req.session.user не «глобально» в моем проекте node.js

Question

После проверки подлинности req.session.user существует, но когда я пытаюсь вызвать его, чтобы ограничить доступ к странице, он исчез и, конечно, ограничивает доступ, когда я не хочу этого. Я знаю его проблему с охватом, но я не могу понять это.

function restrict(req, res, next) { 
    if (req.session.user) { 
    next(); 
    } else { 
    req.session.error = 'Access denied!'; 
    res.redirect('/accessdenied'); 
    } 
} 

// Add User Route 
app.get('/addUser', restrict, function (req, res, next) 
    {res.render('addUser', { 
         title  : "SC Auds - Ad New User" 
        , author  : "Alan Swenson" 
        , description : "none" 
        }); 
       }); 



app.post('/login', function (req, res, next){ 

var checkuser = new User({ 
         email  : req.body.user.email 
        , password : req.body.user.password 
        }); 

// checkuser.save(function(err) { 
    // Successfully Logged In 
User.getAuthenticated(checkuser.email, checkuser.password, function(err, user, reason) { 

     if (err) { 
      throw err; 
     // Failed to work 
      res.redirect('/error'); 
     } 

     // login was successful if we have a user 
     if (user) { 
      // handle login success 
      req.session.regenerate(function(){ 
      req.session.user = user; 
      req.session.success = 'Authenticated as ' + user.email; 
      res.redirect('/admin'); 
      console.log(req.session.user); 
      }); 
     } 

     // otherwise we can determine why we failed 
     var reasons = User.failedLogin; 
     console.log(User.failedLogin); 
     switch (reason) { 
      case reasons.NOT_FOUND: 
      case reasons.PASSWORD_INCORRECT: 
       // note: these cases are usually treated the same - don't tell 
       // the user *why* the login failed, only that it did 
       break; 
      case reasons.MAX_ATTEMPTS: 
       // send email or otherwise notify user that account is 
       // temporarily locked 
       break; 

     } 

    }); 



}); 

Вот мой app.js

/** 
* Module dependencies 
*/ 

var express = require('express'), 
    routes = require('./routes'), 
    tasks  = require("./tasks"), 
    mongoose = require('mongoose'); 
    crypt  = require('bcrypt'); 
    RedisStore = require('connect-redis')(express); 
    url =  require('url'); 


// Get yo' models 
User = require("./models/user.js"); 
// Set up the app 
app = express(); 
// Set up the server 
var server = require('http').createServer(app); 

//set up redis 
var redisURL = 'redis://nodejitsu:nodejitsudb3022889634.redis.irstack.com:f327cfe980c971946e80b8e975fbebb4@nodejitsudb3022889634.redis.irstack.com:6379'; 
var redis = url.parse(redisURL); 
console.log(redis); 
/** 
* Configuration 
*/ 

app.configure(function(){ 
    app.set('views', __dirname + '/views'); 
    app.set('view engine', 'jade'); 
    // Middle Ware 
    app.use(express.favicon(__dirname + '/public/favicon.ico')); 
    app.use(express.bodyParser()); 
    app.use(express.cookieParser()); 
    app.use(express.session({ 
    secret: "kaskjbabjkdfkabdfbkadbkjfasdfasdfrterterte", 
    store: new RedisStore({ host: redis.hostname, port: redis.port, pass: redis.auth ? redis.auth.substring(redis.auth.indexOf(':') + 1) : null }), 
    proxy: true, 
    cookie: { secure: true} 
    })); 
    app.use(express.methodOverride()); 



    app.use(app.router); 
    app.use(express.static(__dirname + '/public')); 
    app.enable('trust proxy'); 
}); 

/** 
* Set up Listening Ports 
* Development & Production 
*/ 

var port; 
app.configure('development', function(){ 
    port = 3000; 
    app.use(express.errorHandler({ dumpExceptions: true, showStack: true })); 
// mongoose.connect('mongodb://localhost/<app_name>'); 
}); 

app.configure('production', function(){ 
    port = 80; 
    app.use(express.errorHandler()); 
    // Production database connection string 
    mongoose.connect('mongodb://nodejitsu:c09cdadf6f1c8ecad43a01d54b4da8e4@linus.mongohq.com:10096/nodejitsudb9995237560'); 
}); 

/** 
* Open Database 
*/ 

var db = mongoose.connection; 
db.on('error', console.error.bind(console, 'connection error:')); 
db.once('open', function callback() { 
    console.log('opened'); 
}); 

var models = {}; 

/** 
* Set up Routes 
*/ 

// Main Route 
app.get('/', routes.home); 
// Additional Routes 
require('./additionalRoutes')(app) 


/** 
* Start Sever Listening 
*/ 

server.listen(port, function(){ 
}); 


/* 
* Run background tasks here: 
*/ 

// Run immediately 
// tasks.myTask(); 

// Run periodically 
// setInterval(tasks.myTask, 1000 * 60 * 10); 

Answer 1

Я понял. Мой файл cookie истекал немедленно из-за разницы во временных зонах между моим компьютером и сервером. изменено истекает: ложные

cookie: { secure: true, 
        path: '/', 
       expires: false} 

Answer 2

Вы пропавшая функцию ограничения здесь ..

app.post('/login', function (req, res, next){ 

Изменить его.

app.post('/login', restrict, function (req, res, next){