I am collaborating on a small project with a friend. I am responsible for the front-end and he is responsible for the back-end. Currently, I don’t quite understand how to do user login verification. I learned about the traditional session method and the access token method.
Access token method I roughly understand how the front-end work is done. After the username and password are verified, a token is returned in the background. In the future, all request headers for front-end routing and http interception must be attached with this token. But the background operations will be more troublesome.
Session is automatically processed in the background, but I don’t understand what the front-end should do specifically. After the username and password verification is passed, what content will the Django background return to the front-end, and what additional verification or operations does the front-end need for all future operations? Cookies or something to keep me logged in?
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
In fact, the two you mentioned should be used together
The front-end cookie saves the access token to record the user’s login status
Receive access token in the background to find the session to obtain user information
The second session method you mentioned is to use the first method to save the login status
Django's session is managed through cookies.
When logging in, you can get the session_id produced by the backend, and then save it in the cookie.