user.json
{
"tobi":{
"password":"ferret",
"name":"Tobi Hellowaychuk"
}
}
package.json
{
"name": "mywebsite",
"version": "0.1.1",
"dependencies": {
"connect":"1.8.7"
}
}
session.js
var connect=require("connect");
var users=require("./users");
var server=connect(
connect.logger("dev"),
connect.bodyParser(),
connect.cookieParser(),
connect.session({secret:"my app serect"}),
function(req,res,next){
if('/'==req.url&&req.session.logged_in){
res.writeHead(200,{'Content-Type':'text/html'});
res.end(
'Welcome back,<b>'+req.session.name+'</b>'+
'<a href="/logout">Logout</a>'
);
}else{
next();
}
},
function(req,res,next){
if('/'==req.url&&"GET"==req.method){
res.writeHead(200,{'Content-Type':'text/html'});
res.end([
'<form action="/login" method="POST">',
'<fiedset>',
'<legend>Please log in</legend>',
'<p>User:<input type="text" name="user" multiple="multiple"></p>',
'<p>Passwrod:<input type="password" name="password" multiple="multiple"></p>',
'<button>Submit</button>',
'</fiedset>',
'</form>'
].join(''));
}else{
next();
}
},
function(req,res,next){
if('/login'==req.url&&'POST'==req.method){
res.writeHead(200,{'Content-Type':'text/html'});
if(!users[req.body.user]||req.body.password!=users[req.body.user].password){
res.end("<h1>Wrong Users</h1>");
}else{
console.log("----"+req.body.user+"----"+req.body.password);
req.session.logged_in=true;
req.session.name=users[req.body.user].name;
res.end('<h1>Authenticated!!!!</h1>')
}
}
},
function(req,res,next){
if('/logout'==req.url){
req.session.logged_in=false;
res.writeHead(200);
res.end("Logged out!");
}else{
next();
}
}
);
server.listen(3000);
1.因为session中间件需要操作cookie中间件,所以也要加上
2.处于安全考虑,我们要在session中间件加上serect
3.网页的url随着form的action和a标签的url而变化
4.引入了session中间件就会有req.session,我们将用户名和密码保存在参数里