问题
I am working with PHP and Laravel at the moment, I have a restful api that the user needs to authenticate with to make sure they can only access things they own etc.
What I want to know is where should the token from the server be saved on the client? In a session a cookie? The servers database?
回答1:
I suggest to go the following route:
- the user logs into your site and requests a API usage token
- when a new request to your API comes in, compare the token from the incomming request, with the token in the db. if it is found, it's a valid request. the REST client could use the
Authorizationheader to send the token. - send the answer for the request
While the login system of your website, might be session-based with cookies on client-side, the REST API is token-based and doesn't need a cookie or session.
Please take a look at this for more details: https://softwareengineering.stackexchange.com/a/141434/111803
来源:https://stackoverflow.com/questions/24993370/token-authentication-where-to-store-the-token