Answer the question
In order to leave comments, you need to log in
N
N
narem2020-02-26 22:06:36
narem, 2020-02-26 22:06:36
How to add something to a session?
Unable to complete session. When authorizing, everything works fine, the session is saved in mysql.
But in the app.post("/addt" block, I need to somehow supplement the existing one, and for some reason the variable is not created here. How to be?
app.get("/",(request,response)=>{
if(request.session.userId && request.session.userLogin){
response.render('index');
}else{
response.render('auth');
}
console.log(request.session.tok);
});
app.post("/addt", (request,response)=>{
request.session.tok = request.body.token;
});
app.post("/auth",(request,response)=>{
user.findOne({where: {login: request.body.login}})
.then(usr=>{
if(usr.login == request.body.login && usr.password == request.body.password){
request.session.userId = usr.id;
request.session.userLogin = request.body.login;
request.session.userPass = request.body.password;
response.json({
status: true
})
}else{
response.json({
status: false
})
}
})
.catch(err=>{
response.json({
status: false
}) 2 answer(s)
@Che603000
You do not fully understand the essence of the issue. The session is set in request.seesion on every request to the server. In your case, most likely the user data is read from a mysql table. Thus
in the block
nothing will be saved, but on the contrary, user data is read from the user table to compare login and password
Although the block of code above is working, it means that the password is stored in the database in clear text, user logins will be duplicated, xss attacks, etc. are possible. I hope this is part of a term paper, and not industrial code...
The block of code above is completely meaningless though. Here you have left your request unanswered. As a result, the server will ever return a timeout error.
A
Alexander Cheremkhin, 2020-02-27 @Che603000
But in the app.post("/addt" block, I need to somehow supplement the existing one, and for some reason the variable is not created here. How to be?
You do not fully understand the essence of the issue. The session is set in request.seesion on every request to the server. In your case, most likely the user data is read from a mysql table. Thus
in the app.post("/addt" block, I need to supplement the existingwill not work
When authorizing, everything works fine, the session is saved in mysql.
in the block
app.post("/auth",(request,response)=>{
user.findOne({where: {login: request.body.login}})
.then(usr=>{nothing will be saved, but on the contrary, user data is read from the user table to compare login and password
if(usr.login == request.body.login && usr.password == request.body.password){Although the block of code above is working, it means that the password is stored in the database in clear text, user logins will be duplicated, xss attacks, etc. are possible. I hope this is part of a term paper, and not industrial code...
app.post("/addt", (request,response)=>{
request.session.tok = request.body.token; // что тут вы хотели сделать, request.body.token - в table user записать ???
});The block of code above is completely meaningless though. Here you have left your request unanswered. As a result, the server will ever return a timeout error.
Similar questions
N
E
S
S
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question