Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
253 views
in Technique[技术] by (71.8m points)

javascript - Node.js & Express session problem

I'm having a problem with sessions, where sometimes the session variable I just set is undefined on the next page request. I typically have to go through the flow again in order to properly set the variables.

I can confirm that I'm not trying to set the session variables to undefined; they have a legit value.

In my app, users move from /twitter/connect/ to /twitter/callback/. The former retreives some oauth data from twitter, the latter logs the user into twitter.

/twitter/connect/ is simple:

app.get('/twitter/connect/?', function(req, res){
    consumer().getOAuthRequestToken(function(error, oauthToken, oauthTokenSecret, results){
        if (error){
            // error handling here
        } else {
            req.session.oauthRequestToken = oauthToken;
            req.session.oauthRequestTokenSecret = oauthTokenSecret;

            // if I console.log the two session variables above
            // they have the proper values.

            res.redirect("https://twitter.com/oauth/authorize?oauth_token="+req.session.oauthRequestToken);      
        }
    });
});

After that, twitter sends them back to /twitter/callback/:

app.get('/twitter/callback/?', function(req, res){
    console.log(req.session.oauthRequestToken);
    console.log(req.session.oauthRequestTokenSecret);

    // more often than not, the two variables above are
    // undefined.  but not always.  usually on the first
    // pass, never on the second.
});

I have no idea what's going on, I can confirm that the session variables are being set properly, they just aren't holding their value in between page requests, but only the first time.

This is how I'm creating my server:

app.configure('development', function(){
    app.use(express.cookieParser());
    app.use(express.session({ secret:'yodawgyo' }));
    app.use(express.errorHandler({ dumpExceptions: true, showStack: true }));
    app.use(express.logger());
    app.use(express.static(__dirname + '/public'));
    app.set('view engine', 'ejs');
    app.set('view options', {
        open: '{{',
        close: '}}'
    });
});

I just have a dev environment for now. I have Node 0.5.0-pre installed, but saw this issue on 0.4.1 as well. I'm using express 2.3.2.

Any help is much appreciated.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

In Connect's session, any handler can set req.session.anything to any value, and Connect will store the value when your handler calls end(). This is dangerous if there are multiple requests in flight at the same time; when they finish, one session value will clobber the other. This is the consequence of having such a simple session API (or see the session source directly), which has no support to atomically get-and-set session properties.

The workaround is to try to give the session middleware as few of the requests as necessary. Here are some tips:

  1. Put your express.static handler above the session middleware.
  2. If you can't move up some handlers that don't need the session, you can also configure the session middleware to ignore any paths that don't use req.session by saying express.session.ignore.push('/individual/path').
  3. If any handler doesn't write to the session (maybe it only reads from the session), set req.session = null; before calling res.end();. Then it won't be re-saved.

If only one request does a read-modify-write to the session at a time, clobbering will be less likely. I hope that in the future, Connect will have a more precise session middleware, but of course the API will be more complicated than what we have now.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...