Just One Pure Coder
by leelight · Published · Updated
如果accessToken放Client端,refreshToken存储在服务器,那么会违背微服务的无状态构架初衷。
accessToken和refreshToken统一放在Client端,可以遵循微服务无状态构架。
两种情况都可以通过accessToken来延长refreshToken,做到长时间保持登录状态的需求。
理解JWT的使用场景和优劣
http://blog.didispace.com/learn-how-to-use-jwt-xjf/
Hacking JWT(JSON Web Token)
https://www.cnblogs.com/dliv3/p/7450057.html
JWS是去验证数据的,而JWE(JSON Web Encryption)是保护数据不被第三方的人看到的。通过JWE,JWT变得更加安全
在JWE中,公钥持有可以将新的数据放入JWT中,但是JWS中,公钥持有者只能验证数据,不能引入新的数据。因此,对于公钥/私钥的方案而言,JWS和JWE是互补的。
别再使用 JWT 作为 Session 系统!问题重重且很危险。
No related posts.
Tags: JWT
by leelight · Published January 3, 2022
by leelight · Published June 18, 2019
by leelight · Published June 18, 2019
Follow:
| Cookie | Duration | Description |
|---|---|---|
| cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
| cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
| cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
| cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
| cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
| viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
![[汇总]数据权限经验](http://www.mobabel.net/wp-content/themes/hueman/assets/front/img/thumb-medium-empty.png)