跳至主要內容

如何搭配 express-session 使用

讓我們從一個基本應用程式開始

const express = require("express");
const { createServer } = require("node:http");
const { join } = require("node:path");
const { Server } = require("socket.io");
const session = require("express-session");

const port = process.env.PORT || 3000;

const app = express();
const httpServer = createServer(app);

const sessionMiddleware = session({
  secret: "changeit",
  resave: true,
  saveUninitialized: true,
});

app.use(sessionMiddleware);

app.get("/", (req, res) => {
  res.sendFile(join(__dirname, "index.html"));
});

app.post("/incr", (req, res) => {
  const session = req.session;
  session.count = (session.count || 0) + 1;
  res.status(200).end("" + session.count);
});

const io = new Server(httpServer);

httpServer.listen(port, () => {
  console.log(`application is running at: http://localhost:${port}`);
});

分享工作階段內容

工作階段內容可以透過呼叫與 Socket.IO 伺服器分享

io.engine.use(sessionMiddleware);

如此簡單!您現在可以存取 session 物件

io.on("connection", (socket) => {
  const session = socket.request.session;
});

使用工作階段 ID

您可以使用工作階段 ID 在 Express 和 Socket.IO 之間建立連結

io.on("connection", (socket) => {
  const sessionId = socket.request.session.id;

  // the session ID is used as a room
  socket.join(sessionId);
});

然後您可以在 /incr 處理常式中通知每個已連線的用戶端

app.post("/incr", (req, res) => {
  const session = req.session;
  session.count = (session.count || 0) + 1;
  res.status(200).end("" + session.count);

  io.to(session.id).emit("current count", session.count);
});

登出流程也是一樣

app.post("/logout", (req, res) => {
  const sessionId = req.session.id;

  req.session.destroy(() => {
    // disconnect all Socket.IO connections linked to this session ID
    io.in(sessionId).disconnectSockets();
    res.status(204).end();
  });
});

修改會話

由於會話未繫結到單一 HTTP 要求,因此必須手動重新載入並儲存會話

io.on("connection", (socket) => {
  const req = socket.request;

  socket.on("my event", () => {
    req.session.reload((err) => {
      if (err) {
        return socket.disconnect();
      }
      req.session.count++;
      req.session.save();
    });
  });
});

您也可以使用中間件,它會在每個傳入封包觸發

io.on("connection", (socket) => {
  const req = socket.request;

  socket.use((__, next) => {
    req.session.reload((err) => {
      if (err) {
        socket.disconnect();
      } else {
        next();
      }
    });
  });

  // and then simply
  socket.on("my event", () => {
    req.session.count++;
    req.session.save();
  });
});
注意

呼叫 req.session.reload() 會更新 req.session 物件

io.on("connection", (socket) => {
  const session = socket.request.session;

  socket.use((__, next) => {
    session.reload(() => {
      // WARNING! "session" still points towards the previous session object
    });
  });
});

處理會話過期

您可能還想定期重新載入會話,以防會話過期(例如,如果客戶端長時間未傳送任何事件)

const SESSION_RELOAD_INTERVAL = 30 * 1000;

io.on("connection", (socket) => {
  const timer = setInterval(() => {
    socket.request.session.reload((err) => {
      if (err) {
        // forces the client to reconnect
        socket.conn.close();
        // you can also use socket.disconnect(), but in that case the client
        // will not try to reconnect
      }
    });
  }, SESSION_RELOAD_INTERVAL);

  socket.on("disconnect", () => {
    clearInterval(timer);
  });
});

跨網站要求的注意事項

express-session 依賴 Cookie 在瀏覽器中保留會話。因此,如果您的前端網域與後端網域不同(例如,如果您在自己的電腦上執行 SPA,但使用不同的埠),則需要傳送適當的 CORS 標頭

const cors = require("cors");
    
const corsOptions = {
  origin: ["http://localhost:4200"],
  credentials: true
};

// for Express
app.use(cors(corsOptions));

// for Socket.IO
const io = new Server(httpServer, {
  cors: corsOptions
});

您還需要在客戶端將 withCredentials 選項設定為 true

import { io } from "socket.io-client";

const socket = io("http://localhost:3000", {
  withCredentials: true
});

這就是與 express-session 相容的部分。感謝您的閱讀!

提示

您可以在以下位置直接在瀏覽器中執行此範例