How to match the value of the backend verification code with the frontend?

The front-end user fills in the value of the verification code image when registering, and then matches it with the back-end.

But because the user has not registered, there is no way to tie an identity to him, so my temporary design is as follows:

When generating a verification code image, store the value of the verification code in the cache (redis). The cache sets the expiration time. Then when the front-end submits the verification code, read the value from the cache to see if there is one. If there is a match, delete it successfully. Article cache.

Such a problem is that it is possible to successfully match even if you input incorrectly, but the probability is not particularly high.

Is there any better idea?

Reply content:

The front-end user fills in the value of the verification code image when registering, and then matches it with the back-end.

But because the user has not registered, there is no way to tie an identity to him, so my temporary design is as follows:

When generating a verification code image, store the value of the verification code in the cache (redis). The cache sets the expiration time. Then when the front-end submits the verification code, read the value from the cache to see if there is one. If there is a match, delete it successfully. Article cache.

Such a problem is that it is possible to successfully match even if you input incorrectly, but the probability is not particularly high.

Is there any better idea?

If the front-end and back-end are not separated, the verification code can be stored in the session for verification.
If the front-end and back-end are separated, then every request from the front-end is stateless. Then, you need to assign a token to the front-end when it makes the first request. Then, every time the front-end makes a request, it will bring this token with it. token. You can use this token as the key value of redis and put the verification code in the corresponding value position.

One session and one verification code, even if you don’t register, you still have a session

As long as you control it well, there should be no chance of successful matching even if you make a mistake.
1. Generate verification code in the background. And put it in the session.
2. The verification code obtained by the front desk is also synchronized with the one just placed in the session.
3. If the front desk input is wrong, or the user clicks to switch the verification code. Then change the verification code in the background, and also change the one in the session

In fact, as long as the verification code displayed in the front desk is always synchronized with the session, there will be no problem.

PS: If each request is multi-threaded, there should be no chance of successful matching even if the input is incorrect.

When the verification code is generated when the user registers, the verification code is written into the session. After the user submits it, the verification code is read from the session and compared.
Please refer to this article http://netsecurity.51cto.com/art/ 201402/428721.htm

Front-end:<img src="/static/imghwm/default1.png" data-src="checkcode.php" class="lazy" id="code" onclick="JavaScript:this.+Math.random()" alt="How to match the value of the backend verification code with the frontend?" >
Back-end :

<code>$showing=strtoupper($_POST['checkcode']); //检测提交过来的验证码
if($_SESSION['checkcode']!=$showing||empty($showing)){
  unset($_SESSION['checkcode']);
  die('验证码错误');
}
</code>

Verification code generation:

session: In computers, especially in network applications, it is called "session control". Regardless of whether you are a registered user or not, as long as you access, the server will generate a unique session ID. Just store the verification code data in the session.