问题
For a website that call a backend for each of Data through backend's API
the backend first delivers an accessToken through its authenticate handler, or the accesstoken could also be delivered with OAuth
I was wondering if then it's safe, or a bad practise, to store the accessToken as a simple Javascript var, and only make Ajax calls to the backend
thanks
回答1:
You can do this but make sure the accessToken is short lived. A few hours would be best.
来源:https://stackoverflow.com/questions/10316729/is-it-a-good-practise-to-store-accesstoken-client-side