Some states understand about registration

Others 2020-01-02 17:20:07 views: null

1, the first http protocol is stateless

What is stateless? That is, the server does not know who sent this http request, we can not distinguish between user

2. Why should login state

The rise of interactive websites, such as shopping site, the server must know which people go to their shopping cart to increase the commercial, who placed an order, it means that each transmission interface request must distinguish each person. But http is no state, no way to distinguish between user and records. So login state is used to distinguish the user's request to let the server know each session who are sent, who need to be addressed.

3. several ways to distinguish between the user's

1)、sessionid

When logged in, the server generates a sessionid returned to the client, the client remember this sessionid, then every request to send this regard sessionid come together, we will be able to distinguish who is who, but only if the server must be remembered All sessionid.

2)、token

A new way for the shortcomings of sessionid (to take up a lot of server resources for storage) produced. It is also a server sends a unique identifier to the client, then the logo will be passed to the server to verify each request. The difference is that the server without storing the unique identification.

How to generate the unique identification?

Data sent from the landing with an algorithm, then add a secret key, do a signature, and the signature of this data together as a token sent to the client.

How to verify that uniquely identifies?

When the request is sent to the server, then the same algorithm and secret key, the data in the token to make a signature, and the signature token comparison, if the same, then authentication.

Note: token can not save user passwords and other sensitive information.

authentication token request procedure:

1, when the user logs in, sends the user name and password to the server;

2, the server to verify the correctness of the user name and password;

3, verification is passed, returns a token to the client with the signature;

4. The storage client token cookie, and thereafter each time the token into the header when the transmission request;

5, the server receives the request, and get the token, signature verification, and then returns information to the client

Guess you like

Origin www.cnblogs.com/panyujun/p/12133829.html
Recommended
The “35-year-old curse” of Chinese coders
蘭雅 CorelDRAW 插件 2024.5.1 国际劳动节版,免费下载
Ranking
Methods and Practices of Manufacturing Data Quality Improvement
Serial port upgrade program for efficient transmission of large firmware
Use KITTI to run LIOSAM and complete the EVO evaluation
Calling methods on string literals (Java)
ActiveMQ and Spring integration (4)
You have to know the HTTPS! ! !
PAT whether Structures and Algorithms 7-4 with a binary search tree (40 rows streamlined structure)
el-upload brings request background
UVA - 1204 Fun Game-like pressure dp
2019-12-28
Daily
More
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)

Code World

© 2018 codetd.com