JWT-处理返回的登录用户的用户体验的高质量方法
[英]JWT - High quality ways to handle the user experience of a returning logged in user
问题描述
I have a client that, once authenticated, stores a JWT in localStorage . 
我有一个客户端,一旦通过身份验证, localStorage将JWT存储在localStorage 。 If a user closes the browser, and once again navigates to the site, the client first checks for the JWT in localStorage , and if present, redirects via: 如果用户关闭浏览器,然后再次导航到该站点,则客户端首先在localStorage检查JWT,如果存在,则通过以下方式重定向:
window.location.href = `/?jwt=${token}`
This works fine except I'm not a fan of the user experience. 除非我不喜欢用户体验,否则此方法工作正常。 The user visits a page, is shown a login page, and then it abruptly redirects to a new page. 用户访问页面,显示登录页面,然后突然重定向到新页面。
I have played around with hiding /auth/login 's UI if a JWT token is found, but it's still not great. 如果找到了JWT令牌,我就一直在隐藏/auth/login的UI,但是它仍然不是很好。
What are some better ways to handle the case where a user has left a site, comes back and should be logged in? 有什么更好的方法来处理用户离开站点,再次访问并应该登录的情况?
Is there a way for a user to return to a site after having closed their browser, and immediately be shown as logged in using JWT's? 用户关闭浏览器后是否有办法返回站点,并立即显示为使用JWT登录?
1 个解决方案
解决方案1
0 已采纳 2017-04-17 20:23:58
This post does a great job of answering the question: 这篇文章很好地回答了这个问题:
https://dev.to/rtfeldman/defense-against-the-dark-arts-csrf-attacks https://dev.to/rtfeldman/defense-against-the-dark-arts-csrf-attacks
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.