令牌认证与饼干 [英] Token Authentication vs. Cookies
问题描述
什么是使用Cookie令牌认证和认证的区别?
What is the difference between token authentication and authentication using cookies?
我想实现href=\"https://github.com/heartsentwined/ember-auth-rails-demo/wiki\">灰烬验证Rails的演示,但我不明白的原因
I am trying to implement the Ember Auth Rails Demo but I do not understand the reasons behind using token authentication as described in the Ember Auth FAQ on the question "Why token authentication?"
推荐答案
,因为它的典型应用WEP大多无国籍的请求/响应性质。在 HTTP 协议是一个无国籍协议的最好的例子。但是,由于大多数Web应用程序需要的状态,以保持在状态后,服务器和客户端之间,饼干使用这种服务器可以在每一个响应发送回客户端。这意味着从客户端进行下一个请求将包括该cookie并因此将被服务器识别。这样,服务器可以保持会议与无国籍的客户,大多是知道的一切应用程序的状态,但存储在服务器中。在没有一刻这种情况下客户是否保持的状态,这是不如何 ember.js 的作品。
A typical wep app is mostly stateless, because of it's request/response nature. The HTTP protocol is the best example of a stateless protocol. But since most web apps need state, in order to hold the state, between server and client, cookies are used such that the server can send in every response back to the client. This means the next request made from the client will include this cookie and will thus be recognized by the server. This way the server can maintain a session with the stateless client, knowing mostly everything about the app's state, but stored in the server. In this scenario at no moment does the client hold state, which is not how ember.js works.
在 ember.js 的东西是不同的。 Ember.js 使程序员的工作更容易,因为它的确拥有在状态作为您在客户端,知道在每一个时刻关于它的状态,而无需向服务器请求,要求的状态数据。
In ember.js things are different. Ember.js makes the programmer's job easier because it holds indeed the state for you, in the client, knowing at every moment about it's state without having to make a request to the server asking for state data.
不过,持有的状态在客户端有时也引入根本就没有在无国籍情况present并发问题。 Ember.js 的,但是这个问题对你来说,特别是烬数据是考虑建立这个也涉及。总之 ember.js 是专为框架的状态的客户。
However, holding state in the client can also sometimes introduce concurrency issues that are simply not present in stateless situations. Ember.js, however deals also with this issues for you, specifically ember-data is built with this in mind. In conclusion ember.js is a framework designed for stateful clients.
Ember.js 并不像一个典型的无国籍 Web应用程序,其中的会议 ,在状态并相应饼干几乎完全由服务器处理。 Ember.js 持有它的状态完全在JavaScript(在客户端的内存,而不是像其他一些框架DOM)并且不需要服务器来管理会话。这导致 ember.js 的是在许多情况下,例如更灵活当你的应用程序是在离线模式下。
Ember.js does not work like a typical stateless web app where the session, the state and the corresponding cookies are handled almost completely by the server. Ember.js holds it's state completely in javascript (in the client's memory, and not in the DOM like some other frameworks) and does not need the server to manage the session. This results in ember.js being more versatile in many situations, e.g. when your app is in offline mode.
出于安全原因,很显然,这确实需要某种形式的标记或唯一键以被发送到服务器的每次请求是为了制造成的验证下,这种方式,服务器可查找的发送令牌(它最初是由服务器发出),并验证它是否发送响应返回给客户端之前是有效的。
Obviously for security reasons it does need some kind of token or unique key to be sent to the server everytime a request is made in order to be authenticated, this way the server can lookup the send token (which was initially issued by the server) and verify if it's valid before sending a response back to the client.
在我看来最主要的原因如灰烬验证常见问题解答主要是因为 ember.js 框架的性质,还因为它更适合用在状态 Web应用程序范例。因此,cookie机制不建立一个 ember.js 应用程序时,最好的办法。
In my opinion the main reason why to use an authentication token instead of cookies as stated in Ember Auth FAQ is primarily because of the nature of the ember.js framework and also because it fits more with the stateful web app paradigm. Therefore the cookie mechanism is not the best approach when building an ember.js app.
我希望我的回答能给更多的含义你的问题。
I hope my answer will give more meaning to your question.
这篇关于令牌认证与饼干的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
