I just got started and I don’t know much about user login.
Assume that the user has logged in successfully and entered page A. If he refreshes the page, the data on the page will be lost. What operations should be performed to save his login? What about status?
Because the data in page A needs to be obtained using the user's number (returned by the login interface)
Should I log in again based on the cookie after refreshing?
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
The basic idea is to set your own cookie and submit the authenticated identity information to the server again
Set cookies
Save session
Use JSON Web Token to improve security
You can refer to the article I wrote
http://www.jianshu.com/p/8d13...
In short, just use
cookie构造session的过程。Web浏览器发起请求的时候,会带上http的header的内容。通常使用的是cookie,每次你刷新的时候,cookieand it will be automatically sent to the server.Stateless
Suppose you go to a cake shop to buy something. The clerk receives many customers every day and does not know who you are.
cookie
The store held activities and launched a membership mechanism. The cake shop issued a membership card to every guest who came. From now on, every time anyone comes here, check if it is
有会员卡,没有就发一个,有了就知道是会员啦。这个卡就是cookie.session
A simple membership card can only distinguish whether you are a member. In order to obtain more detailed information, a membership card number has been added. Every time you come, the clerk checks to see if there is a card, then enters the card into the system to check whether it is a registered member and understand the member information. Give corresponding discounts~. This card number is
session_id.So the browser's
,cookie可以存一个session_id,session_id关联了用户,其本身可以是随机字串,也可以是jwt等。每次发送请求的时候,浏览器会自动发送cookie。服务端就能读取解析这个cookiecan store ais associated with the user, and it can be a random string, or it can be
and then authenticate it. In addition, you can read more detailed documents about 's security, expiration, etc.jwt, etc. Every time a request is sent, the browser will automatically sendcookie. The server can read and parse thisUse sessionID as token, bring the token with each request, and the background determines whether the token is valid
The cookie stores the user session ID and sends an identity matching verification request when the page is refreshed. The user is logged in if there is a login session, otherwise the user is not logged in or the login has timed out. You can also use the authentication token
The cookie saves the session id. When the front-end requests the server, it brings this cookie in the header. After the server receives it, it looks for the session record corresponding to this session id. If it is found, it means that you are logged in. If it is not found, it means that you are not logged in.