I can’t understand the logic of APP login. Please explain.
- Where is the difference between landing on the web app. Do you also use session
- If you use session, do you use the logic of login again for those apps that are online all the time? If you use the logic of re login to save the user name and password, isn’t it very unsafe.
- If you don’t use session. Is it possible to call the interface after obtaining the token with OAuth? Is there only status? Is there no point to log out? As long as you get the user’s token, anyone can always call the user’s various operations and get the user’s information?
Well, what are the blogs with mature solutions?
Now, we take it for granted to use the normal login method, and then package the web app with phonegap.
In this way, if the front end of the sub app keeps logging in all the time, it needs to log in again after the server session has expired.
For example, the login time is set to n days. In this way, if n days have passed, it is theoretically time to log in again. (how to set it to n days, please search session never expired, etc.)
If you don’t want to log in again, just remember the password. Like QQ, you will automatically send the account password and log in automatically every time.
- The nature of token is actually similar to session
- To be specific, I don’t bother to use HTTPS and token directly in order to save trouble. Although I don’t think it’s good, it’s better. There’s no obvious security problem
- The token can be reset on the server or set the expiration time
In token. Does the server need a session like mechanism. Or a value in memory. Do you need to query the database every time?
This cost is very limited, of course, can also do caching.
User name + password?