php - How to use token verification for user login?
给我你的怀抱
给我你的怀抱 2017-05-19 10:07:22
0
3
756

Why do we need to use token verification? I directly verify the username and password and then generate cookies. I saw others saying to use tokens. Why should I use tokens? Which step uses token?

给我你的怀抱
给我你的怀抱

reply all(3)
小葫芦

Cookie is to realize automatic login, or to mark the server session with SEESION_ID.
Because HTTP protocol is stateless, you need to use cookies to mark the status, which is usually implemented by default when browsing.
But if it is api To respond to requests through the interface , you need to consider non-browser requests, such as apps, other servers, etc.
token is designed to replace the status mark of cookies and pass the status as parameters (or other forms) to ensure compatibility .
Other functions can also be derived from the above, such as Restricting single-end login, etc.
There is a famous saying in programming: 没有什么问题是一个中间件解决不了的,如果有就用两个...

滿天的星座

For example, after you log in, the server generates a token string, binds the token to the user ID, sets the validity period, and saves the database. When called by the client, the token can be used to determine whether the user has logged in!

巴扎黑

Token is not used when logging in, but is generated by the server after logging in. Subsequent client requests will bring this token, so that you know that the request is a legitimate request.

In the PC era, this token is the cookie in the browser, but on the mobile side, the token and the validity period of the token are usually included in the interface to replace the cookie!

Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!