在客户端存储accessToken是一个好习惯吗? [英] Is it a good practise to store accessToken client-side?
本文介绍了在客户端存储accessToken是一个好习惯吗?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
对于通过后端的API调用每个数据的后端的网站
后端首先通过其身份验证处理程序传递accessToken,或者也可以传递accesstoken使用OAuth
我想知道将accessToken存储为简单的Javascript变量,然后仅对后端进行Ajax调用是安全还是不好? p>
谢谢
解决方案
您可以执行此操作,但请确保accessToken短住了最好几个小时。
For a website that call a backend for each of Data through backend's API
the backend first delivers an accessToken through its authenticate handler, or the accesstoken could also be delivered with OAuth
I was wondering if then it's safe, or a bad practise, to store the accessToken as a simple Javascript var, and only make Ajax calls to the backend
thanks
解决方案
You can do this but make sure the accessToken is short lived. A few hours would be best.
这篇关于在客户端存储accessToken是一个好习惯吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文