duangejian6657 2016-09-28 08:47
浏览 27
已采纳

如何在PHP应用程序的页面加载期间处理身份验证令牌?

I am confused a bit about a matter. I have made a restful api in php where the entry point is index.php.

Now the point is when a user 'll login a random generated token 'll be sent to the user and from then for any request(to receive html page or json data) user has to sent the token with the request, else user 'll get a 401,unauthorised response.

Now when user 'll make an ajax call the the token has to be sent via http header; and there is no problem. But my confusion is when a user ask for a html page(e.g. report.html) how 'll the user sent the token to authenticate himself/herself before accessing the page?

Currently my solution is as following;

 http://host/app-name/page/token

Is it the right way?

For your information login page can be accessed without token.

  • 写回答

1条回答

  • duanpingzu7194 2016-09-28 09:05
    关注

    You need to use the Header of your request.

    Basically, the Header is something that will define your request to the server, the location of the request, the device, the browser,...

    By sending it that way your server can handle the authentication without having to read your request, the best way of implementing would be to create a function that will be called before any other to check if the token is valid.

    I would recommend using Postman for testing your API, it's simple but effective.

    There are other way of identification that are deemed safer if you're interested (look here)

    I hope that this will help you, have a nice day ;)

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥60 更换迈创SOL6M4AE卡的时候,驱动要重新装才能使用,怎么解决?
  • ¥15 让node服务器有自动加载文件的功能
  • ¥15 jmeter脚本回放有的是对的有的是错的
  • ¥15 r语言蛋白组学相关问题
  • ¥15 Python时间序列如何拟合疏系数模型
  • ¥15 求学软件的前人们指明方向🥺
  • ¥50 如何增强飞上天的树莓派的热点信号强度,以使得笔记本可以在地面实现远程桌面连接
  • ¥20 双层网络上信息-疾病传播
  • ¥50 paddlepaddle pinn
  • ¥20 idea运行测试代码报错问题