Table of contents
Principle analysis
token automatic renewal
-
Enter the user password and call the login interface (white name interface). If the verification is successful, use jwt to generate (token①). At the same time, the token is stored in redis. The method is string type. The expiration time is the same time as the token. Both key and value are set. (token①)
The following is the key naming standard of redis:
Key naming standard:
project name: project name: business name: key A
key named according to this format will be automatically managed hierarchically when viewed in the visual graphics software.
For example: dcc:user: jwt:token The last token is a variable, which is our key -
(Token ①) is to be returned to the front end. It is the interface access credential that needs to be carried in the header of the next interface (restricted interface) request. A token verification interception will be added before the access interface. If the token exists in redis, then pass it and obtain it. The value of the key corresponding to redis is (oldtoken) analysis. At this time, the value of the token in redis is updated after regenerating (newtoken). If it does not exist, access is intercepted (the token has expired, please log in again)
The token should return the same value within the validity period. How to achieve this?
Many cloud software, such as Feishu and DingTalk, return the same credentials within the validity period,
such as verification codes. Verification codes sent within 60 seconds are all the same unless the verification code disappears and is re-entered. Create
the same principle:
1. When a user logs in, if the user has an available token in redis, it will be returned directly without regeneration. However, the key for the first login (the token for the first login) may need to be recorded.
Online People Counting Mechanism
Each time the user requests, a user's data is stored in redis, with a time limit of one minute
dcc:user:online:token