令牌认证-存储令牌的位置 [英] Token authentication - where to store the token
问题描述
目前,我正在使用PHP和Laravel,我有一个宁静的api,用户需要使用该api进行身份验证,以确保他们只能访问自己拥有的东西等.
I am working with PHP and Laravel at the moment, I have a restful api that the user needs to authenticate with to make sure they can only access things they own etc.
我想知道的是,来自服务器的令牌应保存在客户端的什么位置?在会话中使用cookie?服务器数据库?
What I want to know is where should the token from the server be saved on the client? In a session a cookie? The servers database?
推荐答案
我建议走以下路线:
- 用户登录到您的网站并请求API使用令牌
- 当收到对您的API的新请求时,将传入请求中的令牌与数据库中的令牌进行比较.如果找到,则为有效请求. REST客户端可以使用
Authorization
标头发送令牌. - 发送请求的答案
- the user logs into your site and requests a API usage token
- when a new request to your API comes in, compare the token from the incomming request, with the token in the db. if it is found, it's a valid request. the REST client could use the
Authorization
header to send the token. - send the answer for the request
虽然您网站的登录系统可能是基于会话的客户端cookie,但是REST API是基于令牌的,不需要cookie或会话.
While the login system of your website, might be session-based with cookies on client-side, the REST API is token-based and doesn't need a cookie or session.
请查看以下内容以获取更多详细信息: https://softwareengineering.stackexchange.com/a/141434/111803
Please take a look at this for more details: https://softwareengineering.stackexchange.com/a/141434/111803
这篇关于令牌认证-存储令牌的位置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!