问题描述:

Hello guy's i m new in node js i created one demo app for multiple user with certain permission. My problem is when one user login in system its working fine but when other user login in system with another computer on same server its overwrite first user permission. i don't know how to solve this problem i searched on google and stackoverflow as well but did't got anything please help me.

below is my code to for login and session management

 var express = require('express');

var cookieParser = require('cookie-parser');

var session = require('express-session');

//app setup

var app = express();

//cookie parser

app.use(cookieParser());

//session

app.use(session({secret: '1234567890QWERTY',cookieName: 'session' }));

app.post('/users/loginAuthentication', function(req, res) {

var query = req.body;

var conditions = {email: query.username, password: query.password.toString(), is_delete: false, status: true};

userModel.findOne(conditions, function(err, admins) {

if (err) {

console.log(err.message);

} else {

if (!admins) {

res.end('{"success" : "not login", "status" : 400, "Auth" : "Failed"}');

} else {

req.session.admin = admins;

app.locals.checkAuth = req.session.admin.user_roles;

app.locals.USERNAME = req.session.admin.user_name;

res.end('{"success" : "Updated Successfully", "status" : 200, "Auth" : "Success"}');

}

}

});

});

for permission i doing something like this in my jade file

if (checkAuth == 'ADMIN')

li

a(href='/data')

i.fa.fa-plus-square-o.fa-fw

| table data

网友答案:

The problem happens because you are storing data within app.locals, that are persist throughout the life of the application.

Take a look at these lines:

app.locals.checkAuth = req.session.admin.user_roles;
app.locals.USERNAME = req.session.admin.user_name;

The properties "checkAuth" and "USERNAME" will be there until you stop your app (Ctrl+C for example).

In order to resolve the problem, you should store these properties in res.locals instead of app.locals;

Next question is how to pass them to view for Jade? You can try the following script (not tested!) :

app.use(function(req, res, next){
  var render = res.render;
  var resLocals = res.locals;
  res.render = function(view, locals, cb){
    locals.checkAuth = resLocals.checkAuth;
    locals.USERNAME = resLocals.USERNAME;
    render.call(res, view, locals, cb);
  }
  next();
});

The above block works as a regular ExpressJS midleware that copies the data from res.locals to app.locals before executing template engine behaviors.

*Addition:

Session data should be handled in controllers, within a request-response cycle. In real world, you should do something like this:

// homeController.js

function index(req, res){

  var data = {
     checkAuth: req.session.user_roles;
     USERNAME: req.session.user_name;    
  }

  res.render('yourJadeTemplateFile', data); 
}
相关阅读:
Top