科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>javascript - Express: is it possible to bypass sessions for static files? - Stack Overflow

    javascript - Express: is it possible to bypass sessions for static files? - Stack Overflow

    programmeradmin4浏览0评论

    I'm using a quite straightforward setup of Express + Mongoose + Passport + Connect-mongo, and everything works fine. The only thing that is puzzling me, is that I can see the passport.unserializeUser called even for static files, which is - from my application point of view - absolutely pointless.

    I can understand that there are cases where you want the static files to be served under some sort of authorization as well, but I wonder how I could "skip" the whole session middleware in case I'm serving a static file.

    (In a production environment I could not use cookies for assets)

    I'm using a quite straightforward setup of Express + Mongoose + Passport + Connect-mongo, and everything works fine. The only thing that is puzzling me, is that I can see the passport.unserializeUser called even for static files, which is - from my application point of view - absolutely pointless.

    I can understand that there are cases where you want the static files to be served under some sort of authorization as well, but I wonder how I could "skip" the whole session middleware in case I'm serving a static file.

    (In a production environment I could not use cookies for assets)

    • javascript
    • node.js
    • express
    • passport.js
    Share Improve this question edited Jan 6, 2015 at 15:26 laggingreflex 34.7k36 gold badges143 silver badges200 bronze badges asked Dec 9, 2012 at 19:53 ClaudioClaudio 5,9805 gold badges36 silver badges42 bronze badges 5
    • 4 just put express.static above all the other middleware – Jonathan Ong Commented Dec 9, 2012 at 21:09
    • It works, and I found it fantastic. Jonathan, would you mind "answering" the question so I can actually give you some karma? :) – Claudio Commented Dec 9, 2012 at 21:31
    • 1 i don't do this for the points! – Jonathan Ong Commented Dec 9, 2012 at 21:36
    • Yeah, but this place is for people to find answers. Do you you mind if I answer myself with your hints? – Claudio Commented Dec 9, 2012 at 21:40
    • nope. a full explanation and/or example would be better as an answer – Jonathan Ong Commented Dec 9, 2012 at 21:52
    Add a ment  | 

    2 Answers 2

    Reset to default 15

    Middleware is called upon in the order it was added. Just move the static middleware to be very early in your app.js.

    For example:

    app.use(express.static(__dirname + "/public"));
// any other middleware
app.use(passport()); // or whatever your passport config looks like

    You could serve the static files from another domain which does not store any cookies at all. That also means that you cannot do any (security) checks before serving those files.

    This technique is used by various sites, such as StackOverflow, Facebook and LinkedIn.

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论