How to Use Token, Session, and tokensession on the client and server

How to Use Token, Session, and tokensession on the client and server

1. Let's explain his meaning first:
1. Introduction of Token: the Token requests data from the server frequently from the client. The server frequently queries and compares the user name and password from the database to determine whether the user name and password are correct, in this context, the Token came into being.
2. Definition of Token: Token is a string generated by the server to be used as a Token for requests from the client. After the first login, the server generates a Token and returns the Token to the client. In the future, the client only needs to carry the Token to request data, without the need to add the user name and password again.
3. The purpose of using Token is to reduce the pressure on the server, reduce frequent database queries, and make the server more robust.

Ii. How to Use Token?.
1. Use the device number/device mac address as the Token (recommended)
Client: when the client logs on, it obtains the device ID/mac address of the device and transmits it as a parameter to the server.
Server: After the server receives this parameter, it uses a variable to receive it and saves it as a Token in the database and sets this Token to the session, the client must intercept all requests and compare the tokens passed by the client with the tokens in the session on the server. If the tokens are the same, the requests are rejected.
Analysis: At this moment, the client and server have a unique Token, and each device has a unique session. The disadvantage of this method is that the client needs to pass the device ID/mac address as the parameter, and the server needs to save it. The advantage is that the client does not need to log on again and can always be used once after login, the timeout issue is handled by the server. How can this problem be solved? If the Token of the server times out, the server only needs to query the Token passed by the client to the database and assign the value to the variable Token. In this way, the Token times out again.
2. Use the session value as the Token
Client: the client only needs to carry the user name and password to log on.
Client: After receiving the user name and password, the client determines that, if it is correct, it returns the locally obtained sessionID as the Token to the client. The client then only needs to carry the request data.
Analysis: This method is convenient and does not need to store data. However, when the session expires, the client must log on again to access the data.

 

Iii. Problems and Solutions during use?

We have introduced two Token usage methods, but we still have various problems during use, the first Token method hides a problem that occurs when the network is poor or concurrent requests cause repeated data submission.

Solution to this problem: Apply the session and Token so that the problem can be solved. How can this problem be applied? Please refer to this explanation:

This is the solution for repeated submission.

/*** User logon, save the private token ** @ param appContext * @ param username * @ param password * @ return GitlabUser User information * @ throws IOException */public static User login (AppContext appContext, String userEmail, string password) throws AppException {String urlString = URLs. LOGIN_HTTPS; Session session = getHttpRequestor (). init (appContext, HTTPRequestor. POST_METHOD, urlString ). with ("email", userEmail ). with ("pass Word ", password). to (Session. class); // Save the user's private token if (session! = Null & session. get_privateToken ()! = Null) {String token = polictoutils. encode (GITOSC_PRIVATE_TOKEN, session. get_privateToken (); appContext. setProperty (PRIVATE_TOKEN, token);} return session ;}