cookie-session

cookie޾sessionጱ‫ֵ݊ڦ܄‬አ

ռಅޮᎣ҅HTTP ฎӞӻ෫ᇫா‫҅ᦓܐ‬ಅզਮಁᒒྯེ‫᧗ڊݎ‬࿢෸҅ӥӞེ᧗࿢෫ဩ஑ᎣӤӞེ
᧗࿢ಅ۱‫ތ‬ጱᇫாහഝ҅ই֜ᚆ಩Ӟӻአಁጱᇫாහഝ‫ى‬ᘶ᩸๶ޫҘ

cookie
Ḓ‫ض‬Ծኞԧ cookie ᬯᳪದ๞๶ᥴ٬ᬯӻᳯ᷌҅cookie ฎ http ‫ᦓܐ‬ጱӞ᮱‫҅ړ‬ਙጱ॒ቘ‫ړ‬ԅইӥ
‫ྍپ‬ғ

๐‫ݻ࢏ۓ‬ਮಁᒒ‫ݎ‬ᭆ cookie̶
᭗ଉֵአ HTTP ‫ᦓܐ‬ᥢਧጱ set-cookie १඙̶֢
ᥢ᝜ᥢਧ cookie ጱ໒ୗԅ name = value ໒ୗ҅Ӭ஠ᶳ۱‫ތ‬ᬯ᮱‫̶ړ‬
ၨᥦ࢏ਖ਼ cookie ‫̶ਂכ‬
ྯེ᧗࿢ၨᥦ࢏᮷տਖ਼ cookie ‫ݻݎ‬๐‫̶࢏ۓ‬
ٌ՜‫ݢ‬ᭌጱ cookie ݇හտ୽ߥਖ਼ cookie ‫ݎ‬ᭆᕳ๐‫࢏ۓ‬ᒒጱᬦᑕ҅Ԇᥝํզӥ‫پ‬ᐿғ

pathғᤒᐏ cookie ୽ߥ‫ک‬ጱ᪠ஆ҅‫܃‬ᯈᧆ᪠ஆ಍‫ݎ‬ᭆᬯӻ cookie̶

expires ޾ maxAgeғ‫ᦫޞ‬ၨᥦ࢏ᬯӻ cookie Ջԍ෸‫ײ‬ᬦ๗҅expires ฎ UTC ໒ୗ෸ᳵ҅maxAge ฎ
cookie ग़ԋ‫ݸ‬ᬦ๗ጱፘ੒෸ᳵ̶
୮ӧᦡᗝᬯӷӻᭌᶱ෸҅տԾኞ session cookie҅session cookie ฎ transient ጱ҅୮አಁ‫ى‬ᳮၨᥦ
࢏෸҅੪ᤩႴᴻ̶
Ӟᛱአ๶‫ ਂכ‬session ጱ session_id̶
secureғ୮ secure ꧊ԅ true ෸҅cookie ࣁ HTTP Ӿฎ෫ප҅ࣁ HTTPS Ӿ಍ํප̶
httpOnlyғၨᥦ࢏ӧ꧋ᦜᚕ๜඙֢ document.cookie ݄ๅද cookie̶Ӟᛱఘ‫٭‬ӥ᮷ଫᧆᦡᗝᬯӻԅ
true҅ᬯ໏‫ݢ‬զ᭿‫ ᤩع‬xss ධ‫ڋ‬೭‫ ک‬cookie̶

express Ӿጱ cookie

express ࣁ 4.x ᇇ๜ԏ‫҅ݸ‬sessionᓕቘ޾cookiesᒵᦜग़ཛྷࣘ᮷ӧٚፗള۱‫ࣁތ‬expressӾ҅ᘒฎ

ᵱᥝ‫ܔ‬ᇿႲ‫ے‬ፘଫཛྷ̶ࣘ

express4 Ӿ඙֢ cookie ֵአ cookie-parser ཛྷࣘ(https://github.com/expressjs/cookie-parser

)̶
```
var express = require('express');
// Ḓ‫ض‬୚‫ ف‬cookie-parser ᬯӻཛྷࣘ
var cookieParser = require('cookie-parser');

var app = express();

app.listen(3000);

// ֵአ cookieParser Ӿᳵկ҅cookieParser(secret, options)

// ٌӾ secret አ๶‫ ੂے‬cookie ਁᒧԀҁӥᶎտ൉‫ ک‬signedCookies҂
// options փ‫ف‬ӤᶎՕᕨጱ cookie ‫ݢ‬ᭌ݇හ
app.use(cookieParser());

app.get('/', function (req, res) {

// ইຎ᧗࿢Ӿጱ cookie ਂࣁ isVisit, ‫ڞ‬ᬌ‫ ڊ‬cookie
// ‫ᦡ҅ڞވ‬ᗝ cookie ਁྦྷ isVisit, ଚᦡᗝᬦ๗෸ᳵԅ1‫ړ‬ᰦ
if (req.cookies.isVisit) {
console.log(req.cookies);
res.send("ེཻٚᬨᦢᳯ");
} else {
res.cookie('isVisit', 1, {maxAge: 60 * 1000});
res.send("ཻᬨᒫӞེᦢᳯ");
}
});
```

session
cookie ᡱᆐஉො‫֕҅׎‬ฎֵአ cookie ํӞӻஉय़ጱ୕ᒒ҅cookie Ӿጱಅํහഝࣁਮಁᒒ੪‫ݢ‬զ
ᤩ‫ץ‬ද҅හഝᶋଉ਻ฃᤩ։᭜҅ᮎԍӞԶ᯿ᥝጱහഝ੪ӧᚆਂනࣁ cookie Ӿԧ҅ᘒӬইຎ
cookie Ӿහഝਁྦྷॡग़տ୽ߥփᬌපሲ̶ԅԧᥴ٬ᬯԶᳯ᷌҅੪Ծኞԧ session҅session Ӿጱ
හഝฎ‫כ‬ኸࣁ๐‫࢏ۓ‬ᒒጱ̶

session ጱᬩ֢᭗ᬦӞӻ session_id ๶ᬰᤈ̶session_id ᭗ଉฎਂනࣁਮಁᒒጱ cookie Ӿ҅ྲ

ইࣁ express Ӿ҅ἕᦊฎ connect.sid ᬯӻਁྦྷ҅୮᧗࿢‫ک‬๶෸҅๐‫ۓ‬ᒒ༄ັ cookie Ӿ‫ਂכ‬ጱ
session_id ଚ᭗ᬦᬯӻ session_id Ө๐‫࢏ۓ‬ᒒጱ session data ‫ى‬ᘶ᩸๶҅ᬰᤈහഝጱ‫ץ޾ਂכ‬
ද̶

ᬯ఺௏੪ฎ᧔҅୮֦ၨᥦӞӻᗑᶭ෸҅๐‫ۓ‬ᒒᵋ๢ԾኞӞӻ 1024 ྲᇙᳩጱਁᒧԀ҅ᆐ‫֦ࣁਂݸ‬

cookie Ӿጱconnect.sid ਁྦྷӾ̶୮֦ӥེᦢᳯ෸҅cookie տଃํᬯӻਁᒧԀ҅ᆐ‫ݸ‬ၨᥦ࢏੪Ꭳ
֦᭲ฎӤེᦢᳯᬦጱ຤຤຤҅ᆐ‫ݸ‬՗๐‫࢏ۓ‬ጱਂ‫ؙ‬Ӿ‫ڊݐ‬Ӥེᦕ୯ࣁ֦᫝Ӥጱහഝ̶ኧԭਁᒧԀ
ฎᵋ๢Ծኞጱ҅ᘒӬ֖හ᪃ड़ग़҅ಅզԞӧ೅ஞํՈᚆड़։᭜̶։᭜౮‫ۑ‬ጱ༷ሲྲࣖࣁਹ᯾ᖫᑕ
෸ᤩᮝ੷ਹጱᇸᑱᆐᳰ‫ف‬ଚߒྒጱ‫پ‬ሲᬮ̶֗

session ‫ݢ‬զਂනࣁ 1҂ٖਂ̵2҂cookie๜᫝̵3҂redis ౲ memcached ᒵᖨਂӾ҅౲ᘏ4҂හ

ഝପӾ̶ᕚӤ๶᧔҅ᖨਂጱොໜྲ᫾ଉᥠ҅ਂහഝପጱᦾ҅ັᧃපሲፘྲ‫ڹ‬ӣᘏ᮷ॡ֗҅ӧവ
គҔcookie session ํਞ‫ق‬௔ᳯ᷌҅ӥᶎտ൉‫̶ک‬

express Ӿ඙֢ session ᥝአ‫ ک‬express-session (https://github.com/expressjs/session ) ᬯӻཛྷ

ࣘ҅Ԇᥝጱොဩ੪ฎsession(options)ٌ҅Ӿ options Ӿ۱‫ݢތ‬ᭌ݇හ҅Ԇᥝํғ

name: ᦡᗝ cookie Ӿ҅‫ ਂכ‬session ጱਁྦྷ‫ݷ‬ᑍ҅ἕᦊԅ connect.sid ̶

store: session ጱਂ‫ؙ‬ොୗ҅ἕᦊਂනࣁٖਂӾ҅Ԟ‫ݢ‬զֵአ redis҅mongodb ᒵ̶express ኞாӾ᮷ํ
ፘଫཛྷࣘጱඪ೮̶
secret: ᭗ᬦᦡᗝጱ secret ਁᒧԀ҅๶ᦇᓒ hash ꧊ଚනࣁ cookie Ӿֵ҅Ծኞጱ signedCookie ᴠᓫ
ද̶
cookie: ᦡᗝਂන session id ጱ cookie ጱፘ‫ى‬ᭌᶱ҅ἕᦊԅ
(default: { path: '/', httpOnly: true, secure: false, maxAge: null })
genid: ԾኞӞӻෛጱ session_id ෸҅ಅֵአጱ‫ڍ‬හ҅ ἕᦊֵአ uid2 ᬯӻ npm ۱̶
rolling: ྯӻ᧗࿢᮷᯿ෛᦡᗝӞӻ cookie҅ἕᦊԅ false̶
resave: ‫ ֵܨ‬session ဌํᤩ‫ץ‬ද҅Ԟ‫ ਂכ‬session ꧊҅ἕᦊԅ true̶

1҂ ࣁٖਂӾਂ‫ ؙ‬session

express-session ἕᦊֵአٖਂ๶ਂ session҅੒ԭ୏‫ᦶ᧣ݎ‬๶᧔உො‫̶׎‬

```
var express = require('express');
// Ḓ‫ض‬୚‫ ف‬express-session ᬯӻཛྷࣘ
var session = require('express-session');

var app = express();

app.listen(5000);

// ೲᆙӤᶎጱᥴ᯽҅ᦡᗝ session ጱ‫ݢ‬ᭌ݇හ

app.use(session({
secret: 'recommand 128 bytes random string', // ୌᦓֵአ 128 ӻਁᒧጱᵋ๢ਁᒧԀ
cookie: { maxAge: 60 * 1000 }
}));

app.get('/', function (req, res) {

// ༄ັ session Ӿጱ isVisit ਁྦྷ
// ইຎਂࣁ‫ڞ‬ी‫ے‬Ӟེ҅‫ڞވ‬ԅ session ᦡᗝ isVisit ਁྦྷ҅ଚ‫ڡ‬ত۸ԅ 1̶
if(req.session.isVisit) {
req.session.isVisit++;
res.send('

ᒫ ' + req.session.isVisit + 'ེ๶ྌᶭᶎ

');
} else {
req.session.isVisit = 1;
res.send("ཻᬨᒫӞེ๶ᬯ᯾");
console.log(req.session);
}
});
```
2҂ ࣁ redis Ӿਂ‫ ؙ‬session

session ਂනࣁٖਂӾӧො‫׎‬ᬰᑕᳵ‫و‬Ձ҅ࢩྌ‫ݢ‬զֵአ redis ᒵᖨਂ๶ਂ‫ ؙ‬session̶

‫֦ᦡ؃‬ጱ๢࢏ฎ 4 ໐ጱֵ֦҅አԧ 4 ӻᬰᑕࣁ᪒‫ݶ‬Ӟӻ node web ๐‫҅ۓ‬୮አಁᦢᳯᬰᑕ1෸҅

՜ᤩᦡᗝԧӞԶහഝ୮؉ session ਂࣁٖਂӾ̶ᘒӥӞེᦢᳯ෸҅՜ᤩᨮ᫹࣐ᤍ‫ک‬ԧᬰᑕ2҅‫ڞ‬
ྌ෸ᬰᑕ2ጱٖਂӾဌํ՜ጱ‫ᦊ҅௳מ‬ԅ՜ฎӻෛአಁ̶ᬯ੪տ੕ᛘአಁࣁ౯ժ๐‫ۓ‬Ӿጱᇫாӧ
Ӟᛘ̶

ֵአ redis ֢ԅᖨਂ҅‫ݢ‬զֵአ connect-redis ཛྷࣘ(https://github.com/tj/connect-redis )๶஑‫ک‬

redis ᬳളਫֺ҅ᆐ‫ ࣁݸ‬session Ӿᦡᗝਂ‫ؙ‬ොୗԅᧆਫ̶ֺ
```
var express = require('express');
var session = require('express-session');
var redisStore = require('connect-redis')(session);

var app = express();

app.listen(5000);

app.use(session({
// ‫؃‬ই֦ӧమֵአ redis ᘒమᥝֵአ memcached ጱᦾ҅դᎱදۖԞӧտ᩻ᬦ 5 ᤈ̶
// ᬯԶ store ᮷᭽஗፳ᕹӞጱള‫ٿ҅ݗ‬ฎਫሿԧᮎԶള‫ݗ‬ጱପ҅᮷‫ݢ‬զ֢ԅ session ጱ store ֵ
አ҅ྲই᮷ᵱᥝਫሿ .get(keyString) ޾ .set(keyString, value) ොဩ̶
// ᖫٟᛔ૩ጱ store Ԟஉᓌ‫ܔ‬
store: new redisStore(),
secret: 'somesecrettoken'
}));
app.get('/', function (req, res) {
if(req.session.isVisit) {
req.session.isVisit++;
res.send('

ᒫ ' + req.session.isVisit + 'ེ๶‫ྌک‬ᶭᶎ

');
} else {
req.session.isVisit = 1;
res.send('ཻᬨᒫӞེ๶ᬯ᯾');
}
});
```

‫ݱ‬ᐿਂ‫ؙ‬ጱ‫୕ڥ‬

Ӥᶎ౯ժ᧔‫҅ک‬session ጱ store ํࢥӻଉአᭌᶱғ1҂ٖਂ 2҂cookie 3҂ᖨਂ 4҂හഝପ

ٌӾ҅୏‫ݎ‬ሾहਂٖਂ੪অԧ̶Ӟᛱጱੜᑕଧԅԧ፜Ԫ҅ইຎӧၿ݊ᇫா‫و‬Ձጱᳯ᷌҅አٖਂ
session Ԟဌᳯ̶ٖ᷌֕ਂ session ᴻԧ፜Ԫԏक़҅ဌํ‫ڦ‬ጱঅ̶॒

cookie session ౯ժӥᶎտ൉‫҅ک‬ሿࣁ᧔᧔‫̶୕ڥ‬አ cookie session ጱᦾ҅ฎӧአ೅ஞᇫா‫و‬Ձ

ᳯ᷌ጱ҅ࢩԅ session ጱ data ӧฎኧ๐‫࢏ۓ‬๶‫҅ਂכ‬ᘒฎ‫ࣁਂכ‬አಁၨᥦ࢏ᒒ҅ྯེአಁᦢᳯ
෸҅᮷տԆۖଃӤ՜ᛔ૩ጱ‫̶௳מ‬୮ᆐࣁᬯ᯾҅ਞ‫ق‬௔ԏᔄጱ҅‫ݝ‬ᥝ᭽ᆙ๋֯ਫ᪢๶҅Ԟฎํ‫כ‬
ᦤጱ̶ਙጱ୕ᒒฎीय़ԧහഝᰁփᬌ҅‫ڥ‬ᒒฎො‫̶׎‬

ᖨਂොୗฎ๋ଉአጱොୗԧ҅‫ܨ‬ள݈҅ᚆ‫و‬Ձᇫா̶ፘྲ cookie session ๶᧔҅୮ session data

ྲ᫾य़ጱ෸‫ݢ҅ײ‬զᜓ፜ᗑᕶփᬌ̶വគֵአ̶

හഝପ session̶ᴻᶋ֦உᆧఀᬯӞࣘ҅Ꭳ᭲ᛔ૩ᥝՋԍ҅‫ڞވ‬ᬮฎᘌᘌਫਫአᖨਂ‫̶މ‬

signedCookie

Ӥᶎ᮷ฎᦖचᏐ҅ሿࣁᦖӞԶӫӱᅩጱ̶

Ӥᶎํ൉‫ک‬

cookie ᡱᆐஉො‫֕҅׎‬ฎֵአ cookie ํӞӻஉय़ጱ୕ᒒ҅cookie Ӿጱಅํහഝࣁਮಁᒒ੪‫ݢ‬զ

ᤩ‫ץ‬ද҅හഝᶋଉ਻ฃᤩ։᭜
ٌਫӧฎᬯ໏ጱ҅ᮎ‫ݝ‬ฎԅԧො‫׎‬ቘᥴ಍ᮎԍ̶ٟᥝᎣ᭲҅ᦇᓒ๢ᶾऒํӻ‫ ݞ᦯ݷ‬ᓋ‫҅ݷ‬ӫӱᅩ
᧔҅‫௳מ ݞ‬൹ᥝᓒဩ̶
ྲই౯ժሿࣁᶎԁ፳Ӟӻោề୏‫ݎ‬ጱᗑᒊ҅՜አ cookie ๶ᦕ୯ጭᴭጱአಁ‫̶ᦤڂ‬ፘଫጱ cookie
ᳩᬯ໏ғdotcom_user=alsotang҅ਙ᧔กሿࣁጱአಁฎ alsotang ᬯӻአಁ̶ইຎ౯ࣁၨᥦ࢏Ӿ
ᤰӻൊկ҅಩ਙද౮dotcom_user=ricardo҅๐‫࢏ۓ‬Ӟ᧛‫҅ݐ‬੪տ᧏ᦊԅ౯ฎ ricardo̶ᆐ‫ݸ‬౯੪
‫ݢ‬զᬰᤈ ricardo ಍ᚆᬰᤈጱ඙֢ԧ̶ԏ‫ ڹ‬web ୏‫ݎ‬ӧ౮ᆧጱ෸‫҅ײ‬አᬯ೗ኜᛗ‫ݢ‬զἓӻᗑᒊӥ
๶҅಩ cookie ද౮ dotcom_user=admin ੪ᤈԧ҅ࠆ҅ᮎฎӻሻἓਮጱἎᰂଙդ̶ࠡ

OK҅ሿࣁ౯ํӞԶහഝ҅ӧమਂࣁ session Ӿ҅మਂࣁ cookie Ӿ҅ெԍ‫ᦤכ‬ӧᤩᓫදޫҘᒼໜ

உᓌ‫҅ܔ‬ᓋӻ‫̶ݷ‬

‫ᦡ؃‬౯ጱ๐‫ํ࢏ۓ‬ӻᑃੂਁᒧԀ҅ฎ this_is_my_secret_and_fuck_you_all҅౯ԅአಁ cookie ጱ

dotcom_user ਁྦྷᦡᗝԧӻ꧊ alsotang̶cookie ๜ଫฎ

{dotcom_user: 'alsotang'}
ᬯ໏ጱ̶

ᘒইຎ౯ժᓋӻ‫ྲ҅ݷ‬ই಩ dotcom_user ጱ꧊᪙౯ጱ secret_string ؉ӻ sha1

sha1('this_is_my_secret_and_fuck_you_all' + 'alsotang') ===

'4850a42e3bc0d39c978770392cbd8dc2923e3d1d'

ᆐ‫ݸ‬಩ cookie ‫ݒ‬౮ᬯ໏

{
dotcom_user: 'alsotang',
'dotcom_user.sig': '4850a42e3bc0d39c978770392cbd8dc2923e3d1d',
}

ᬯ໏Ӟ๶҅አಁ੪ဌဩ։᭜‫௳מ‬ԧ̶Ӟ෮ਙๅදԧ cookie Ӿጱ‫ڞ҅௳מ‬๐‫࢏ۓ‬տ‫ݎ‬ሿ hash ໊ḵ

ጱӧӞᛘ̶

ླᒌ՜ӧ౜౯ժጱ secret_string ฎՋԍ҅ᘒู‫ێ‬Ꮘᥴߢ૶꧊ጱ౮๜ॡṛ̶

cookie-session

ӤᶎӞፗ൉‫ ک‬session ‫ݢ‬զਂࣁ cookie Ӿ҅ሿࣁ๶ᦖᦖٍ֛ጱ௏᪠̶ᬯ᯾ಅၿ݊ጱӫӱ‫ݞ᦯ݷ‬

؉ ੒ᑍ‫ᦡ؃ ̶ੂے‬౯ժమࣁአಁጱ cookie Ӿਂ session dataֵ҅አӞӻ‫ݷ‬ԅ session_data ጱ
ਁྦྷ̶ ਂ js var sessionData = {username: 'alsotang', age: 22, company: 'alibaba',
location: 'hangzhou'} ᬯྦྷ‫௳מ‬ጱᦾ҅‫ݢ‬զਖ਼ sessionData Ө౯ժጱ secret_string Ӟ᩸؉
ӻ੒ᑍ‫ کਂ҅ੂے‬cookie ጱ session_data ਁྦྷӾ҅‫ݝ‬ᥝ֦ጱ secret_string ᪃ड़ᳩ҅ᮎԍධ
‫ڋ‬ᘏԞฎ෫ဩ឴‫ݐ‬ਫᴬ session ٖ਻ጱ̶੒ᑍ‫ੂے‬ԏ‫ݸ‬ጱٖ਻੒ԭධ‫ڋ‬ᘏ๶᧔ፘ୮ԭӞྦྷԤᎱ̶
ᘒ୮አಁӥེᦢᳯ෸҅౯ժ੪‫ݢ‬զአ secret_string ๶ᥴੂ sessionData ҅஑‫ک‬౯ժᵱᥝጱ
session data̶ signedCookies ᪙ cookie-session ᬮฎํ‫ڦ܄‬ጱғ 1҂ฎ‫ڹ‬ᘏ‫ݢ௳מ‬ᥠӧ‫ݢ‬ᓫ
ද҅‫ݸ‬ᘏӧ‫ݢ‬ᥠԞӧ‫ݢ‬ᓫද 2҂ฎ‫ڹ‬ᘏӞᛱฎᳩ๗‫҅ਂכ‬ᘒ‫ݸ‬ᘏฎ session cookie
cookie-session ጱਫሿ᪙ signedCookies ૧ӧग̶़

ӧᬦ cookie-session ౯ӻՈୌᦓӧᥝֵአ҅ํ‫ࢧکݑ‬නධ‫ڋ‬ጱ‫ܧ‬ᴾ̶

ࢧනධ‫ڋ‬೰ጱฎ҅ྲইӞӻአಁ҅ਙሿࣁํ 100 ᑌ‫҅ړ‬ᑌ‫ ࣁਂړ‬session Ӿ҅session ‫ࣁਂכ‬

cookie Ӿ̶՜‫ګ॔ض‬ӥሿࣁጱᬯྦྷ cookie҅ᆐ‫ݎ݄ݸ‬ӻૼৼ҅ಕധԧ 20 ᑌ‫҅ړ‬ԭฎ՜੪‫ํݝ‬
80 ᑌ‫ړ‬ԧ̶ᘒ՜ሿࣁ‫ݢ‬զਖ਼ԏ‫ګ॔ڹ‬ӥጱᮎྦྷ cookie ٚᔌᩂࢧ݄ၨᥦ࢏Ӿ҅ԭฎ๐‫ࣁ࢏ۓ‬ӞԶ
࣋วӥտᦊԅ՜݈ํԧ 100 ᑌ‫̶ړ‬

ইຎ᭿‫ع‬ᬯᐿධ‫ޫڋ‬Ҙᬯ੪ᵱᥝ୚‫ف‬Ӟӻᒫӣොጱಋྦྷ๶ḵᦤ cookie session҅ᘒḵᦤಅᵱጱ‫מ‬

௳҅Ӟਧӧᚆਂࣁ cookie Ӿ̶ᬯԍӞ๶҅᭿‫ع‬ԧᬯᐿධ‫ֵ҅ݸڋ‬አ cookie session ጱঅ॒੪ឌ
ᆐ෫ਂԧ̶ইຎԅԧ᭿‫ع‬ධ‫ڋ‬ᘒ୚‫ف‬ԧᖨਂֵአጱᦾ҅ᮎӧই಩ cookie session ԞӞ᩸නᬰᖨਂ
Ӿ̶

session cookie

‫ڡ‬਍ᘏ਻ฃᇨጱӞӻᲙ᧏ฎ҅஫ᦕԧ session_id ࣁ cookie Ӿጱਂ‫ؙ‬ොୗฎ session cookie̶

‫҅ܨ‬୮አಁӞ‫ى‬ᳮၨᥦ࢏҅ၨᥦ࢏ cookie Ӿጱ session_id ਁྦྷ੪տၾ०̶

ଉᥠጱ࣋ว੪ฎࣁ୏‫ݎ‬አಁጭᴭᇫா‫כ‬೮෸̶

‫؃‬ইአಁࣁԏ‫ڹ‬ጭᴭԧ֦ጱᗑᒊ֦҅ࣁ՜੒ଫጱ session Ӿਂԧ‫҅௳מ‬୮՜‫ى‬ᳮၨᥦ࢏ེٚᦢᳯ

෸֦҅ᬮฎӧ౜՜ฎ᧡̶ಅզ౯ժᥝࣁ cookie Ӿ҅Ԟ‫ਂכ‬Ӟղ‫ى‬ԭአಁ᫝ղጱ‫̶௳מ‬

ྲইํᬯ໏Ӟӻአಁ

{username: 'alsotang', age: 22, company: 'alibaba', location: 'hangzhou'}

౯ժ‫ݢ‬զᘍᡤ಩ᬯࢥӻਁྦྷጱ‫௳מ‬᮷ਂࣁ session Ӿ҅ᘒࣁ cookie҅౯ժአ signedCookies ๶

ਂӻ username̶

ጭᴭጱ༄ḵᬦᑕ։դᎱইӥғ

if (req.session.user) {
// ឴‫ ݐ‬user ଚᬰᤈӥӞྍ
next()
} else if (req.signedCookies['username']) {
// ইຎਂࣁ‫ڞ‬՗හഝପӾ឴‫ݐ‬ᬯӻ username ጱ‫҅௳מ‬ଚ‫ کਂכ‬session Ӿ
getuser(function (err, user) {
req.session.user = user;
next();
});
} else {
// ୮؉ԅጭᴭአಁ॒ቘ
next();
}