javascript - After the front-end and back-end separation, remember the password, automatic login, and the page after login. What should I do if the login times out?
怪我咯
怪我咯 2017-05-16 13:39:13
0
3
1116

Like the title

  1. Remember the password? Is it recorded in localstorage? That's very unsafe

  2. And get the token after logging in. Since every night sleep requires a token, the token should be recorded in localstorage
    Otherwise, there will be no token when the page is refreshed.

  3. But the problem comes again. If the token expires, you need to go to the server to verify whether the token has expired and then decide whether to display the login page. If it expires, jump to login. . . This process feels more troublesome than no separation. . .

怪我咯
怪我咯

走同样的路,发现不同的人生

reply all(3)
刘奇

First of all, you have to make it clear that there is no absolutely secure front-end. The main thing is that both the front-end and the front-end need to verify the token.
Generally, the front-end stores a token or the back-end writes a cookie to the customer service end.
Request interface At this time, it is either an automatic cookie or manually passed to the backend.
Determine whether the token has expired based on the feedback from the backend. The corresponding challenge goes to the login page.

世界只因有你

1: There is no way, even if the browser remembers the password, it will be recorded in the browser data, and the user can also view it. The function of remembering the password is recorded locally. As long as the device is not taken away by others, then others I can’t get the password either
2: Our token is also recorded in localStorage
3: Yes, so the front-end architecture design is very important

世界只因有你

Either remember the password in localstorage, or don’t do it and let the browser do it

Token is usually placed in a cookie. When verifying on the web page, whether you can log in can be directly judged by whether the page displays an avatar, etc. There is no need to judge whether the token has expired. When calling the server API, the server will verify whether you are actually logged in based on the token.

Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!