duanmuyao0463 2019-02-22 07:18
浏览 172

JWT认证策略

Right now I have this confusion whether I should store JWT Token in the session or not

Should I

  1. Store it in Redis after Token creation has been made

    // JWT TOKEN
    token := CreateToken(user)   
    
    // Storing it in Gorilla Session + Redis     
    s := sessions.Default(c)
    s.Set("token", token)
    s.Save()
    

So then take the token from the server instead from subsequent request from the request Header

    s.Get("token")
    // and to something with it
  1. Pass the Token in Subsequent request so in every route that required The token

    func login(c *gin.Context) {
        c.Getheader("Authorization")
    }
    

I'm using gin framework

Which approach is better session or subsequent request from user

Regards, Naufal

  • 写回答

2条回答 默认 最新

  • dsgdhtr_43654 2019-02-22 07:52
    关注

    If you make a client - then YES, as you've obtained the a token, you should store it and pass with subsequent requests.

    If you make a server - then NO. You have no need to store a token you've issued, but you should validate it any time you get with a client's request. This way you can make your service stateless and more scalable.

    评论

报告相同问题?

悬赏问题

  • ¥15 数学的三元一次方程求解
  • ¥20 iqoo11 如何下载安装工程模式
  • ¥15 本题的答案是不是有问题
  • ¥15 关于#r语言#的问题:(svydesign)为什么在一个大的数据集中抽取了一个小数据集
  • ¥15 C++使用Gunplot
  • ¥15 这个电路是如何实现路灯控制器的,原理是什么,怎么求解灯亮起后熄灭的时间如图?
  • ¥15 matlab数字图像处理频率域滤波
  • ¥15 在abaqus做了二维正交切削模型,给刀具添加了超声振动条件后输出切削力为什么比普通切削增大这么多
  • ¥15 ELGamal和paillier计算效率谁快?
  • ¥15 蓝桥杯单片机第十三届第一场,整点继电器吸合,5s后断开出现了问题