Comments (2)
jwt生成的token是可以通过绑定的加密算法Hmac直接校验的,为什么要把token存在redis去校验,这样子与其他方案生成加密串作为token有什么区别呢?
确实,引入存储就会丧失JWT无状态这个优点。但是,不通过存储服务来保存token,你没办法解决退出登录等场景。
from spring-security-jwt-guide.
jwt生成的token是可以通过绑定的加密算法Hmac直接校验的,为什么要把token存在redis去校验,这样子与其他方案生成加密串作为token有什么区别呢?
确实,引入存储就会丧失JWT无状态这个优点。但是,不通过存储服务来保存token,你没办法解决退出登录等场景。
如果是这样的话,换用cookie+session是不是会更好一点(因为也将token保存到了服务器中,而且传输的数据量也变大了原本只需要sessionID,现在需要一大串编码字符串)
可以将jwt的过期时间缩短,然后当作一次性凭证使用,使用后即过期
from spring-security-jwt-guide.
Related Issues (20)
- 认证服务器、资源服务器、客户端
- 怎么里面的类,跟示例的不一样? HOT 1
- 为啥没有看到 auth/login 这个路由定义在哪个控制器了呢? HOT 1
- "/auth/register"未定义解决
- 登录URL的问题 HOT 1
- User实体里的updateFrom方法未给密码加密导致更新后以明文存储密码 HOT 1
- 说明文档请修改一下 HOT 2
- 前端访问产生cors问题 HOT 2
- 循环依赖 HOT 1
- 按照你的方式自行搭建了一下无任何响应 HOT 1
- JWT_SECRET_KEY 生成的问题
- 项目中不存在UsernamePasswordAuthenticationFilter这个过滤器
- 关于配置context-paht为/api的配置 HOT 3
- 对于登录方面有一些疑问 HOT 3
- 你好!提供优化建议!
- jwt是否适合作为后台登录的token
- SpringSecurity介绍.md文件问题
- post调试工具 HOT 1
- 创建数据库表的SQL语句在哪呢?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spring-security-jwt-guide.