Analysis of 2 Token Reasons and Sample Code in Web Project Development

insert image description here

question:

There are 2 tokens in the project, one with a validity period of 2 hours (referred to as: short token), and the other with a validity period of 14 days (referred to as: long token).
Why use 2 tokens?

answer:

1. Based on security considerations and to prevent token leakage, all requests in server resources can only use short tokens, and short tokens are only valid for 2 hours;

This method still cannot completely solve the problem of preventing Token leakage, but it can only improve the security of preventing Token leakage to a certain extent;
The only function of a long token is to use it to request a new short token when the short token expires.

Only in this interface can you send requests using long Token.

2. To improve the user experience, do not directly ask users to exit the page they are operating

import Vue from 'vue'
import axios from 'axios'
import VueAxios from 'vue-axios'
import { getToken, setToken } from './token'
import router from '../router/index.js'
import { Toast } from 'vant'
Vue.use(VueAxios, axios)
const instance = axios.create({
  baseURL: 'base URL',
  timeout: 100000
})
// Add request interceptor instance.interceptors.request.use(
  function (config) {
    // Add token uniformly
    getToken() && (config.headers['Authorization']= `Bearer ${getToken().token}`)
    return config
  },
  function (error) {
    return Promise.reject(error)
  }
)
//Add response interceptor/**
 * 1.if 401 else don't care* 2.if there is a token else jump to the login page* 3.try-catch use refresh_token to get the token, if successful else refresh_token is invalid, jump to the login page* 4.Save the obtained token, update, and continue to perform the user's desired operation*/
instance.interceptors.response.use(
  function (response) {
    return response
  },
  async function (error) {
    if (401 === error.response.status) {
      setTimeout('console.clear()', 2000)
      if (getToken()) {
        try {
          // Logged in, but the short T expired, use the long T to get the short T (refresh user token)
          let res = await axios({
            url: 'base address/v1_0/authorizations',
            method: 'PUT',
            headers:{Authorization : `Bearer ${getToken().refresh_token}`}
          })
          // Update short T
          let token = getToken()
          token.token = res.data.data.token
          setToken(token)
          // Continue user operation return instance(error.config)
        } catch (error) {
          // Long T fails, jump to login page Toast.fail('Please log in first')
          router.push({ path: '/login' })
        }
      } else {
        // Not logged in, jump to the login page Toast.fail('Please log in first')
        router.push({ path: '/login' })
      }
    }
    return Promise.reject(error)
  }
)
export default instance

The above is the detailed content of the analysis of the reasons and sample codes of 2 Tokens in web project development. For more information about web project development, please pay attention to other related articles on 123WORDPRESS.COM!

You may also be interested in:

How to get token in Vue and write it into header
Example code for token verification based on Vue
The ssm project implements user login persistence (token)
Detailed explanation of the simple practice of using token authentication in Vue project
After successful login verification in Vue, the token is saved, and each request carries and verifies the token operation
Vue interceptor handles token expiration

<<: Dockerfile text file usage example analysis

>>: Summary of MySQL database like statement wildcard fuzzy query

JavaScript to achieve balance digital scrolling effect

Analysis of 2 Token Reasons and Sample Code in Web Project Development

Table of contents

JavaScript to achieve balance digital scrolling effect

Mysql triggers are used in PHP projects to back up, restore and clear information

Detailed example of mysql trigger usage

Detailed explanation of Vue project optimization and packaging

Examples of optimistic locking and pessimistic locking in MySQL

Detailed explanation of the setting of background-image attribute in HTML

Detailed explanation of HTML basics (Part 2)

A brief discussion on where the token generated by node using jwt should be stored

Solution to forget password when installing MySQL on Linux/Mac

How to upgrade CentOS7 to CentOS8 (detailed steps)

Recommend

Tips for List Building for Website Maintenance Pages

How to create scheduled tasks using crond tool in Linux

MySQL table name case selection

How to manually build a new image with docker

MySQL slow log online problems and optimization solutions

How to automatically start RabbitMq software when centos starts

Three examples of blur background effects using CSS3

The difference between storing full-width characters and half-width characters in MySQL

Common methods of Vue componentization: component value transfer and communication

Markup language - web application CSS style

Theory: The two years of user experience

MySQL aggregate function sorting

Windows Server 2016 Quick Start Guide to Deploy Remote Desktop Services

Detailed explanation of MySql slow query analysis and opening slow query log

Use crontab command in Linux environment to set up scheduled periodic execution tasks [including PHP execution code]