Javascript 来自失败登录的响应包含cookie
在login.js中,我正在测试如果在请求中发送未注册的凭据,用户将无法登录。对此类失败请求的响应不应包含cookie,但在运行我的代码后,响应确实包含cookie,并且响应状态为400 为什么会这样 login.jsJavascript 来自失败登录的响应包含cookie,javascript,cookies,passport.js,Javascript,Cookies,Passport.js,在login.js中,我正在测试如果在请求中发送未注册的凭据,用户将无法登录。对此类失败请求的响应不应包含cookie,但在运行我的代码后,响应确实包含cookie,并且响应状态为400 为什么会这样 login.js const request = require('supertest') const express = require('express') const app = express() const passport = require('passport') const Loc
const request = require('supertest')
const express = require('express')
const app = express()
const passport = require('passport')
const LocalStrategy = require('passport-local').Strategy
const expressSession = require('express-session')
const mongoose = require('mongoose')
const url = "mongodb://user1:password1@ds155091.mlab.com:55091/redditmock"
mongoose.connect(url)
//Configuring local authentication
passport.use(new LocalStrategy(
(username, password, done) => {
User.findOne({username: username}, (err, user) => {
if (err) return done(err)
if (!user) {
return done(null, false, {message: 'Incorrect username.'});
}
if (user.password !== password) {
return done(null, false, { message: 'Incorrect password.' })
}
return done(null, user)
})
}
))
//Configuring app to have sessions
passport.serializeUser((user, done) => {
done(null, user._id)
})
passport.deserializeUser((id, done) => {
User.findById(id, function(err, user) {
done(err, user)
})
})
app.use(expressSession({secret: 'aSecretKey'}))
app.use(passport.initialize())
app.use(passport.session())
app.post('/api/login', passport.authenticate('local'), (req, res) => res.end())
const server = app.listen(3000)
request(server)
.post('/api/login')
.type('form')
.send({username: "sasd"})
.send({password: "sdfa"})
.then((res) => {
cookie = res.header['set-cookie'][0]
console.log(res.status)
console.log(cookie)
})
User.js
const mongoose = require('mongoose')
const schema = new mongoose.Schema({
username: {
type: String,
required: true
},
password: {
type: String,
required: true
}
})
module.exports = mongoose.model('User', schema)
为什么响应不应该包含cookie?因为只有在用户成功登录时才应该发送cookie。