How to use Node.js to manipulate cookies to stay logged in
This time I will show you how to use Node.js to operate cookies to stay logged in, and what are the precautions for using Node.js to operate cookies to stay logged in. The following is a practical case, let's take a look. This time I will do a small example of website login, which will be used later. This example will use Cookie,
HTML form, and POST data body (body) parsing. In the first version, our user data is written in the js file. The second version will introduce MongoDB to save user data.
Example preparation
1. Use express to create an applicationThe following command sequence:
express LoginDemo cd LoginDemo npm install
The jade template of the login page is login.jade, and the content is as follows:
doctype html
html
head
meta(charset='UTF-8')
title 登录
link(rel='stylesheet', href='/stylesheets/login.css')
body
.form-container
p.form-header 登录
form(action='login', method='POST', align='center')
table
tr
td
label(for='user') 账号:
td
input#user(type='text', name='login_username')
tr
td
label(for='pwd') 密码:
td
input#pwd(type='password', name='login_password')
tr
td(colspan='2', align='right')
input(type='submit', value='登录')
p #{msg}login.jade is placed in the views directory Down. I hard-coded Chinese characters in login.jade. Note that the file is encoded in UTF-8.
The end of this template is a dynamic message used to display the login
error message. The msg variable is passed in by the application. I wrote a simple CSS for the login page, the login.css file, the content is as follows:
form {
margin: 12px;
}
a {
color: #00B7FF;
}
p.form-container {
display: inline-block;
border: 6px solid steelblue;
width: 280px;
border-radius: 10px;
margin: 12px;
}
p.form-header {
margin: 0px;
font: 24px bold;
color: white;
background: steelblue;
text-align: center;
}
input[type=submit]{
font: 18px bold;
width: 120px;
margin-left: 12px;
}Please put login.css in the public/stylesheets directory.
3. Profile pageAfter successful login, the configuration page will be displayed. The profile.jade page content:
doctype html
html
head
meta(charset='UTF-8')
title= title
body
p #{msg}
p #{lastTime}
p
a(href='/logout') 退出profile.jade is placed in the views directory. Down. The profile page displays a successful login message, also displays the last login time, and finally provides a logout link.
4. App.js changesI changed app.js so that users can automatically jump to the login page when they visit the website without logging in. The content of the new app.js is as follows:
var express = require('express');
var path = require('path');
var favicon = require('serve-favicon');
var logger = require('morgan');
var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');
var users = require('./routes/users');
var app = express();
// view engine setup
app.set('views', path.join(dirname, 'views'));
app.set('view engine', 'jade');
// uncomment after placing your favicon in /public
//app.use(favicon(path.join(dirname, 'public', 'favicon.ico')));
app.use(logger('dev'));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
app.use(cookieParser());
app.use(express.static(path.join(dirname, 'public')));
app.all('*', users.requireAuthentication);
app.use('/', users);
// catch 404 and forward to error handler
app.use(function(req, res, next) {
var err = new Error('Not Found');
err.status = 404;
next(err);
});
// error handlers
// development error handler
// will print stacktrace
if (app.get('env') === 'development') {
app.use(function(err, req, res, next) {
res.status(err.status || 500);
res.render('error', {
message: err.message,
error: err
});
});
}
// production error handler
// no stacktraces leaked to user
app.use(function(err, req, res, next) {
res.status(err.status || 500);
res.render('error', {
message: err.message,
error: {}
});
});
module.exports = app;I modified users.js and put the authentication, login, logout and other logic in Inside, you must first convert users.js to UTF-8 encoding (sorry, Chinese characters are hard-coded). Content:
var express = require('express');
var router = express.Router();
var crypto = require('crypto');
function hashPW(userName, pwd){
var hash = crypto.createHash('md5');
hash.update(userName + pwd);
return hash.digest('hex');
}
// just for tutorial, it's bad really
var userdb = [
{
userName: "admin",
hash: hashPW("admin", "123456"),
last: ""
},
{
userName: "foruok",
hash: hashPW("foruok", "888888"),
last: ""
}
];
function getLastLoginTime(userName){
for(var i = 0; i < userdb.length; ++i){
var user = userdb[i];
if(userName === user.userName){
return user.last;
}
}
return "";
}
function updateLastLoginTime(userName){
for(var i = 0; i < userdb.length; ++i){
var user = userdb[i];
if(userName === user.userName){
user.last = Date().toString();
return;
}
}
}
function authenticate(userName, hash){
for(var i = 0; i < userdb.length; ++i){
var user = userdb[i];
if(userName === user.userName){
if(hash === user.hash){
return 0;
}else{
return 1;
}
}
}
return 2;
}
function isLogined(req){
if(req.cookies["account"] != null){
var account = req.cookies["account"];
var user = account.account;
var hash = account.hash;
if(authenticate(user, hash)==0){
console.log(req.cookies.account.account + " had logined.");
return true;
}
}
return false;
};
router.requireAuthentication = function(req, res, next){
if(req.path == "/login"){
next();
return;
}
if(req.cookies["account"] != null){
var account = req.cookies["account"];
var user = account.account;
var hash = account.hash;
if(authenticate(user, hash)==0){
console.log(req.cookies.account.account + " had logined.");
next();
return;
}
}
console.log("not login, redirect to /login");
res.redirect('/login?'+Date.now());
};
router.post('/login', function(req, res, next){
var userName = req.body.login_username;
var hash = hashPW(userName, req.body.login_password);
console.log("login_username - " + userName + " password - " + req.body.login_password + " hash - " + hash);
switch(authenticate(userName, hash)){
case 0: //success
var lastTime = getLastLoginTime(userName);
updateLastLoginTime(userName);
console.log("login ok, last - " + lastTime);
res.cookie("account", {account: userName, hash: hash, last: lastTime}, {maxAge: 60000});
res.redirect('/profile?'+Date.now());
console.log("after redirect");
break;
case 1: //password error
console.log("password error");
res.render('login', {msg:"密码错误"});
break;
case 2: //user not found
console.log("user not found");
res.render('login', {msg:"用户名不存在"});
break;
}
});
router.get('/login', function(req, res, next){
console.log("cookies:");
console.log(req.cookies);
if(isLogined(req)){
res.redirect('/profile?'+Date.now());
}else{
res.render('login');
}
});
router.get('/logout', function(req, res, next){
res.clearCookie("account");
res.redirect('/login?'+Date.now());
});
router.get('/profile', function(req, res, next){
res.render('profile',{
msg:"您登录为:"+req.cookies["account"].account,
title:"登录成功",
lastTime:"上次登录:"+req.cookies["account"].last
});
});
module.exports = router;As you can see, I have built in two accounts, admin and foruok. When logging in, I will verify these two accounts and report an error if they are incorrect.
Okay, execute "npm start", then open "http://localhost:3000" in the browser, you can see the following effect:
After a few tossing, log in, log out, and log in again, the effect is as follows:
Okay, this is the effect of this example. Next we will explain the concepts and some codes used.
Processing POST text dataWe use an HTML form in the example to receive the user name and password, when the type of the input element is submit , click it, the browser will organize the data in the form into a certain format, encode it into the body, and POST to the specified server address. The username and password can be found on the server side through the value of the name attribute of the
HTML element. We don’t have to worry about the process of the server parsing form data. We use express’s body-parser middleware, which will do it for us. We just need to make simple configurations. And these configuration codes, express generator has helped us complete them, as follows:
//加载body-parser模块
var bodyParser = require('body-parser');
...
//应用中间件
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));Our code for processing POST requests on the /login path is in users.js, from "router.post('/login'... "Start (line 94, it would be great if markdown could automatically insert line numbers into the code). The code that refers to the user name in the login form is as follows:
var userName = req.body.login_username;
Noticed that there is parsing in the express.Request object req Okay body, we use login_username to access the user name. And login_username is the value of the name attribute of our input element in HTML. It is so related. Password is similar.
cookie cookie,按我的理解,就是服务器发给浏览器的一张门票,要访问服务器内容,可以凭票入场,享受某种服务。服务器可以在门票上记录一些信息,从技术角度讲,想记啥记啥。当浏览器访问服务器时,HTTP头部把cookie信息带到服务器,服务器解析出来,校验当时记录在cookie里的信息。 HTTP协议本身是无状态的,而应用服务器往往想保存一些状态,cookie应运而生,由服务器颁发,通过HTTP头部传给浏览器,浏览器保存到本地。后续访问服务器时再通过HTTP头部传递给服务器。这样的交互,服务器就可以在cookie里记录一些用户相关的信息,比如是否登录了,账号了等等,然后就可以根据这些信息做一些动作,比如我们示例中的持久登录的实现,就利用了cookie。还有一些电子商务网站,实现购物车时也可能用到cookie。 cookie存储的是一些key-value对。在express里,Request和Response都有cookie相关的方法。Request实例req的cookies属性,保存了解析出的cookie,如果浏览器没发送cookie,那这个cookies对象就是一个空对象。 express有个插件,cookie-parser,可以帮助我们解析cookie。express生成的app.js已经自动为我们配置好了。相关代码: express的Response对象有一个cookie方法,可以回写给浏览器一个cookie。 下面的代码发送了一个名字叫做“account”的cookie,这个cookie的值是一个对象,对象内有三个属性。 复制代码 代码如下: res.cookie("account", {account: userName, hash: hash, last: lastTime}, {maxAge: 60000}); res.cookie()方法原型如下: 文档在这里:http://expressjs.com/4x/api.html。 浏览器会解析HTTP头部里的cookie,根据过期时间决定保存策略。当再次访问服务器时,浏览器会把cookie带给服务器。服务器使用cookieParser解析后保存在Request对象的cookies属性里,req.cookies本身是一个对象,解析出来的cookie,会被关联到req.cookies的以cookie名字命名的属性上。比如示例给cookie起的名字叫account,服务端解析出的cookie,就可以通过req.cookies.account来访问。注意req.cookies.account本身既可能是简单的值也可能是一个对象。在示例中通过res.cookie()发送的名为account的cookie,它的值是一个对象,在这种情况下,服务器这边从HTTP请求中解析出的cookie也会被组装成一个对象,所以我们通过req.cookies.account.account就可以拿到浏览器通过cookie发过来的用户名。但如果浏览器没有发送名为“account”的cookie,那req.cookies.account.hash这种访问就会抛异常,所以我在代码里使用req.cookies[“account”]这种方式来检测是否有account这个cookie。 持久登录 如果用户每次访问一个需要鉴权的页面都要输入用户名和密码来登录,那就太麻烦了。所以,很多现代的网站都实现了持久登录。我的示例使用cookie简单实现了持久登录。 在处理/login路径上的POST请求时,如果登录成功,就把用户名、一个hash值、还有上次登录时间保存在cookie里,并且设置cookie的有效期为60秒。这样在60秒有效期内,浏览器后续的访问就会带cookie,服务端代码从cookie里验证用户名和hash值,让用户保持登录状态。当过了60秒,浏览器就不再发送cookie,服务端就认为需要重新登录,将用户重定向到login页面。 现在服务端的用户信息就简单的放在js代码里了,非常丑陋,下次我们引入MongoDB,把用户信息放在数据库里。 相信看了本文案例你已经掌握了方法,更多精彩请关注php中文网其它相关文章! 推荐阅读:var cookieParser = require('cookie-parser');
...
app.use(cookieParser());res.cookie(name, value [, options])
The above is the detailed content of How to use Node.js to manipulate cookies to stay logged in. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1653
14
1413
52
1305
25
1251
29
1224
24
WebSocket and JavaScript: key technologies for implementing real-time monitoring systems
Dec 17, 2023 pm 05:30 PM
WebSocket and JavaScript: Key technologies for realizing real-time monitoring systems Introduction: With the rapid development of Internet technology, real-time monitoring systems have been widely used in various fields. One of the key technologies to achieve real-time monitoring is the combination of WebSocket and JavaScript. This article will introduce the application of WebSocket and JavaScript in real-time monitoring systems, give code examples, and explain their implementation principles in detail. 1. WebSocket technology
Where are cookies stored?
Dec 20, 2023 pm 03:07 PM
Cookies are usually stored in the cookie folder of the browser. Cookie files in the browser are usually stored in binary or SQLite format. If you open the cookie file directly, you may see some garbled or unreadable content, so it is best to use Use the cookie management interface provided by your browser to view and manage cookies.
Where are the cookies on your computer?
Dec 22, 2023 pm 03:46 PM
Cookies on your computer are stored in specific locations on your browser, depending on the browser and operating system used: 1. Google Chrome, stored in C:\Users\YourUsername\AppData\Local\Google\Chrome\User Data\Default \Cookies etc.
Where are the mobile cookies?
Dec 22, 2023 pm 03:40 PM
Cookies on the mobile phone are stored in the browser application of the mobile device: 1. On iOS devices, Cookies are stored in Settings -> Safari -> Advanced -> Website Data of the Safari browser; 2. On Android devices, Cookies Stored in Settings -> Site settings -> Cookies of Chrome browser, etc.
JavaScript and WebSocket: Building an efficient real-time weather forecasting system
Dec 17, 2023 pm 05:13 PM
JavaScript and WebSocket: Building an efficient real-time weather forecast system Introduction: Today, the accuracy of weather forecasts is of great significance to daily life and decision-making. As technology develops, we can provide more accurate and reliable weather forecasts by obtaining weather data in real time. In this article, we will learn how to use JavaScript and WebSocket technology to build an efficient real-time weather forecast system. This article will demonstrate the implementation process through specific code examples. We
Simple JavaScript Tutorial: How to Get HTTP Status Code
Jan 05, 2024 pm 06:08 PM
JavaScript tutorial: How to get HTTP status code, specific code examples are required. Preface: In web development, data interaction with the server is often involved. When communicating with the server, we often need to obtain the returned HTTP status code to determine whether the operation is successful, and perform corresponding processing based on different status codes. This article will teach you how to use JavaScript to obtain HTTP status codes and provide some practical code examples. Using XMLHttpRequest
Detailed explanation of where browser cookies are stored
Jan 19, 2024 am 09:15 AM
With the popularity of the Internet, we use browsers to surf the Internet have become a way of life. In the daily use of browsers, we often encounter situations where we need to enter account passwords, such as online shopping, social networking, emails, etc. This information needs to be recorded by the browser so that it does not need to be entered again the next time you visit. This is when cookies come in handy. What are cookies? Cookie refers to a small data file sent by the server to the user's browser and stored locally. It contains user behavior of some websites.
Frequently Asked Questions and Solutions about Cookie Settings
Jan 19, 2024 am 09:08 AM
Common problems and solutions for cookie settings, specific code examples are required. With the development of the Internet, cookies, as one of the most common conventional technologies, have been widely used in websites and applications. Cookie, simply put, is a data file stored on the user's computer that can be used to store the user's information on the website, including login name, shopping cart contents, website preferences, etc. Cookies are an essential tool for developers, but at the same time, cookie settings are often encountered
