1

我有一个使用 Usergrid 作为后端的节点站点。我创建了一个登录表单屏幕,但是当一个用户登录时,它会显示该用户正在登录到该站点上的所有其他用户。如果其他人登录,那么它将覆盖以前登录的用户。如何防止经过身份验证的会话在所有用户之间共享?我希望每个用户在浏览网站时都有自己的经过身份验证的会话。

登录代码:

app.post("/login", function(req, res) {

    if (client.isLoggedIn()) {
        console.log("already logged in");
        res.send({"status": "success"});
    } else {

        client.login(req.body.username, req.body.password, function(err) {
            logger.debug("After Log In");
            if (err) {
                logger.error('Login Failed');
                logger.error(err);
            } else {
                logger.debug(client.token);

                client.authType = Usergrid.AUTH_APP_USER;

                var options = {
                    method: 'GET',
                    endpoint: 'users/me'
                };

                client.request(options, function(err,data) {
                    if (err) {
                        console.log(err);
                    } else {
                        req.session['current_user'] = data.entities[0];
                        console.log(data);
                        console.log("SESSION");
                        console.log(req.session);
                    }
                    res.send({"status": "success"});
                });
            }
        });
    }
});
4

1 回答 1

0

I think the problem is that you are using one instance of the Usergrid.Client object to serve many users. Instead, you should do what Usergrid does: when a user logs in, you give them the Usergrid access_token. You could send it back in a cookie, or in JSON data or whatever you choose.

Then you would expect subsequent HTTP request from the user to include the access_token in the URL or in a cookie, or whatever. On each request you create a new instance of the Usergrid.Client and pass in the token from the user, e.g.

var client = new Usergrid.Client({'token':'abcd5764adf...');

于 2016-02-29T14:40:18.677 回答