0

我正在尝试创建一个具有“记住我”复选框的用户登录页面。听起来很简单,对吧?

当用户在未选中“记住我”复选框的情况下登录时,默认会话 ttl 将设置为 10 秒(10000 毫秒)。但是,如果选中“记住我”复选框,则 ttl 将设置为 100000 秒(100000000 毫秒)。

跳过所有用户名和密码的身份验证,我设置了这个小演示来举例说明我的目标。不幸的是,会话 ttl 似乎总是 10 秒,并且永远不会 100000 秒。

以下是以下代码的 pastebin:http: //pastebin.com/45bRfxkn

var Hapi   = require('hapi');
var AuthCookie = require('hapi-auth-cookie');

var server = new Hapi.Server('localhost',4000); // make a server

// this function is just for my example, I'll use an actual logger later...
function xhrlog(request){
   var auth = request.auth.isAuthenticated ? "Authenticated" : "Not Authenticated";
   console.log(request.method.toUpperCase()+" request to "+request.path+" is "+auth+".");
}

// this is the handler for the '/' route.  You should start at this route first (it represents the login page)
function firstLoad(request, reply){
   xhrlog(request);
   request.auth.session.set({});
   reply("<p style='color:blue'>click the button to test.</p><input type='button' id='foo' value='click me'></input><script>document.getElementById('foo').addEventListener('click', function(){ window.location = './newLocation'});</script> ");  
}

// this is the page that i would expect to have created a session cookie with a ttl of 100000. But it doesnt.
function authorized(request,reply){
   xhrlog(request);
   reply("<p style='width: 300px;'>This is the authorized page.  I would expect this page to have a session timeout of 100000 seconds.  But it doesnt, it only has 10 seconds.  Keep refreshing to see if you are still alive!</p>");
}

// set up the unauthenticated route here. this is the "login" page.
server.route({
   method:'GET',
   path:'/',
   config: {
      handler: firstLoad
   }
});

server.pack.register(AuthCookie, function(err){

   // set up strategy for the session cookie.  It defaults to 10000 ms
   server.auth.strategy('session', 'cookie', {
      password: 'secret',
      cookie: 'iDontKnowWhatThisIsFor',
      redirectTo: '/',
      isSecure: false,
      ttl: 10000
   });

   // set up the route for the 'remember me' page.  It should have a ttl of 100000000 ms.
   server.route({
      method: 'GET',
      path: '/newLocation',
      config: {
         handler: authorized,
         auth: {
            mode: 'try',
            strategy: 'session'
         },
         plugins: { 'hapi-auth-cookie' : { ttl: 100000000 }}  
      }
   });
});
4

2 回答 2

1

您可以在回复界面上设置不同的 ttl 值。此 ttl 值覆盖默认会话 cookie 的 ttl

reply("test").state("session", session, {ttl: 365 * 30 * 7 * 24 * 60 * 60 * 1000});
于 2014-08-04T11:33:07.660 回答
0

万一有人发现自己在这里,答案似乎与当前版本的 hapi-auth-cookie 不同。我尝试使用接受的答案,但它不会更改特定于路由的 ttl 值。

根据 api 文档:request.cookieAuth.ttl(milliseconds)将覆盖默认策略设置。虽然没有明确记录,但您也可以传递该值null并将 cookie 设置为浏览器中的 Session。在与原始海报类似的情况下,我能够成功覆盖 ttl 设置。

但是,由于存储浏览器选项卡等以重新打开,大多数现代浏览器最终都会保存 cookie。如果您想非常确定 cookie 将过期,我建议您将 ttl 设置为少于一天的时间。对于会话预期行为的等效性而言,这不是一个完美的解决方案

请参阅示例代码片段:

if (response.login) {
var session = { sid: response.sid};
request.cookieAuth.set(session);
// check if login form had remember me checkbox selected
if(request.payload.remember) {
  return reply.redirect(request.query.next); //uses default strategy ttl setting for cookie
}else{
  request.cookieAuth.ttl(24*60*60*1000); // override ttl to 24 hours
  return reply.redirect(request.query.next);
}
}
于 2016-11-20T18:50:46.913 回答