[英]How do websites check the login credentials without reloading the page?
Some websites, such as Yahoo and Google , use Ajax to check if the username/password is wrong. 一些网站,如雅虎和谷歌 ,使用Ajax来检查用户名/密码是否错误。 Obviously there must be server side authentication because anyone can change the local JavaScript and trick it into thinking username/password is correct. 显然必须有服务器端身份验证,因为任何人都可以更改本地JavaScript并欺骗它认为用户名/密码是正确的。 I'm wondering how this is done efficiently since wouldn't the server be checking the same username/password twice? 我想知道如何有效地完成这项工作,因为服务器不会两次检查相同的用户名/密码? Consider the following scenario where a user logs into a web site: 请考虑以下用户登录网站的情况:
<form>
is submitted and an intermittent page takes the inputted values through POST
and processes them again on the server side to verify if the username/password is correct and if it is sets a variable in the session <form>
被提交,间歇页面通过POST
获取输入的值并在服务器端再次处理它们以验证用户名/密码是否正确以及是否在会话中设置变量 In step 5 the server checks for the second time if the same username/password is correct as in step 3. Is there a way to cache the result from step 3 or make the process more efficient? 在步骤5中,服务器第二次检查相同的用户名/密码是否正确,如步骤3中所示。有没有办法缓存步骤3的结果或使流程更有效? Also the server has already been sent the username/password in step 3. but I'm not sure if that could accelerate the process. 此外,服务器已在步骤3中发送了用户名/密码。但我不确定这是否会加速该过程。
I'm using a MySQL database to store user names and passwords. 我正在使用MySQL数据库来存储用户名和密码。
At step 3 your onsubmit
handler will send your AJAX request to the server to validate credentials and prevent the normal form submission (by calling .preventDefault()
in the handler or returning false from the handler), so step 5 will never happen. 在步骤3,您的onsubmit
处理程序将发送您的AJAX请求到服务器以验证凭据并阻止正常的表单提交(通过在处理程序中调用.preventDefault()
或从处理程序返回false),因此步骤5将永远不会发生。 If javascript is disabled then you won't have an onsubmit handler and the normal form submission will take place instead. 如果禁用了javascript,那么您将没有onsubmit处理程序,而是会发生正常的表单提交。
In your step 4, if you receive a "correct" response then your AJAX handler can redirect to a new page; 在您的步骤4中,如果您收到“正确”的响应,那么您的AJAX处理程序可以重定向到新页面; if it's an "incorrect" response you'd stay on the login page, clear the form, and put up your error message. 如果是“不正确”的响应,您将保留在登录页面上,清除表单,并提出错误消息。
At point 3, the JS should be submitting your form to server side processing and waiting for a response. 在第3点,JS应该将表单提交给服务器端处理并等待响应。 If JS is disabled then the form would just submit normally. 如果JS被禁用,则表单将正常提交。
As my comment says, not sure i completely agree with your process there, this is how i would picture it 正如我的评论所说,不确定我完全同意你的过程,这就是我想象的方式
OR if you didnt want to use ajax 或者, 如果你不想使用ajax
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.