token design and verification:
APP own token type landing implemented steps of:
(1) the user database and add the table token field time_out this token expiration time field
(2) to generate a token and expiration time stored in the user login (Login automatic registration need) Table
(3 ) before calling other interfaces, judge token is correct, then continue right, then allow users to re-login error
Verification process:
1: server receives a user name and password sent by the app, login authentication (if login authentication error, returns an error message, user name or password does not exist.).
2: authenticated. The server generates a unique token string is returned to the terminal app, app be saved token string.
3: ajax request each time, take token to authenticate to the service side.
token on ajax request header (header), the server set up filters token validation, verification through, only to requests by app, otherwise the request fails.
Token verification process drawing
