B
consecutive-tags.html 4B
session.iml 449B
Jakefile 1016B
ejs.js 32KB
sbcs-data-generated.js 31KB
sbcs-data-generated.js 31KB
ejs.js 25KB
response.js 24KB
dbcs-codec.js 21KB
dbcs-codec.js 21KB
ejs.js 20KB
index.js 17KB
parse.js 17KB
parse.js 17KB
template-debug.js 16KB
ejs.min.js 15KB
index.js 14KB
index.js 14KB
application.js 14KB
template-native-debug.js 13KB
ipaddr.js 13KB
request.js 11KB
index.js 10KB
index.js 10KB
index.js 10KB
index.js 10KB
index.js 10KB
index.js 9KB
utf7.js 9KB
共 690 条
- 1
- 2
- 3
- 4
- 5
- 6
- 7
资源评论
娃娃1028
- 粉丝: 4
- 资源: 8
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- windows下NTFS文件系统读取.zip
- windows程序设计课程 相关代码.zip
- Windows via C++图书代码,升级Windows SDK 到10.zip
- matlab基于扩张卡尔曼滤波的磷酸铁锂蓄电池SOC检测,给出了电池模型和算法实现过程.zip
- matlab基于卡尔曼滤波的磷酸铁锂蓄电池SOC检测
- STM8S003F3P6最小系统AD版(包含原理图、PCB源文件)
- smg.uvproj
- nextjs turbo build
- mysql-connector-j-8.0.31.jar
- MATLAB Appdesigner 设计天气预报小程序:全国各城市天气查询系统Weather-capturer-v3
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功