When a front-end user registers, fill in the value of the verification code image, and then match the backend. However, because the user is not registered, he cannot be bound with an identification ID. Therefore, I am designing this for the moment: when a verification code image is generated, the value of the verification code is saved in the cache (redis, cache to set the Expiration Time, and then before... when a front-end user registers, fill in the value of the verification code image, and then match the backend.
However, because the user is not registered and cannot be bound with an identity, my current design is as follows:
When a verification code image is generated, the value of the verification code is saved in the cache (redis), and the expiration time is set in the cache. Then, when the front-end submits the verification code, the value is read from the cache to check whether it exists, if a pair exists successfully and the cache is deleted.
Such a problem is that you may encounter a mistake or a successful match, but the probability is not very high.
Is there any better idea?
Reply content:
When a front-end user registers, fill in the value of the verification code image, and then match the backend.
However, because the user is not registered and cannot be bound with an identity, my current design is as follows:
When a verification code image is generated, the value of the verification code is saved in the cache (redis), and the expiration time is set in the cache. Then, when the front-end submits the verification code, the value is read from the cache to check whether it exists, if a pair exists successfully and the cache is deleted.
Such a problem is that you may encounter a mistake or a successful match, but the probability is not very high.
Is there any better idea?
If it is a non-frontend/backend separation, you can store the verification code in the session for verification.
If the frontend and backend are separated, each front-end request is stateless. Therefore, you need to assign a token to the front-end when the first request is sent, this token will be taken. You can use this token as the redis key value and place the verification code in the corresponding value position.
One session, one verification code, and no session is registered.
As long as the control is good, there should be no errors or a successful match.
1. the verification code is generated in the background. And put it in the session.
2. the front-end obtains the verification code in sync with the one that was just put into the session.
3. if the front-end fails, or the user clicks switch verification code. The verification code will be changed in the background, and the verification code will be changed in the session.
In fact, as long as you always ensure that the verification code displayed on the front end is synchronized with the session, there will be no problems.
PS: If each request is multi-threaded, it should be successful without making any mistake.
When a user generates a verification code during registration, the verification code is written into the session. after the user submits the verification code, the user reads the verification code from the session for comparison.
Http://netsecurity.51cto.com/art/201402/428721.htm for your reference
Front end:
Backend:
$ Showing = strtoupper ($ _ POST ['checkcode']); // checks the submitted verification code if ($ _ SESSION ['checkcode']! = $ Showing | empty ($ showing) {unset ($ _ SESSION ['checkcode']); die ('verification code error ');}
Verification code generation:
Session: it is called "session control" in computers, especially in network applications ". No matter whether you are a registered user or not, the server generates a unique session ID as long as you access it. Store the verification code data in the session.