duangejian6657 2016-09-28 08:47
浏览 27
已采纳

如何在PHP应用程序的页面加载期间处理身份验证令牌?

I am confused a bit about a matter. I have made a restful api in php where the entry point is index.php.

Now the point is when a user 'll login a random generated token 'll be sent to the user and from then for any request(to receive html page or json data) user has to sent the token with the request, else user 'll get a 401,unauthorised response.

Now when user 'll make an ajax call the the token has to be sent via http header; and there is no problem. But my confusion is when a user ask for a html page(e.g. report.html) how 'll the user sent the token to authenticate himself/herself before accessing the page?

Currently my solution is as following;

 http://host/app-name/page/token

Is it the right way?

For your information login page can be accessed without token.

  • 写回答

1条回答 默认 最新

  • duanpingzu7194 2016-09-28 09:05
    关注

    You need to use the Header of your request.

    Basically, the Header is something that will define your request to the server, the location of the request, the device, the browser,...

    By sending it that way your server can handle the authentication without having to read your request, the best way of implementing would be to create a function that will be called before any other to check if the token is valid.

    I would recommend using Postman for testing your API, it's simple but effective.

    There are other way of identification that are deemed safer if you're interested (look here)

    I hope that this will help you, have a nice day ;)

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 如何在scanpy上做差异基因和通路富集?
  • ¥20 关于#硬件工程#的问题,请各位专家解答!
  • ¥15 关于#matlab#的问题:期望的系统闭环传递函数为G(s)=wn^2/s^2+2¢wn+wn^2阻尼系数¢=0.707,使系统具有较小的超调量
  • ¥15 FLUENT如何实现在堆积颗粒的上表面加载高斯热源
  • ¥30 截图中的mathematics程序转换成matlab
  • ¥15 动力学代码报错,维度不匹配
  • ¥15 Power query添加列问题
  • ¥50 Kubernetes&Fission&Eleasticsearch
  • ¥15 報錯:Person is not mapped,如何解決?
  • ¥15 c++头文件不能识别CDialog