我正在使用Passport.js本地策略来处理我的应用程序中的身份验证。 每当我进行更改时,我也会使用Nodemon自动刷新服务器。
问题是每当我做出更改时我都要再次登录应用程序。 目前这只是开发,但同样的概念适用于处理请求的多个服务器(例如EC2负载均衡器)。 所以我的问题是,如何在保留用户状态的同时使Passport.js无状态?
似乎必须有一种方法来保持跨服务器的状态和/或重新启动服务器。
I'm using Passport.js local strategies to handle auth in my app. I'm also using Nodemon to automatically refresh the server whenever I make changes.
Problem is whenever I make changes I have to login again to the application. For now this is just development but the same concept would apply to multiple servers handling the requests (ex. EC2 load balancer). So my question is, how can I make Passport.js stateless while still preserving the state of the user?
Seems like there has to be a way to preserve the state across servers and/or restarts of the server.
最满意答案
你有两个选择:
使用持久会话存储,例如MongoDB , Redis或PostgreSQL 不要使用会话,而是使用JSON Web Tokens,即JWT。如果您已经拥有共享数据库,则第一个选项需要较少的设置,只需实例化商店并将其传递给您的应用程序,例如:
const session = require('express-session'); const MongoStore = require('connect-mongo')(session); app.use(session({ secret: 'foo', store: new MongoStore(options) }));第二个选项需要一个不同的Passport策略,如passport-jwt或者可能完全抛弃Passport并直接在自定义中间件中使用jsonwebtoken 。
You have two options:
Use a persistent session store e.g. MongoDB, Redis, or PostgreSQL Do not use sessions at all, use JSON Web Tokens aka JWT instead.First option requires less setup if you already have a shared database, just instantiate the store and pass it to you app, eg:
const session = require('express-session'); const MongoStore = require('connect-mongo')(session); app.use(session({ secret: 'foo', store: new MongoStore(options) }));The second option requires a different Passport strategy like passport-jwt or maybe ditching Passport completely and using jsonwebtoken directly in a custom middleware.
更多推荐
发布评论