使用passport-local进行身份validation后,无法使用来自客户端的会话

我正在尝试使用express,passport-local,mongoose编写一个小型的用户authentication模块。 用户身份validation工作正常,但我不能够在进一步的会话中使用经过身份validation的用户。

已经经历了Stackoverflow和其他地方的大部分build议,但似乎没有在这里工作。

我的代码的微缩版本如下:

var express = require('express'); var cookieParser = require('cookie-parser'); var mongoose = require('mongoose'); var bodyParser = require('body-parser'); var passport = require('passport'); var LocalStrategy = require('passport-local').Strategy; var session = require('express-session'); function genuuid(req) { return "UUID"; } var app=express(''); mongoose.connect('mongodb://localhost:27017/test'); //user config var userSchema = new mongoose.Schema({ username: String, password: String}); var User = mongoose.model('User', userSchema); var CreateUser = function(req, res) { var user = new User(); user.username = req.body.username; user.password = req.body.password; user.save(function(err) { if (!err) res.json({message: "User created"}); else res.send(err); }); } //passport config passport.use('local', new LocalStrategy( function(username, password, callback) { User.findOne({username: username}, function(err, user) { if (!user) callback(null, false); else callback(null, {id: user.id}); }); } )); passport.serializeUser(function(user, done) { return done(null, user.id); }); passport.deserializeUser(function(id, done) { User.findById(id, function(err, user) { return done(err, user); }); }); var Authenticate = passport.authenticate('local', {session: true}); var IsLoggedIn = function(req, res, next) { if (req.isAuthenticated()) next(); else res.json({message: "Not logged In"}); } app.use(session({ genid: function(req) { return genuuid() }, name: 'server-session-cookie-id', secret: 'carxpertsecret', cookie: {maxAge: 60000 }, saveUninitialized: false, resave: false, //store: new FileStore() })); app.use(bodyParser.urlencoded({ extended: true })); app.use(passport.initialize()); app.use(passport.session()); var router = express.Router(); router.route('/secretdata'). get(IsLoggedIn, function(req, res) { res.send("Secret Data")}); router.route('/createUser'). post(CreateUser); router.route('/login'). post(Authenticate, function(req, res) { res.send("user authenticated")}); app.use('/api', router); app.listen(3000, function() { console.log("Example app listening on port 3000!"); }); 

现在我创build一个用户如下:

 $ curl -v http://127.0.0.1:3000/api/createUser -X POST -d "username=foo&password=foo123" * Hostname was NOT found in DNS cache * Trying 127.0.0.1... * Connected to 127.0.0.1 (127.0.0.1) port 3000 (#0) > POST /api/createUser HTTP/1.1 > User-Agent: curl/7.38.0 > Host: 127.0.0.1:3000 > Accept: */* > Content-Length: 28 > Content-Type: application/x-www-form-urlencoded > * upload completely sent off: 28 out of 28 bytes < HTTP/1.1 200 OK < X-Powered-By: Express < Content-Type: application/json; charset=utf-8 < Content-Length: 26 < ETag: W/"1a-BL5+lbfL5b+1LNJK6XUFRA" < Date: Mon, 04 Apr 2016 23:31:14 GMT < Connection: keep-alive < * Connection #0 to host 127.0.0.1 left intact {"message":"User created"} 

然后使用新创build的用户login(authentication):

 $ curl -v http://127.0.0.1:3000/api/login -X POST -d "username=foo&password=foo123" * Hostname was NOT found in DNS cache * Trying 127.0.0.1... * Connected to 127.0.0.1 (127.0.0.1) port 3000 (#0) > POST /api/login HTTP/1.1 > User-Agent: curl/7.38.0 > Host: 127.0.0.1:3000 > Accept: */* > Content-Length: 28 > Content-Type: application/x-www-form-urlencoded > * upload completely sent off: 28 out of 28 bytes < HTTP/1.1 200 OK < X-Powered-By: Express < Content-Type: text/html; charset=utf-8 < Content-Length: 18 < ETag: W/"12-oAQqrjPB7C8RdFEBpTkRdQ" < set-cookie: server-session-cookie-id=s%3AUUID.y6%2BRWOBpX%2Ffg6mVomXev1bhxB1LU0RarUvCYME9DR5I; Path=/; Expires=Mon, 04 Apr 2016 23:32:20 GMT; HttpOnly < Date: Mon, 04 Apr 2016 23:31:20 GMT < Connection: keep-alive < * Connection #0 to host 127.0.0.1 left intact user authenticated 

我以cookie的forms获得了新创build的会话(请参阅上面的set-cookie头),并且当我尝试在后续请求中使用此会话(如下所示)时,用户未使用此会话进行身份validation:

 $ curl -v http://127.0.0.1:3000/api/secretdata --cookie 'server-session-cookie-id=s%3AUUID.y6%2BRWOBpX%2Ffg6mVomXev1bhxB1LU0RarUvCYME9DR5I' * Hostname was NOT found in DNS cache * Trying 127.0.0.1... * Connected to 127.0.0.1 (127.0.0.1) port 3000 (#0) > GET /api/secretdata HTTP/1.1 > User-Agent: curl/7.38.0 > Host: 127.0.0.1:3000 > Accept: */* > Cookie: server-session-cookie-id=s%3AUUID.y6%2BRWOBpX%2Ffg6mVomXev1bhxB1LU0RarUvCYME9DR5I > < HTTP/1.1 200 OK < X-Powered-By: Express < Content-Type: application/json; charset=utf-8 < Content-Length: 27 < ETag: W/"1b-hZjo3NVGururbXsBRiO5+Q" < Date: Tue, 05 Apr 2016 00:07:18 GMT < Connection: keep-alive < * Connection #0 to host 127.0.0.1 left intact {"message":"Not logged In"} 

请帮我debugging这个问题。

       

网上收集的解决方案 "使用passport-local进行身份validation后,无法使用来自客户端的会话"