The solution to the problem that session retention of WeChat applet will fail next time

PHPz
Release: 2017-04-03 17:54:51
Original
7635 people have browsed it

All HTTP requests of the applet use the wx.request({}) method, but this method will generate a new session every time, so it is not suitable for specific usage scenarios (security verification, session saving, CSRF protection), etc. There will be some troubles. For example, in a CSRF-protected application, even if the CSRF was obtained last time, it will be invalid in the next request.

Solution

step 1: Get the sessionId and csrf and save them

The csrf has been obtained as an example, simple and crude, when the application starts () You can obtain the cookie information for the first request during onLaunch and save it locally. You can force the cookie information to be added to the request header every time in the future.
The code is as follows:

//app.jsApp({
    onLaunch:function(){
        this.initSession();
    },
    initSession:function(){
        var that = this;        // step one:get cookie
        wx.request({
            url:'https://my.domain.com/open-api/cookie',
            header:{'Content-Type':'application/x-www-form-urlencoded'},
            method:'GET',
            success:function(res){
                for(let cookie of res.data){                    //这里我仅保存了sessionid,根据需要,也可以保存cookie的其它信息。
                    if(cookie.name === 'JSESSIONID') {
                        that.globalData.sessionId=cookie.value;
                        wx.request({
                            url:'https://my.domain.com/open-api/csrf',
                            header:{'Content-Type':'application/x-www-form-urlencoded','Cookie':'JSESSIONID='+that.globalData.sessionId},
                            method:'GET',
                            success:function(res){
                                that.globalData.csrf=res.data;
                            }
                        })                        break;
                    }
                }
            }
        })
    }
})
Copy after login

step 2: Request other interfaces based on sessionId and csrf

After that, every time you request another api interface, you can add csrf and csrf to the request header. sessionId to maintain the same session.
The code is as follows:

doSth:function(){
    var that = this;
    wx.request({
        url:'my.domain.com/api/some-thing',        //这里的CSRF的key(CSRF-TOKEN)具体写什么,根据各位自己的程序设置来写
        header:{'Content-Type':'application/x-www-form-urlencoded','Cookie':'JSESSIONID='+that.globalData.sessionId,'CSRF-TOKEN':that.globalData.csrf},
        method:'POST',
        data:paramdata,
        success:function(res){
            doSomething(res.data);
        }
    })
}
Copy after login

The above is the detailed content of The solution to the problem that session retention of WeChat applet will fail next time. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template