[英]what's best practice for client/server communication when token doesn't exist?
I am working on a project where the token is saved as http cookie only.我正在开发一个项目,其中令牌仅保存为 http cookie。 Every time someone enters the website, there is automatic call to the server to check if his token is valid.
每次有人进入网站时,都会自动调用服务器来检查他的令牌是否有效。
So even in cases where user isn't registered (a guest, with no token), the front end get an error message from the backend that token isn't valid.因此,即使在用户未注册的情况下(访客,没有令牌),前端也会从后端收到一条错误消息,表明令牌无效。 What's the best practice to handle that?
处理这个问题的最佳做法是什么?
I can't check ahead if a token exist in the client side, because there is no access to http cookie.我无法提前检查客户端是否存在令牌,因为无法访问 http cookie。 So, what's the best practice to handle unregistered users in the client/backend?
那么,在客户端/后端处理未注册用户的最佳实践是什么? Is one in particularly considered the best?
一个特别被认为是最好的吗?
I don't know if there is "a best practice to handle that"
.我不知道是否有
"a best practice to handle that"
。 But a good option would be for the server to send you custom error if the user has an invalid token and another one if the user has no token.但是一个不错的选择是,如果用户有无效的令牌,服务器会向您发送自定义错误,如果用户没有令牌,则发送另一个错误。 I think you might want to display the login page either way (depending on your app - sometimes maybe just a homepage), but if the token exists but is invalid you might want to display some message to the user.
我认为您可能希望以任何一种方式显示登录页面(取决于您的应用程序 - 有时可能只是一个主页),但如果令牌存在但无效,您可能希望向用户显示一些消息。
Another question (that doesn't fix your problem but I think it might help you): Check if httponly cookie exists in Javascript另一个问题(这不能解决您的问题,但我认为它可能会对您有所帮助): 检查 Javascript 中是否存在 httponly cookie
I hope I didn't misunderstood you question and if you have a more specific case please try to add the details to your question.我希望我没有误解您的问题,如果您有更具体的案例,请尝试将详细信息添加到您的问题中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.