ios - app 登录验证和保持登录的状态

Question

如何保持app的登录状态并且控制访问呢？
新手很疑惑，我知道可以用key chain 来保存用户名和密码，每次调用出来登录。
登录之后可以做一个token，每次需要访问数据库的时候，验证token。

问题是，我看有些教程制作token的时候，将用户名，密码，还有一大堆信息都使用进去了，这样导致token的长度很长。并且此时token已经包含了用户名和密码这种关键信息，再非https传输的情况下，和每次都都要验证用户名+密码的方式有什么区别呢？

Answer 1

In non-https situations, token is usually a string of codes obtained by encrypting the user's information. For example, simple: token = md5(username+password), then when we communicate with the server, we will pass the token and username to the server. After the server gets the username, it will query the corresponding password from the database. Then use md5(username+password) to compare with the password passed by the client. The token is usually returned to the client by the server when logging in. The client retains the token, which means that the login status of the app is maintained.

Answer 2

It’s nothing more than assigning a unique identifier to each user, what you said

The username, password, and a lot of information are used, which results in a very long token length. And at this time, the token already contains key information such as username and password

There is no need to think about this issue at all. Because you can completely use the base64 obfuscated string after userId+timestamp as your token. In this way, the token will not be very long, and there is no fear of being intercepted during intermediate transmission.