javascript - Discussion on how to implement login

Question

When I was thinking about logging in recently, I thought about one or two of them and wanted to see if anyone had any good ideas. Please don't mention SSO. We won't discuss this. We will just discuss how to implement a simple login.

Answer 1

I have worked on some login libraries. Suppose a company has multiple sub-sites in the shape of A B C. The common pattern is roughly as follows:

1. Each site maintains independent login information by the back-end framework, and returns the status of logged in in the HTML template. At this time, you need to log in again to access different subsites.

2. Each site maintains SSO information by the back-end framework. Before the user logs in to each sub-site, the back-end will redirect the request to the SSO site to synchronize the login status, so that after logging in to A, the login status can be synchronized when logging in to B.

3. The front-end and back-end are separated. When each sub-site page is loaded, the front-end framework requests the SSO site across domains and synchronizes the login status.

4. Separate the front-end and back-end. The front-end deploys Node services that support SSO. SSO is completed on the Node layer. The login logic is completely stripped from the front-end and back-end business logic (our company's current solution).

There are many details in the specific implementation, such as whether the token field is placed in the http header or url parameter, cookie or json attribute, or what rule the token is generated by, what is the expiration time, whether localStorage or sessionStorage is used to persist the login status, etc. In the end, it is basically Different paths lead to the same destination, so there will be no further expansion.

Answer 2

Provide a login page, submit user information and match it with the database. If the login is successful, the user information is written to the session. It’s simple enough