Now the app does not need to log in again after logging in once. How can we complete this function when we use PHP as the background? Each request will bring session ID in the request, but session will expire. What should I do? What’s more, how to verify whether the request information is forged? How to verify the request? I used to do it every day, and I never thought about this problem at the web end. Now I need to do API development, and I need to ask God’s advice on these problems
With the token mechanism, after logging in, the generated token is saved in the database.
Need to login interface, each request with token in the request
Token if your app is similar to a bank and involves capital security, it is recommended that the token be generated according to IP
This is a blog I wrote. You can refer to it
Hello, I’ve read your blog. I have a question to ask. If H5 client users log in and return a token to the client, they must bring this token with them every time they visit other interfaces. They may be caught in either get or post mode. As long as others get the full path of other page interfaces they visit, they can also access the interface. If session is used, It’s much better to make sessionid local. How do you solve this problem
If the other party can get the full path of the access interface, it can also get the session ID of the request. You can learn about JWT mechanism