在客户端存储accessToken是一个好习惯吗？ [英] Is it a good practise to store accessToken client-side?

问题描述

对于通过后端的API调用每个数据的后端的网站

后端首先通过其身份验证处理程序传递accessToken，或者也可以传递accesstoken使用OAuth

我想知道将accessToken存储为简单的Javascript变量，然后仅对后端进行Ajax调用是安全还是不好？ p>

谢谢

解决方案

您可以执行此操作，但请确保accessToken短住了最好几个小时。

For a website that call a backend for each of Data through backend's API

the backend first delivers an accessToken through its authenticate handler, or the accesstoken could also be delivered with OAuth

I was wondering if then it's safe, or a bad practise, to store the accessToken as a simple Javascript var, and only make Ajax calls to the backend

thanks

解决方案

You can do this but make sure the accessToken is short lived. A few hours would be best.

这篇关于在客户端存储accessToken是一个好习惯吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！