对于登录GET或POST? [英] For Login GET or POST?

问题描述

我想知道我使用哪种HTTP方法来开发登录API，GET或POST?我已经使用post方法在PHP中开发了我的登录API，但是我的BOSS这样说，为什么要使用POST方法而不是GET方法.

I want to know which HTTP method i use for developing a login API, GET or POST ?. I have developed my login API in PHP using post method, but my BOSS say that, why you use POST method instead of GET method.

推荐答案

始终 POST ，并且最好使用SSL(如: https://... ).因为出于缓存原因， GET 中的参数会存储在各处.

Always POST, and preferably with SSL (as in: https://...). Because the parameters in GET get stored all over the place for caching reasons.

因此，如果老板需要一个理由:安全性.

So, if you boss needs a reason: security.

有一个与REST相关的原因: GET 查询首先应该被积极地缓存，因为它们不会改变服务器的数据状态.相反，预计 POST 请求永远不会被缓存，因为更改服务器的状态和(与 PUT 请求不同)，不希望调用多个 POST请求以返回相同的响应并使服务器保持相同的状态.

There is a REST-related reason: the GET queries first of all are expected to be aggressively cached, because they do not alter the server state of data. The POST requests instead are expected to never be cached, because the alter the state of server and (unlike PUT request), there is no expectation for calling multiple POST request to return the same response and leave the server in the same state.

例如:如果发送5个登录请求失败，则第6个可以返回您的IP已被阻止30分钟" .

For example: if you send 5 login request, that fail, the 6th one can return "your IP has been blocked for 30 min" as a response.

这篇关于对于登录GET或POST?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！