Separation of the front and rear end of the project, how to resolve login problems

Separation of the front and rear end of the project, how to resolve login problems 

Option One: Use the token

1. The front-end accountand passwordsubmitted to the login serverapi
2. Verify the correct server, generates a tokenand the tokenand userIdthere is the cache (recommended redisdatabase), and then tokenreturned to the front end.
3. The front end of each header with the request token, so it can easily implement

Option Two: Use cookie

1. client sends the username and password to the server

2. After successful authentication server, write the cookie to Client, then return json ok, wherein the cookie is stored in the key to the redis, value is the user information, and to set the timeout of the key, such as: 60 minutes

3. client after receiving the ok, the corresponding business operations, each subsequent request server will automatically bring the cookie, you do not have to write code

4. filter server side (you must be implemented with filter) will each verification pass over the cookie key exists in redis, there on behalf of the login is successful too can operate, no returns error identification Note: After a successful login, every server interface invocation time, should be renewed as a key redis, such as 60 minutes

5. When the key redis more than 60 minutes, it will delete the key, when so requested server again, you will need to sign a receipt of the return value

6. When the user initiative to withdraw from the system, but also delete key redis in the server