For beginners, the use of tokens and sessions will inevitably be confined to the dilemma, the development process to know that there is this thing, but do not know why to use him? I do not know the principle, today I will take you to analyze this thing together.
First, let's explain what he means:
1,token of the introduction : Token is the client frequently to the server to request data, the server frequently go to the database to query the user name and password and contrast, to determine the correct user name and password, and make the corresponding hints, in such a context, token will emerge.
2. Token definition : Token is a string generated by the server to serve as a token for the client to make the request, and when the first login, it returns the token to the client. In the future, the client only needs to bring this token to request the data, without having to bring the username and password again.
3, the purpose of using tokens : token is to reduce the pressure on the server, reduce the frequent query database, make the server more robust.
Knowing the meaning of token, we are more specific about why we use him.
Second, how to use token?
This is the focus of this article, here I will introduce the two commonly used methods.
1. Use the device number/device MAC address as token (recommended)
Client: The client obtains the device's device number/MAC address when logging on, and passes it as a parameter to the server.
Server: After the server receives the parameter, it uses a variable to receive it as token in the database, and the token is set to the session, the client each request to be unified interception, The token passed by the client and the token in the server-side session are compared, and if the same is released, the difference is rejected.
Analysis: At this point the client and server are unified with a unique identity token, and each device has a unique session. The disadvantage of this method is that the client needs to take the device number/MAC address as a parameter, and the server side needs to be saved; The advantage is that the client does not need to log in again, as long as the login can be used after one time, as for the time-out problem is the server side to handle, how to handle? If the server's token expires, the server simply queries the token passed by the client to the database and assigns it to the variable token, so that the token's timeout is re -timed.
2. use Session value as token
Client: The client only needs to carry the username and password to login.
Client: The client receives the user name and password and determines that if it is correct, it returns the local fetch SessionID as token to the client, and the client only needs to bring the requested data.
Analysis: The benefits of using this approach are convenient and do not store data, but the disadvantage is that when the session expires, the client must log back in to access the data .
Third, the use of the process of problems and solutions?
Just now we introduced two ways to use token, but in the process of use we also have a variety of problems, token the first method we hide a bad network or concurrent requests will result in multiple repeated data submission problem.
The solution to this problem: apply the session and token so that it can be resolved, how to apply it? Take a look at this explanation:
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/49/A9/wKioL1QX85nCkJ5qAABWcdNyC0g731.png "title=" Session. PNG "alt=" Wkiol1qx85nckj5qaabwcdnyc0g731.png "/>
This is the solution to duplicate submissions.
Summary: The above is the development of the use of tokens and a summary of the session, if there is improper description, please correct me, I will promptly correct and thank you, I know there are more and better use the way, I am here just a point, I hope you will use the way you put forward, we discuss together, learn, progress together , but also for the same as me to understand the weak understanding of friends to provide some help, thank you.
This article is from the "Suck on self-renewal" blog, please be sure to keep this source http://wyong.blog.51cto.com/1115465/1553352
How the Android client and server use token and session