Since we are talking about the client, let’s just discuss the existence of the client 1. When opening the startup interface, you should send a confirm to confirm whether the token has expired. If it expires, jump to the login interface, or use gestures or fingerprint unlocking to ask him to confirm the operation to extend the token time If it has not expired, then the server should extend the expiration time. If there are security requirements, you can unlock it with gestures and extend it
2. During normal requests, if the token expires, the interface should use http code to tell you that the verification is invalid, for example, return a response with status 401. You can do your own processing based on this response, such as logging in again or unlocking with gestures.
3. If your application does not have any requirements for information security, for example, it is just a content client. Then the token expiration time can be extended or not expired.
When the page is accessed, you will be given a token every time. If it has not been used for a long time, an error will be prompted when the operation is performed again. The client will request the token again
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
Since we are talking about the client, let’s just discuss the existence of the client
1. When opening the startup interface, you should send a confirm to confirm whether the token has expired.
If it expires, jump to the login interface, or use gestures or fingerprint unlocking to ask him to confirm the operation to extend the token time
If it has not expired, then the server should extend the expiration time. If there are security requirements, you can unlock it with gestures and extend it
2. During normal requests, if the token expires, the interface should use http code to tell you that the verification is invalid, for example, return a response with status 401. You can do your own processing based on this response, such as logging in again or unlocking with gestures.
3. If your application does not have any requirements for information security, for example, it is just a content client. Then the token expiration time can be extended or not expired.
When the page is accessed, you will be given a token every time. If it has not been used for a long time, an error will be prompted when the operation is performed again. The client will request the token again