/將資料set到cookie

// setHeader寫法
// Controlles
exports.postLogin = (req, res, next) => {
  // 設置登入Cookie
  res.setHeader("Set-Cookie", "isLogin=true");
  res.redirect("/");
};

// cookie寫法
exports.postLogin = (req, res, next) => {
  // 設置登入Cookie
  res.cookie("isLogin": true, {httpOnly, secure})
  res.redirect("/");
};

觸發後製applocation可以看見資料被存進cookie

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/1e218a7d-4864-4eb2-ac4a-0780ece5471d/_2021-05-20_6.07.59.png

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/33ef488c-6cee-4c8f-bacb-bb799411dcbc/Untitled.png

設置失效時間max-age

// 10秒鐘後失效
res.setHeader("Set-Cookie", "isLogin=truem; max-age=10");

secure ⇒ 安全模式

httpOnly ⇒ 只允許http請求時取得cookie值,無法透過script直接獲取

session

安裝express-session在nodejs express中,使用session

npm install express-session

引入espress-session

// app.js
const session = require('express-session');

// 設置session
app.use(
  session({
    secret: "session key",
    // resave => 每次請求皆重新設置cookie
    resave: false,
    // 每次請求無論有無設置cookie皆代上
    saveUninitialized: false,
    // 設置client端cookie
    cookie: {
      httpOnly: true,
    },
  })
);

設置session值

// Controllers.js
exports.postLogin = (req, res, next) => {  
// 設置sessio值
  req.session.isLogin = true
  res.redirect("/");
};

直接從require中取得session值

//Controllers.js
exports.getLogin = (req, res, next) => {
  res.render("auth/login", {
    docTitle: "會員登入",
    breadcrumb: [
      { name: "首页", url: "/", hasBreadcrumbUrl: true },
      { name: "會員登入", hasBreadcrumbUrl: false },
    ],
    isAuthenticated: req.session.isLogin,
  });
};

使用mongodb儲存session資料