First of all, we must understand cookie+session and token. There are two sets of things, and the session is not the session stored in the front-end
-
What is session+cookie?
Seesion+cookie Example: When the first request is made, the server generates a token and asks the client to also order a token. You bring your tokens every time you request, and you and I compare tokens. Oh. The token has an expiration time. The server will generate a token locker (occupying space) for accessing tokens (cookies). The essence is space for time, and time is not time-consuming.
-
What is a token?
Token example: At the beginning, log in and give you a password and set a set of keys. Next time you make a request, the server will verify your password with the key, and the verification will pass. I don't need to save your stuff every time. There is an additional calculation verification link, which is time for space.
-
The impact of the difference
1. The difference can be understood through examples. The point of influence is the difference between time and space, and security issues.
2. Let me talk about the space first. When server A is full, load balance should be done. Didn't you B have the locker in my A? It's impossible to copy all the lockers to you. My A is going to burst. As a result, the identity cannot be recognized and you have to log in again.
3. Besides time, it's just that the computing power is enough, and things that can be handled with money are not a problem. -
Miscellaneous knowledge points
1. Cookie runs on the client side, and Session runs on the server side. A cookie is just a data file stored on the user's local terminal (Baidu Encyclopedia)
2. When the server receives a request for the first time, it opens up a Session space (creates a Session object), generates a sessionId at the same time, and sets Set in the response header -Cookie: JSESSIONID=XXXXXXX command. This header tells the client to store the cookie.
3. After the client receives the response, it sets a cookie with JSESSIONID=XXXXXXX on the local client. The expiration time of the cookie is the end of the browser session. . But the browser can perform corresponding operations on the expiration time.
4. For cookie operation, I recommend vue-cookie. Search on csdn. It's nothing more than npm download, set time, get, and delete.
5. The token is nothing more than the first request, get the token down, put it in a place, and set each request Bring him, and just search how to use it with csdn. -
Finally, the last is permission management
The general idea is that the official provides something that can be triggered before each route jump. There are three parameters to, from, and next. to indicates where to go, and next() indicates permission to pass. The use of tokens here can achieve permission management. A blog will be published later and updated at the bottom of this article.
Vue official document routing guard Beforeeach