1. What is Token?
Token, also known as "token", is a string of strings generated by the server as a token for the client to request. After logging in for the first time, the server generates a Token and returns the Token to the client In the future, the client only needs to bring this Token to request data, without having to bring the user name and password again. For example, the following form:
39faf62271944fe48c4f1d69be71bc9a
2. Why use Token?
Most of the traditional ways of verifying user identities are based on server verification, that is, cookie+session. Since the HTTP protocol is stateless, the program needs to verify each request to identify the identity of the client.
The user logs in successfully and saves its information into the session. Every time the user requests, the cookie carrying the session id will be sent to the server for verification. With the rise of the Web, applications, and mobile terminals, the disadvantages of this verification method are gradually increasing. manifest, especially in terms of scalability.
Caused problems such as large memory overhead due to the increase of users, CORS (Cross-Origin Resource Sharing) and CSRF (Cross-Site Request Forgery), etc.
After introducing the Token verification mechanism, the request will send the token instead of the cookie, which can effectively prevent CSRF. Even if the client uses the cookie to store the token, the cookie only has the storage function and no longer has the verification function, so the security has been improved. Great improvement.
And as long as the token design is complex enough, unless the user leaks it, there is almost no possibility of being cracked. In addition, the token is time-sensitive, and it is invulnerable in a limited time plus limited computing power. This is also similar to encrypted assets such as The private key corresponding to the Bitcoin wallet is extremely secure.
In addition, Token can effectively reduce the pressure on the server, reduce frequent database queries, and make the server more robust.
3. Token-based authentication process
Client requests login with username and password
The server receives the request to verify the username and password
After the verification is successful, the server will issue a Token, and then send the Token to the client
After the client receives the Token, it can be stored, such as in a cookie or in Local Storage
Every time the client requests resources from the server, it needs to bring the Token issued by the server
The server receives the request, and then verifies the Token carried in the client request. If the verification is successful, it returns the requested data to the client.
4. Use of Token
When we do user authorization authentication, each request will put the Token in the request header and send it to the server side together. The server side will intercept and verify through the interceptor. If there is no Token, Token error or Token expired, the request will be rejected. , if it is valid, the corresponding return result will be returned.
Finally, I would like to thank everyone who has read my article carefully. Reciprocity is always necessary. Although it is not a very valuable thing, you can take it away if you need it:
Software testing interview applet
The software test question bank maxed out by millions of people! ! ! Who is who knows! ! ! The most comprehensive quiz mini program on the whole network, you can use your mobile phone to do the quizzes, on the subway or on the bus, roll it up!
The following interview question sections are covered:
1. Basic theory of software testing, 2. web, app, interface function testing, 3. network, 4. database, 5. linux
6. web, app, interface automation, 7. performance testing, 8. programming basics, 9. hr interview questions, 10. open test questions, 11. security testing, 12. computer basics
These materials should be the most comprehensive and complete preparation warehouse for [software testing] friends. This warehouse has also accompanied tens of thousands of test engineers through the most difficult journey. I hope it can help you too!