我不明白几点关于如何express.js会议工作express.js理解会话安全
,当我这样做
server.use express.cookieParser()
server.use express.cookieSession { secret: 'whatever' }
,然后设置类似
server.post '/login', (req, res)->
# checks that provided psw and username exist in db
req.session.user =
id: dbID
username: postedUsername
psw: postedPsw
res.redirect '/'
登录序列
是req.session.user
安全,所有参数未加密?
,我应该检查,如果用户名和PSW是正确的,在像这样各点:
server.use (req, res, next) ->
# checks that provided psw and username exist in db
# otherwise destroy session
?
您的时间