DWQA QuestionsCategory: ServerFront and back logic of APP login
Rajoy asked 7 months ago

I can’t understand the logic of APP login. Please explain.

  1. Where is the difference between landing on the web app. Do you also use session
  2. If you use session, do you use the logic of login again for those apps that are online all the time? If you use the logic of re login to save the user name and password, isn’t it very unsafe.
  3. If you don’t use session. Is it possible to call the interface after obtaining the token with OAuth? Is there only status? Is there no point to log out? As long as you get the user’s token, anyone can always call the user’s various operations and get the user’s information?

Well, what are the blogs with mature solutions?

Chener replied 7 months ago

Now, we take it for granted to use the normal login method, and then package the web app with phonegap.

Chener replied 7 months ago

In this way, if the front end of the sub app keeps logging in all the time, it needs to log in again after the server session has expired.

Chener replied 7 months ago

For example, the login time is set to n days. In this way, if n days have passed, it is theoretically time to log in again. (how to set it to n days, please search session never expired, etc.)
If you don’t want to log in again, just remember the password. Like QQ, you will automatically send the account password and log in automatically every time.

1 Answers
vilicvane answered 7 months ago
  1. The nature of token is actually similar to session
  2. To be specific, I don’t bother to use HTTPS and token directly in order to save trouble. Although I don’t think it’s good, it’s better. There’s no obvious security problem
  3. The token can be reset on the server or set the expiration time
Rajoy replied 7 months ago

In token. Does the server need a session like mechanism. Or a value in memory. Do you need to query the database every time?

vilicvane replied 7 months ago

This cost is very limited, of course, can also do caching.

Blue pool replied 7 months ago

User name + password?