登录(身份验证)请求应使用哪种方法? [英] What method should I use for a login (authentication) request?

问题描述

我想知道在执行登录请求时应该使用哪种http方法，为什么?由于此请求在服务器上创建了一个对象(用户会话)，因此我认为它应该是POST，您如何看待?但是由于登录请求应该是幂等的，所以可以是PUT，不是吗?

I would like to know which http method I should use when doing a login request, and why? Since this request creates an object (a user session) on the server, I think it should be POST, what do you think? But since the login request should be idempotent, it could be PUT, couldn't it?

关于注销请求的问题，我应该使用DELETE方法吗?

Same question for a logout request, should I use the DELETE method?

推荐答案

如果您的登录请求是通过提供用户名和密码的用户进行的，则最好使用POST，因为详细信息将在HTTP消息正文而不是URL中发送. .尽管仍然会发送纯文本，除非您通过https进行加密.

If your login request is via a user supplying a username and password then a POST is preferable, as details will be sent in the HTTP messages body rather than the URL. Although it will still be sent plain text, unless you're encrypting via https.

HTTP DELETE方法是在服务器上删除某些内容的请求.我不认为删除内存中的用户会话确实是想要的.更多用于删除用户记录本身.因此，可能的注销可能只是一个GET，例如www.yoursite.com/logout.

The HTTP DELETE method is a request to delete something on the server. I don't think that DELETING an in memory user session is really what it's intended; more it's for deleting the user record itself. So potentially logout can be just a GET e.g. www.yoursite.com/logout.

这篇关于登录(身份验证)请求应使用哪种方法?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！