javascript - How to verify user identity in real time on a web page?
黄舟
黄舟 2017-05-16 13:38:11
0
7
682

Premise: The user has gone through the login verification process.
Question: So how does the user verify his identity when he obtains his private data from the server?
(Note: express framework used for backend)

黄舟
黄舟

人生最曼妙的风景,竟是内心的淡定与从容!

reply all(7)
过去多啦不再A梦

Use session or json web token

洪涛
cookie 

    [http://wiki.jikexueyuan.com/project/node-lessons/cookie-session.html][1]

session是基于cookie的服务端技术
習慣沉默

session, write the user id into the session
when the verification is successfulreq.session.user = user;

洪涛

session!
session can be stored in server memory or a cache like redis.
There are mature third-party session libraries, in which sessions can exist in redis/database/local.
You can save the session in redis like this:

var session = require('express-session');
var RedisStore = require('connect-redis')(session);
app.use(session({
    store: new RedisStore({
        host: CONF.REDIS_URL(),
        port: 6379
    }),
    secret: 'keyboard cat',
    resave: false,
    saveUninitialized: false,
    cookie: {maxAge: 14400000}
}));
某草草

Use sessionID to make a token, and check this token for every request

黄舟

Negotiate with the backend to adjust the interface, and then verify his identity in the backend

漂亮男人

After the user passes the verification, certain information will be saved in the background to avoid repeated verification in the future. The commonly used method in the past was Session. Session is based on Cookie. Later, the Token method was gradually developed, using Token to replace the Seesion-Id in Cookie. As The backend determines the basis for logged in users, and then JWT (JSON Web Token) appears.

But having said that, if there are really important operations that require special caution, there should be two-step verification, such as random SMS passwords for payment, and various security Token (or random password) Apps, etc. The simplest is to require you to enter the password again to confirm after logging in for a certain period of time to perform high-security operations, such as operations such as deleting important data by the administrator.

Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template