[英]JWT - High quality ways to handle the user experience of a returning logged in user
I have a client that, once authenticated, stores a JWT in localStorage
. 我有一个客户端,一旦通过身份验证,
localStorage
将JWT存储在localStorage
。 If a user closes the browser, and once again navigates to the site, the client first checks for the JWT in localStorage
, and if present, redirects via: 如果用户关闭浏览器,然后再次导航到该站点,则客户端首先在
localStorage
检查JWT,如果存在,则通过以下方式重定向:
window.location.href = `/?jwt=${token}`
This works fine except I'm not a fan of the user experience. 除非我不喜欢用户体验,否则此方法工作正常。 The user visits a page, is shown a login page, and then it abruptly redirects to a new page.
用户访问页面,显示登录页面,然后突然重定向到新页面。
I have played around with hiding /auth/login
's UI if a JWT token is found, but it's still not great. 如果找到了JWT令牌,我就一直在隐藏
/auth/login
的UI,但是它仍然不是很好。
What are some better ways to handle the case where a user has left a site, comes back and should be logged in? 有什么更好的方法来处理用户离开站点,再次访问并应该登录的情况?
Is there a way for a user to return to a site after having closed their browser, and immediately be shown as logged in using JWT's? 用户关闭浏览器后是否有办法返回站点,并立即显示为使用JWT登录?
This post does a great job of answering the question: 这篇文章很好地回答了这个问题:
https://dev.to/rtfeldman/defense-against-the-dark-arts-csrf-attacks https://dev.to/rtfeldman/defense-against-the-dark-arts-csrf-attacks
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.