javascript - Issues about user login and information storage
phpcn_u1582
phpcn_u1582 2017-05-17 10:01:14
0
1
597

Recently I am working on a WeChat project with multiple pages. I have some questions about user login:
1. Is the user permanent login (30 days) a front-end implementation or a back-end implementation?
The front end can store the account number and encrypted password in a cookie to achieve this requirement. Is this a security issue?
After thinking about it, it seems that it can be achieved without saving the password.

2. Can the user information returned after successful login be directly stored locally using localStorage? Because user information needs to be automatically completed when submitting some orders on subsequent pages, will there be any security issues?

I’ve always been confused, please tell me how everyone usually achieves it, thank you

phpcn_u1582
phpcn_u1582

reply all(1)
習慣沉默

What is saved is something similar to a token. Passwords must not be saved, regardless of whether they are encrypted or not.

Both the front and back ends need to be implemented, and the back end also needs to ensure that the token expires and cannot be used again after 30 days.

It is best to obtain key information from the backend when needed.

Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template