DWQA QuestionsCategory: ServerHow to deal with the user login function in PHP API development?
Somosaguas asked 6 months ago

Now the app does not need to log in again after logging in once. How can we complete this function when we use PHP as the background? Each request will bring session ID in the request, but session will expire. What should I do? What’s more, how to verify whether the request information is forged? How to verify the request? I used to do it every day, and I never thought about this problem at the web end. Now I need to do API development, and I need to ask God’s advice on these problems

3 Answers
Iebu thirty cents answered 6 months ago

With the token mechanism, after logging in, the generated token is saved in the database.
Need to login interface, each request with token in the request

Randy answered 6 months ago

Token if your app is similar to a bank and involves capital security, it is recommended that the token be generated according to IP

H Xiaohuang answered 6 months ago

This is a blog I wrote. You can refer to it
http://www.webhuang.cn/archiv…

Salted duck eggs replied 6 months ago

Hello, I’ve read your blog. I have a question to ask. If H5 client users log in and return a token to the client, they must bring this token with them every time they visit other interfaces. They may be caught in either get or post mode. As long as others get the full path of other page interfaces they visit, they can also access the interface. If session is used, It’s much better to make sessionid local. How do you solve this problem

H Xiaohuang replied 6 months ago

If the other party can get the full path of the access interface, it can also get the session ID of the request. You can learn about JWT mechanism