1. 首页
  2. 问答
  3. $ window.sessionStorage用于登录和注销(基于令牌);

$ window.sessionStorage用于登录和注销(基于令牌);

2015-11-08 123 views
0

我使用基于令牌的Node.js和Angular.js创建登录和注销函数。我正在保存到窗口存储中的令牌。

问题是如果我注销它只是注销一个浏览器,并且如果我登录它不认识我是否已经登录。我想我必须扩展我的程序。

我的问题是如何删除我登录的每个打开的浏览器的存储?或者我可以在我的代码中询问我是否已登录,我怎么能这样做?

在此先感谢!

Node.js的CODE

app.post('/logout', function(req, res){ 

    jwt.verify(req.body.token, 'secretKey', function(err, decoded) { 
     console.log("Decoded " + decoded); 
     if(decoded._id != null){ 
     User.findOne({ 
     _id : decoded._id 
    }, function(err, user) { 
     if (err) { 
      console.log('Error occured', err); 

     } else { 
      if (user) { 
       res.end(); 
      } 

    } 
    }); 
    }else{ 

     Console.log("Could not logout"); 
    } 
    }); 

}); 

app.post('/login', function(req, res) { 

    User.findOne({ 
     email : req.body.email 
    }, function(err, user) { 
     if (err) { 
      console.log('Error occured', err); 

     } else { 
      if (user) { 

       // check if password matches 
       if (req.body.password != undefined) { 
        var hashPWCheck = bcrypt.compareSync(req.body.password, user.password); 
        // true 
        //console.log(hashPWCheck); 
        if (!(hashPWCheck)) { 
         res.json({ 
          success : false, 
          message : 'Authentication failed. Wrong password.' 
         }); 
         console.log('Authentication failed. Wrong password.'); 
        } else { 
         var token = jwt.sign(user, 'secretKey', { 
          expiresInMinutes : 60 // expires in 1 Minute 
         }); 

         res.json({token : token, email : user.email}); 
         console.log("Token created & sent to Client(UserCtrlLogin): " + token); 
        } 

       } else { 
        console.log("Password is required!"); 
       } 

      } else { 
       console.log("Incorect E-Mail"); 
      } 

     } 

    }); 
});

ANGULAR.js代码

app.controller('UserCtrlLogin', function($scope, $http, $window, $location, $rootScope) { 

    $scope.logout = function(){ 
     var sessionlogout = $window.sessionStorage.getItem('token'); 


     var formData = { 
      token : sessionlogout 

     }; 

    $http.post('/logout', formData).success(function(data, status, headers, config) { 
     if(status == 200){ 


      $rootScope.isAlive = false; 
      $rootScope.ali = false; 
      $window.sessionStorage.removeItem('token'); 


     }else{ 
      $window.sessionStorage.removeItem('token'); 
      $rootScope.isAlive = false; 
     } 
     });  

    }; 


    $scope.signin = function() { 

     var formData = { 
      email : $scope.email, 
      password : $scope.password 
     }; 

     // $window.sessionStorage.removeItem('token'); 
     $http.post('/login', formData).success(function(data, status, headers, config) { 
      console.log('Data: ' + data.email); 
      //console.log('Status: ' + status); 
      if (status == 200) { 
       if(data.email == "[email protected]"){ 
        $rootScope.ali = true; 

       } 

       $rootScope.isAlive = true; 

       $window.sessionStorage.setItem('token', data.token); 
       console.log("Token saved into Storage from Server(Node.js function /login)"); 



      } 
     }).error(function(data, status, headers, config) { 
      // called asynchronously if an error occurs 
      // or server returns response with an error status. 
      $window.sessionStorage.removeItem('token'); 
     }); 

    }; 

});

来源

2015-11-08 machu pichu

回答

1

您需要保存在数据库中标记,如果你登录或在一个浏览器注销您必须将令牌标记为有效/无效,并且在另一个浏览器中需要在后端检查令牌状态。

P.s.请参阅satellizer,这只是我对前端验证模块的建议。

来源

2015-11-08 14:40:55

相关问题

 相关问题