会话未使用express-session和connect-mongo保持

Question

我的express服务器使用express-session和connect-mongo，它为同一个用户的每个请求生成一个新的会话，而不是像它应该的那样持久化一个会话。这是我第一次使用快速会话，但我不认为这是我的代码的问题。在测试时，我是唯一的用户，当我查看我的MongoDB时，有一堆新的会话。每次我向需要使用会话变量的路由发出请求时，它都会生成另一个新会话。

编辑:客户端没有存储会话id，因此每个请求都会产生一个新的会话。正在发送正确的set-cookie报头，所以我不确定它为什么不工作。我使用Firefox作为我的客户端。

编辑2:尝试使用Edge和Chrome，他们也没有设置会话cookie。我刚接触会话，所以我不知道为什么它不能正常工作。

// 3rd party modules
const util = require('util');
const express = require('express');
const bodyParser = require('body-parser');
const multer = require('multer');
const morgan = require('morgan');
const mongoose = require('mongoose');
const config = require('config');
const session = require('express-session');
const MongoStore = require('connect-mongo')(session);

// Custom classes
const AuthService = require('./services/authService');

// Models
const Account = require('./models/account');

// Load .env config file
const envConfigResult = require('dotenv').config();
if (envConfigResult.error) {
    throw envConfigResult.error;
}

// Instances
let auth;
let upload = multer();
const app = express();

// Parse request data and store in req.body
app.use(bodyParser.json()); // json
app.use(bodyParser.urlencoded({ extended: true })); // x-www-form-url-encoded
app.use(upload.array()); // multipart/form-data

// Setup logging
app.use(morgan('dev'));

// JWT error handling
app.use(function (err, req, res, next) {
    // TODO: Implement proper error code
    res.status(401).send(err);
    if (err.name === 'UnauthorizedError') {
        res.status(401).send('invalid token...');
    }
});

async function main() {
    try {
        const mongoDbUrl = process.env.DB_HOST;
        // Use new url parser and unified topology to fix deprecation warning
        const mongoConnection = mongoose.connect(mongoDbUrl, { useNewUrlParser: true, useUnifiedTopology: true }).then(async function() {
            console.log(`Successfully connected to MongoDB database at ${mongoDbUrl}!`);
        }).catch(function(error) {
            console.log(`Error whilst connecting to MongoDB database at ${mongoDbUrl}! ${error}`);
        });
        mongoose.set('useCreateIndex', true); // Fixes deprecation warning
    } catch (err) {
        console.log(`Error whilst doing database setup! ${err}`);
    }
    try {
        app.use(session({
            store: new MongoStore({ mongooseConnection: mongoose.connection, ttl: 86400 }),
            secret: process.env.SESSION_SECRET,
            resave: false,
            saveUninitialized: false,
            cookie: {
                path: "/",
                maxAge: 3600000, // 1 hour
                httpOnly: false,
                secure: false // TODO: Update this on production
            }
        }));
        console.log("Sessions successfully initialized!");
    } catch (err) {
        console.log(`Error setting up a mongo session store! ${err}`);
    }
    try {
        // TODO: Initialize email service
        auth = new AuthService.AuthService();
        // TODO: Attach email service to auth service
    } catch (err) {
        console.log(`Error whilst doing initial setup. ${err}`);
    }
}

main();

// Routes
const rootRoute = require('./routes/root');
const tokensRoute = require('./routes/tokens');
const captchaRoute = require('./routes/captcha');

// Route middlewares
app.use('/v1/', rootRoute.router);
app.use('/v1/tokens', tokensRoute.router);
app.use('/v1/captcha', captchaRoute.router);

try {
    rootRoute.setAuthService(auth);
    tokensRoute.setAuthService(auth);
} catch (err) {
    console.log(`Error attaching auth service to routes! ${err}`);
}

var server = app.listen(8088, function() {
    let host = server.address().address;
    let port = server.address().port;

    if (host == "::") {
        console.log("Server running at http://127.0.0.1:%d", port);
    } else {
        console.log("Server running at http://%s:%d", host, port);
    }
});

Answer 1

事实证明，除非在请求中包含credentials: 'include'，否则现代浏览器会忽略set-cookie头。因此，我将客户端切换到使用fetch而不是XMLHttpRequest，并将credentials: 'include'添加到其选项中。(如果您没有正确设置CORS，则会忽略凭据，因此我也必须这样做。)现在它工作得很好。

TLDR:在请求中包含credentials: 'include'，并确保服务器配置了CORS。

Answer 2

正如在doc (or npm page)中所解释的，您似乎忘记了一行：

app.use(session({
    secret: 'foo',
    store: new MongoStore(options)
}));