For example开发者_StackOverflow中文版 right here:
http://dailyjs.com/2011/01/10/node-tutorial-9/
https://github.com/alexyoung/nodepad/blob/master/models.js
There's something called a login token. I don't understand what the point of that is, isn't there already a session? There's a session cookie and a session entry in the database. Can't you check against that instead of LoginToken?
Thanks.
This isn't really a node.js question, since it applies just as much to websites written in any language, but here's an answer.
Session cookies are generally quite short-lived, and reference a whole bunch of information about what you're currently doing on a website, which you don't want to store for every user for weeks or months. The login token is a much longer-lived cookie that just records that this web browser is authorised to connect as this user without having to go through the login process.
精彩评论