PHP login interface

For the general login interface, after successful verification, does it return the user's ID information, so that the app can check personal information through the query interface? Or return all the user's information together?

Reply content:

For the general login interface, after successful verification, does it return the user's ID information, so that the app can check personal information through the query interface? Or return all the user's information together?

After successful verification, user information will be returned

Both are possible, it depends on your business logic.
The specific difference is that if you design a separate query interface, you must consider the possibility of querying other people's information without logging in.
Of course, for the sake of security and convenience, I recommend returning the information directly after successful login. Firstly, it can prevent unauthorized queries, and secondly, it can reduce one request and improve efficiency.

But some sensitive data must be filtered out first, such as passwords, encryption salts, etc.

Generally returns some commonly used data that does not affect security, such as ID, nickname, registration date, etc. It is not recommended to store sensitive data, such as permissions and status, locally as there is a risk of being tampered with.
My approach is to store the encrypted ID in cookies. After other data is captured, the server caches it. When it needs to be retrieved, it is checked from the cache.