One 、 Let's explain Token The meaning of
1、Token The introduction of ：
Token It is in the client side that frequently requests data from the server , The server frequently goes to the database to query the user name and password and compares them , Judge whether the user name and password are correct or not , And give corresponding prompt , In this context ,Token It came into being .
2、Token The definition of ：
Token Is a string generated by the server , As a token for the client to request , After the first login , The server generates a Token This is what we call it Token Return to the client , In the future, the client only needs to bring this Token Just come and ask for data , No need to bring user name and password again .
3、 Use Token Purpose ：
Token The goal is to reduce the pressure on the server , Reduce frequent database queries , Make the server more robust .
4.Token The advantages of ：
More scalable , It's safer , Very suitable for Web On apps or mobile apps .Token Chinese translation of “ token ”, I think it's good , It means , You take this token , To pass some checkpoints .
5.Token Generally used in three places :
① Prevent forms from being submitted repeatedly
②anti csrf attack （ Cross-site request forgery ）
③ Authentication （ Single sign on ）
I understand Token After the meaning of , We will know more clearly why we should use him .

Two 、 How to use Token？
This is the focus of this article , Here I will introduce two common ways .
1、 Equipment No / equipment mac Address as Token（ recommend ）
client ： The client obtains the device number of the device when logging in /mac Address , And pass it as a parameter to the server .
Server side ： After the server receives the parameter , We use a variable to receive it as Token Save in database , And put the Token Set to session in , Every time the client requests, it needs to intercept , And deliver the token And the server side session Medium token Contrast , If the same, release , If it's different, refuse to . analysis ： At this moment, the client and the server have a unique identity Token, It also ensures that each device has a unique session . The disadvantage of this method is that the client needs to bring the device number /mac The address is passed as a parameter , And the server needs to save ; The advantage is that the client does not need to log in again , Just log in once and use it all the time , As for the timeout problem, the server has to deal with it , How to deal with it ？ If the server's Token After a timeout , The server only needs to deliver the Token Query the database , At the same time, it is assigned to the variable Token, such ,Token Time out and re time .
2、 use session Value as Token
client ： The client only needs to login with user name and password .
client ： The client receives the user name and password and judges , If it is correct, it will be obtained locally sessionID As Token Return to the client , The client only needs to bring the request data .
analysis ： The advantage of using this method is convenience , No need to store data , But the disadvantage is to be session After expired , The client must log in again to access the data .
3、 ... and 、 Problems and solutions in the use process ？
  We just introduced Token Two ways of using , But in the use process, we also have various problems ,Token In the first method, we hide a problem that will lead to repeated data submission when the network is not good or concurrent requests occur .
The solution to the problem ： take session and Token To paraphrase , This will solve the problem , How to apply it ？ Take a look at this explanation ：
session Is a single operator in the whole operation process , The unique identification information that maintains communication with the server . In multiple requests from the same operator ,session Always make sure it's the same object , Not multiple objects , Because it can be locked . When multiple requests from the same operator enter , Can pass session Restrictions on one-way traffic
This article is through the use of session And in session Add token, To verify whether the same operator has made concurrent and repeated requests , When the next request comes , Use session Medium token Verify... In the request token Is it consistent , When it's inconsistent , Is considered a duplicate submission , Will not be allowed to pass .
  This is the solution to duplicate submission .
Four 、 be based on Token Authentication method for
Using a Token Authentication method for , The server does not need to store the user's login record . The general process is like this ：
Client requests login with user name and password
The server receives the request , To verify the user name and password
After successful verification , The server will issue a Token, Put this again. Token Send to client
Client received Token You can store it later , For example Cookie Or Local Storage in
Each time the client requests resources from the server, it needs to bring the Token
The server receives the request , Then go to verify the client request Token, If the validation is successful , Return the requested data to the client