问题描述
我正在考虑与智威汤逊基于令牌的认证取代我的旧会话基于Cookie 认证。我从它建议JWT存储为cookie的。
I am considering replacing my old session-cookie-based authentication with JWT token-based authentication. I read from here that it is suggested to store JWT as cookie.
如果这样,是不是再实施签署的cookie ?
If so, isn't that a re-implementation of signed cookie?
推荐答案
是的,但优点是格式(比如JSON),某些信息元素(到期时间戳,发行,在时间戳,发行人等)并保护它(即签名/加密方法)的方法是标准化的,所以你可以使用股票库创建和一个非常方便的和无差错的方式阅读。
Yes it is but the advantage is that the format (i.e. JSON), some of the information elements (expiry timestamp, issued-at timestamp, issuer etc.) and the method of protecting it (i.e. signature/encryption method) is standardized so you can use stock libraries to create and read it in a very convenient and error-free way.
这篇关于我们应储存智威汤逊作为cookie?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!