App-& gt; h5 synchronous identity

In the last six months, we have mainly developed mobile phones, mainly including support for H5 platforms and apps embedded with H5 marketing campaigns. We have encountered fewer compatibility issues, but iscroll performance is just a little transparent, cell phone browser cache improves cell phone performance.

Today, I will summarize the issue of synchronizing identities between apps and H5 application services in my work project. During the design, the main login and exit functions are all implemented in the app. H5 uses the pseudo protocol, call out the APP interface. After successful login, the APP then calls the exposed js method.

 

Detailed description of the login process A. The process of logging on to the client and entering the H5 page

 

B. The client is not logged on

 

C. token timeout

The client server, similar to the session mechanism, has a validity period of 30 minutes, so there is a client login, there is no login in H5. That is, in case

1 ~ 5: Same as A1 ~ 5

6. On the server side, the login account information is not returned due to a tokenn error or token login timeout.

7. If the h5 server ajax return is not logged in

8. Same with B-related procedures

 

Remarks

1. The latest Effective token Design for cooike storage.

The main purpose is to solve the problem where the user clicks back. The page URL is still the original token, which will cause the user to exit. Now the timestamp mechanism is added, which is subject to the latest

2. log on to the APP. The H5 page shows that the app is not logged on, mainly because the APP server is valid for 30 minutes.

3. The background logic is subject to the token passed in by the client. If a token exists and is different from the token currently logged in, exit