Welcome to ShenZhenJia Knowledge Sharing Community for programmer and developer-Open, Learning and Share
menu search
person
Welcome To Ask or Share your Answers For Others

Categories

前后分离碰到一个疑问,用的是cors跨域,原本项目是第三方页面登登录,通过拦截器判断cookie判断携带token,然后跳转,现在要求前后分离的话,是调前端页面的url时判断还是获取数据的url时判断登录?最终的目标是两边都存有带token的cookie对吗?


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
thumb_up_alt 0 like thumb_down_alt 0 dislike
3.9k views
Welcome To Ask or Share your Answers For Others

1 Answer

  1. 前端请求后端登录api拿到token
  2. 前端存储token在本地,cookie或localStorage等
  3. 后端提供刷新token机制和api
  4. 前端根据要求刷新token,保持本地token长期有效,且用户无感知
  5. 所有登录状态和token有效性都由后端保证,在需要鉴权才可以请求的接口中前置判断登录有效性

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
thumb_up_alt 0 like thumb_down_alt 0 dislike
Welcome to ShenZhenJia Knowledge Sharing Community for programmer and developer-Open, Learning and Share
...