1. 使用 koa-session

给请求添加上token

const session = require('koa-session');

const CONFIG = {   key: 'koa:sess',   /** (string) cookie key (default is koa:sess) */   /** (number || 'session') maxAge in ms (default is 1 days) */   /** 'session' will result in a cookie that expires when session/browser is closed */   /** Warning: If a session cookie is stolen, this cookie will never expire */   maxAge: 0,   autoCommit: true,   /** (boolean) automatically commit headers (default true) */   overwrite: true,   /** (boolean) can overwrite or not (default true) */   httpOnly: true,   /** (boolean) httpOnly or not (default true) */   signed: true,   /** (boolean) signed or not (default true) */   rolling: false,   /** (boolean) Force a session identifier cookie to be set on every response. The expiration is reset to the original maxAge, resetting the expiration countdown. (default is false) */   renew: false,   /** (boolean) renew session when session is nearly expired, so we can always keep user logged in. (default is false) */ }; app.keys = ['some secret hurr']; /**  * session middleware  * @see https://github.com/koajs/session  */ app.use(session(CONFIG, app));

 

2. jsonwebtoken    https://github.com/auth0/node-jsonwebtoken

用jsonwebtoken对请求到的数据进行加密生成token，用token解密加密的数据

加密

const jwt = require('jsonwebtokens');
let payload = {name:'张三',admin:true}; // 加密的数据
let secret = 'always_and_forever'; // 秘钥，随便写
let token = jwt.sign(payload,secret, { expiresIn: '1h' });
console.log(token)

解密

let payload = jwt.verify(token,secret)
console.log(payload)

 

3. 在登录操作后

ctx.session.token = token；

退出登录后

 

ctx.session.token = ''；