摘要
JWT(JsonWebToken)认证作为一种服务器端无状态验证方式,在分布式开发中得到了广泛的应用。但是,由于token信息的本身特点,支持的有效时间是固定的,当在token有效时间内用户操作没有完成,操作就会中断,需要重新登录验证。本文通过对比传统Cookie/Session身份验证机制在分布式开发中存在的不足,提出了一种基于JWT认证过程中动态刷新token的方法,有效地解决了分布式开发中会话共享问题,并通过在webApi开发中得到了具体的应用,表明了该方法的有效性和实用性。
JWT(JSON Web Token)authentication,as a server-side stateless authentication method,has been widely used in distributed development.However,due to the characteristics of token information itself,the supported valid time is fixed.When the user operation is not completed within the token valid time,the operation will be interrupted and the login verification needs to be re-registered.By comparing the traditional Cookie/Session authentication mechanism in distributed development of deficiencies,this paper proposes a method based on dynamic refresh token JWT certification process,solving effectively the problem of the sharing Session in distributed development.The application in the webApi development shows that the method is effective and practical.
作者
周虎
ZHOU Hu(Xuzhou Finance and Economics Branch,Jiangsu Union Technical Institute,Xuzhou 221008,China)
出处
《软件工程》
2019年第12期18-20,共3页
Software Engineering
