Should I still use session? Or what? Please answer
Should I still use session? Or what? Please answer
Just add something like access-token in the header.
Similar to the principle of including sessionId in the request
There is rarely a need for the client to maintain a session with the backend.
Usually the token mechanism is used. After the user logs in, the backend will generate a token and return it to the client. After that, all api requests from the client must bring the user ID and token. The backend api must verify the id before executing the request. and whether the token is correct, and at the same time we know which user the request comes from. It can be simply understood that token is a temporary password.
As for the security mechanism of tokens, it is too extensive, and there are many mature solutions. Search by yourself
Simple, session_id+signature verification
Pass a login status token in the interface parameter
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
