简体中文(ZH-CN)English(EN)繁体中文(ZH-TW)日本語(JA)한국어(KO)Melayu(MS)Français(FR)Deutsch(DE)
Home
Article
Q&A
Course
Topic
Download
Game
Dictionary
Recent Updates

Home  >  Q&A  >  body text

javascript - After the front-end and back-end separation, remember the password, automatic login, and the page after login. What should I do if the login times out?

Like the title

  1. Remember the password? Is it recorded in localstorage? That's very unsafe

  2. And get the token after logging in. Since every night sleep requires a token, the token should be recorded in localstorage
    Otherwise, there will be no token when the page is refreshed.

  3. But the problem comes again. If the token expires, you need to go to the server to verify whether the token has expired and then decide whether to display the login page. If it expires, jump to login. . . This process feels more troublesome than no separation. . .

怪我咯怪我咯2714 days ago1084

reply all(3)I'll reply

  • 怪我咯

    怪我咯2017-05-16 13:41:13

    First of all, you have to make it clear that there is no absolutely secure front-end. The main thing is that both the front-end and the front-end need to verify the token.
    Generally, the front-end stores a token or the back-end writes a cookie to the customer service end.
    Request interface At this time, it is either an automatic cookie or manually passed to the backend.
    Determine whether the token has expired based on the feedback from the backend. The corresponding challenge goes to the login page.

    reply
    0
  • 世界只因有你

    世界只因有你2017-05-16 13:41:13

    1: There is no way, even if the browser remembers the password, it will be recorded in the browser data, and the user can also view it. The function of remembering the password is recorded locally. As long as the device is not taken away by others, then others I can’t get the password either
    2: Our token is also recorded in localStorage
    3: Yes, so the front-end architecture design is very important

    reply
    0
  • 世界只因有你

    世界只因有你2017-05-16 13:41:13

    Either remember the password in localstorage, or don’t do it and let the browser do it

    Token is usually placed in a cookie. When verifying on the web page, whether you can log in can be directly judged by whether the page displays an avatar, etc. There is no need to judge whether the token has expired. When calling the server API, the server will verify whether you are actually logged in based on the token.

    reply
    0
  • Cancelreply