javascript - For a website that requires login, what operations are generally performed to save the login status after pressing refresh?
PHP中文网
PHP中文网 2017-05-19 10:26:15
0
5
710

I just got started and I don’t know much about user login.
Assume that the user has logged in successfully and entered page A. If he refreshes the page, the data on the page will be lost. What operations should be performed to save his login? What about status?
Because the data in page A needs to be obtained using the user's number (returned by the login interface)
Should I log in again based on the cookie after refreshing?

PHP中文网
PHP中文网

认证高级PHP讲师

reply all(5)
为情所困

The basic idea is to set your own cookie and submit the authenticated identity information to the server again

  • Set cookies

  • Save session

  • Use JSON Web Token to improve security

You can refer to the article I wrote
http://www.jianshu.com/p/8d13...

伊谢尔伦

In short, just use cookie构造session的过程。Web浏览器发起请求的时候,会带上httpheader的内容。通常使用的是cookie,每次你刷新的时候,cookie and it will be automatically sent to the server.

Stateless

Suppose you go to a cake shop to buy something. The clerk receives many customers every day and does not know who you are.

cookie

The store held activities and launched a membership mechanism. The cake shop issued a membership card to every guest who came. From now on, every time anyone comes here, check if it is 会员卡,没有就发一个,有了就知道是会员啦。这个卡就是cookie.

session

A simple membership card can only distinguish whether you are a member. In order to obtain more detailed information, a membership card number has been added. Every time you come, the clerk checks to see if there is a card, then enters the card into the system to check whether it is a registered member and understand the member information. Give corresponding discounts~. This card number is session_id.

So the browser's cookie可以存一个session_idsession_id关联了用户,其本身可以是随机字串,也可以是jwt等。每次发送请求的时候,浏览器会自动发送cookie。服务端就能读取解析这个cookie can store a

,

is associated with the user, and it can be a random string, or it can be jwt, etc. Every time a request is sent, the browser will automatically send cookie. The server can read and parse this

and then authenticate it. 🎜 🎜In addition, you can read more detailed documents about 🎜's security, expiration, etc. 🎜
左手右手慢动作

Use sessionID as token, bring the token with each request, and the background determines whether the token is valid

为情所困

The cookie stores the user session ID and sends an identity matching verification request when the page is refreshed. The user is logged in if there is a login session, otherwise the user is not logged in or the login has timed out. You can also use the authentication token

淡淡烟草味

The cookie saves the session id. When the front-end requests the server, it brings this cookie in the header. After the server receives it, it looks for the session record corresponding to this session id. If it is found, it means that you are logged in. If it is not found, it means that you are not logged in.

Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template