Separation of the front and rear end of the project, how to resolve login problems
- The front-end
account
andpassword
submitted to the login serverapi
- Verify the correct server, generates a
token
and thetoken
anduserId
there is the cache (recommendedredis
database), and thentoken
returned to the front end. - The front end of each header with the request
token
, so it can easily implement
Option Two: Use cookie
-
client sends the username and password to the server
-
After successful authentication server, write the cookie to Client, then return json ok, wherein the cookie is stored in the key to the redis, value is the user information, and to set the timeout of the key, such as: 60 minutes
-
client after receiving the ok, the corresponding business operations, each subsequent request server will automatically bring the cookie, you do not have to write code
-
filter server side (you must be implemented with filter) will each verification pass over the cookie key exists in redis, there on behalf of the login is successful too can operate, no returns error identification Note: After a successful login, every server interface invocation time, should be renewed as a key redis, such as 60 minutes
-
When the key redis more than 60 minutes, it will delete the key, when so requested server again, you will need to sign a receipt of the return value
-
When the user initiative to withdraw from the system, but also delete key redis in the server