1. 使用koa-session

給請求新增上token

const session = require('koa-session');

const CONFIG = { key: 'koa:sess', /** (string) cookie key (default is koa:sess) */ /** (number || 'session') maxAge in ms (default is 1 days) */ /** 'session' will result in a cookie that expires when session/browser is closed */ /** Warning: If a session cookie is stolen, this cookie will never expire */ maxAge: 0, autoCommit: true, /** (boolean) automatically commit headers (default true) */ overwrite: true, /** (boolean) can overwrite or not (default true) */ httpOnly: true, /** (boolean) httpOnly or not (default true) */ signed: true, /** (boolean) signed or not (default true) */ rolling: false, /** (boolean) Force a session identifier cookie to be set on every response. The expiration is reset to the original maxAge, resetting the expiration countdown. (default is false) */ renew: false, /** (boolean) renew session when session is nearly expired, so we can always keep user logged in. (default is false) */ }; app.keys = ['some secret hurr']; /** * session middleware * @see https://github.com/koajs/session */ app.use(session(CONFIG, app));

2.jsonwebtoken

https://github.com/auth0/node-jsonwebtoken

用jsonwebtoken對請求到的資料進行加密生成token，用token解密加密的資料

加密

const jwt = require('jsonwebtokens');
let payload = {name:'張三',admin:true}; // 加密的資料
let secret = 'always_and_forever'; // 祕鑰，隨便寫
let token = jwt.sign(payload,secret, { expiresIn: '1h' });
console.log(token)

解密

let payload = jwt.verify(token,secret)
console.log(payload)
 

3. 在登入操作後

ctx.session.token = token；

退出登入後

ctx.session.token = ''；