问题
SITUATION:
If I log in from one device and open the website on any other device (my phone, my friend's laptop, my neighbour's pc), the website shows me as logged in on all those devices.
If I log out, I am shown as logged out on all devices.
Effectively, my website can only be used by one user at a time which is absolutely pointless.
I must somehow have misused Firebase authentication.
CODE:
router.post('/login', function(req, res, next) {
var email = req.body.email;
var password = req.body.password;
// Validation
req.checkBody('email', 'Email is required').notEmpty();
req.checkBody('email', 'Email is not valid').isEmail();
req.checkBody('password', 'Password is required').notEmpty();
var errors = req.validationErrors();
if(errors){
res.render('users/login', {
errors: errors
});
} else {
firebase.auth().signInWithEmailAndPassword(email, password).then(authData => {
console.log("Authenticated user with uid:",authData);
req.flash('success_msg', 'You have logged in');
res.redirect("/fun/index");
}).catch(error => {
var errorCode = error.code;
var errorMessage = error.message;
console.log("Login Failed: ", error);
req.flash('error_msg', "Unknown user or password");
res.redirect('/users/login');
});
}
});
QUESTION:
What mistake have I made and how do I fix it ?
EDIT: Found this: Firebase NodeJS Authentication
But the question remained without an answer.
回答1:
If you're using the node.js admin SDK, you are effectively in a single-user situation, and your server is the single user. Typically, that single user is a privileged service account, but it appears you're using it to log in individual users simultaneously. That's not a supported use case for the admin SDK.
If you want per-user login for your web site, you'll have to authenticate in the browser itself using the web SDK. The web SDK communicates directly with Firebase services, securely, on behalf of the user that's signed in.
来源:https://stackoverflow.com/questions/41579003/my-firebase-website-only-allows-one-user-logged-in-at-all-times-why