我是否需要使用令牌认证?
[英]Is using token authentication necessary in my case?
问题描述
I'm building a web app that relies on a client side mvc that make ajax calls to the server with rails to get data from the database. 
我正在构建一个依赖客户端mvc的Web应用程序,该客户端使用Rails对服务器进行Ajax调用以从数据库中获取数据。
I thought that, since ajax call are made to a controller that require the user to be authenticated using devise, i had to use token authenticable to authenticate ajax calls. 我认为,由于对要求用户使用devise进行身份验证的控制器进行了ajax调用,因此我不得不使用可验证的令牌来对ajax调用进行身份验证。
But I've noticed that If the user login the normal way than since the session data is stored and sent with each ajax call it isn't necessary to use token authentication... 但是我注意到,如果用户以正常方式登录,则由于会话数据是随每个ajax调用存储和发送的,因此不必使用令牌身份验证...
is this a bad approach? 这是一个不好的方法吗?
1 个解决方案
解决方案1
0 2012-11-01 16:32:10
I don't see any issue with it. 我没有看到任何问题。 If the user is already logged in, than any ajax requests are also already authenticated. 如果用户已经登录,那么所有ajax请求也已经通过身份验证。 If the user is logged out, however, than the ajax requests will also be un-authenticated and may be rejected if authentication is required by the ajax call's controller. 但是,如果用户已注销,则ajax请求也将未经身份验证,并且如果ajax调用的控制器要求进行身份验证,则该请求可能会被拒绝。 To my understanding auth token is to get the user logged in for a particular request without needing the user to login first, such as sending the user an email with a link to vote or something. 据我所知,身份验证令牌是让用户针对特定请求登录,而无需用户先登录,例如向用户发送包含投票链接的电子邮件。 And I think if the user follows that link, the browser will log them in automatically and persist that fact for subsequent requests without the token. 而且我认为,如果用户点击该链接,浏览器将自动将其登录,并在没有令牌的情况下继续后续的请求。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.