php - How to use token verification for user login?
给我你的怀抱2017-05-19 10:07:22
0
3
756
Why do we need to use token verification? I directly verify the username and password and then generate cookies. I saw others saying to use tokens. Why should I use tokens? Which step uses token?
Cookie is to realize automatic login, or to mark the server session with SEESION_ID. Because HTTP protocol is stateless, you need to use cookies to mark the status, which is usually implemented by default when browsing. But if it is api To respond to requests through the interface , you need to consider non-browser requests, such as apps, other servers, etc. token is designed to replace the status mark of cookies and pass the status as parameters (or other forms) to ensure compatibility . Other functions can also be derived from the above, such as Restricting single-end login, etc. There is a famous saying in programming: 没有什么问题是一个中间件解决不了的,如果有就用两个...
For example, after you log in, the server generates a token string, binds the token to the user ID, sets the validity period, and saves the database. When called by the client, the token can be used to determine whether the user has logged in!
Token is not used when logging in, but is generated by the server after logging in. Subsequent client requests will bring this token, so that you know that the request is a legitimate request.
In the PC era, this token is the cookie in the browser, but on the mobile side, the token and the validity period of the token are usually included in the interface to replace the cookie!
Cookie is to realize automatic login, or to mark the server session with SEESION_ID.
Because HTTP protocol is stateless, you need to use cookies to mark the status, which is usually implemented by default when browsing.
But if it is api To respond to requests through the interface , you need to consider non-browser requests, such as apps, other servers, etc.
token is designed to replace the status mark of cookies and pass the status as parameters (or other forms) to ensure compatibility .
Other functions can also be derived from the above, such as Restricting single-end login, etc.
There is a famous saying in programming:
没有什么问题是一个中间件解决不了的,如果有就用两个...
For example, after you log in, the server generates a token string, binds the token to the user ID, sets the validity period, and saves the database. When called by the client, the token can be used to determine whether the user has logged in!
Token is not used when logging in, but is generated by the server after logging in. Subsequent client requests will bring this token, so that you know that the request is a legitimate request.
In the PC era, this token is the cookie in the browser, but on the mobile side, the token and the validity period of the token are usually included in the interface to replace the cookie!