JWT认证策略
[英]JWT Authentication strategy
问题描述
Right now I have this confusion whether I should store JWT Token in the session or not 
现在,我是否应该在会话中存储JWT令牌感到困惑
Should I 我是不是该
Store it in Redis after Token creation has been made
创建令牌后将其存储在Redis中 // JWT TOKEN token := CreateToken(user) // Storing it in Gorilla Session + Redis s := sessions.Default(c) s.Set("token", token) s.Save()
So then take the token from the server instead from subsequent request from the request Header 因此,然后从服务器获取令牌,而不是从请求标头的后续请求中获取令牌
s.Get("token")
// and to something with it
Pass the Token in Subsequent request so in every route that required The token
在后续请求中传递令牌,以便在所需的每个路由中传递令牌 func login(c *gin.Context) { c.Getheader("Authorization") }
I'm using gin framework 我正在使用gin框架
Which approach is better session or subsequent request from user 哪种方法是更好的会话或用户的后续请求
Regards, Naufal 问候,诺法
2 个解决方案
解决方案1
3 2019-02-22 07:52:44
If you make a client - then YES, as you've obtained the a token, you should store it and pass with subsequent requests. 如果您是一个客户 -是的,则在获得令牌后,您应该将其存储并传递后续请求。
If you make a server - then NO. 如果您创建服务器 -则否。 You have no need to store a token you've issued, but you should validate it any time you get with a client's request. 您无需存储已发行的令牌,但应在收到客户请求时随时对其进行验证。 This way you can make your service stateless and more scalable. 这样,您可以使服务成为无状态且更具可扩展性。
解决方案2
1 2019-02-22 09:16:41
Don't store JWT in sessions.
One important benefits of using JWT is keeping server stateless. 使用JWT的一个重要好处是使服务器保持无状态。 Now, If you put JWT in sessions, you are losing the benefits of JWT. 现在,如果将JWT放在会话中,您将失去JWT的优势。
Example: 例:
Say, you have two instances of your server load-balanced. 假设您有两个服务器负载均衡的实例。 Unless you create some sort of shared session storage, your visitor will have to be forced to visit the same server every time (and that is not easy). 除非您创建某种类型的共享会话存储,否则访问者每次都必须被迫访问同一台服务器(这并不容易)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.