Login Persistence mechanism: cookies&&session
Cookies: The information is stored to the client, all information is unsafe, the information is encrypted, the cookie stores the unique identity of the current session, that is, SessionID, he will also be stored on the server side, the client and his counterpart.
Session: After the client has made a request to the server and returns a unique identity, that is, SessionID, his name is related to the current development language.
After the SessionID is generated on the server side, it will be returned to the client and stored in the cookie, after the new request is sent, take the local SessionID and go to the session on the service to fetch the relevant information.
Cross-domain sharing (same top-level domain): Cookies Two-level domain name and first-level domain share login information
We have a website: www.test.com, there is a commodity management module product.test.com. While in the www.test.com, you need to save this login status to Product.test.com
This is where we need to define domain properties on their pages so they can execute the top-level domain name, document.domain= "test.com"
Implementation ideas:
Gets the validation----obtains the token-----through the token to obtain the resource through authentication
Session Sharing and Web clustering
SSO Single Sign-on