# introduction
What is cookieless mode?
Cookie-free: refers to terminals that do not support the Cookie function. Generally speaking, it is what we often say — front and background separation mode
The conventional PC authentication method is generally implemented in Cookie mode, which has two features: 1. Write can be controlled by the back end 2. Each request is automatically submitted
This enables us to complete the whole process of authentication without any special operation in the front-end code (because the whole process is completed by the back-end control), while in the front and background separation scenarios such as APP and small programs, cookies are generally not available. At this time, most people will be confused. How can we conduct authentication?
The answer is simple:
- If the back-end control cannot write, the front-end write itself (difficult to how to transfer token from the back-end to the front-end)
- If every request cannot be submitted automatically, submit it manually (the difficulty is how the front-end passes the token to the back end and the back end reads it)
use
1. The backend returns the token to the front-end
1. Call stputil. setLoginId(Object loginId) to login 2. The stputil.getTokenInfo () call returns the token details of the current session
- This method returns an object with two key attributes: tokenName and tokenValue (the token’s name and the token’s value)
- Pass this object to the foreground and have the front person save the two values locally
2. The front-end submits the token to the back-end
{tokenName: tokenValue} 3. TokenName: tokenValue} 3 Take uni-APP, a classic cross-end framework, as an example: Method 1 is simple and crude
// 1. TokenValue is stored locally at login, for example:
uni.setStorageSync('tokenValue', tokenValue);
// 2. Get the value where the Ajax request is made and stuff it into the header
uni.request({
url: 'https://www.example.com/request'.// This is an example, not a real interface address.
header: {
"content-type": "application/x-www-form-urlencoded"."satoken": uni.getStorageSync('tokenValue') // Key code, note that the parameter name is satoken}, success: (res) => { console.log(res.data); }});Copy the code
Method 2 is more flexible
TokenName = tokenValue = tokenValue = tokenName = tokenValue
uni.setStorageSync('tokenName', tokenName);
uni.setStorageSync('tokenValue', tokenValue);
// 2. Get these two values at the ajax initiation place and organize them into the head
var tokenName = uni.getStorageSync('tokenName'); // Read the tokenName value from the local cache
var tokenValue = uni.getStorageSync('tokenValue'); // Read the tokenValue value from the local cache
var header = {
"content-type": "application/x-www-form-urlencoded" // In case the parameters are not available in the background
};
if(tokenName ! = undefined && tokenName ! =' ') {
header[tokenName] = tokenValue;
}
// 3. Insert the header object into the request header on subsequent requests
uni.request({
url: 'https://www.example.com/request'.// This is an example, not a real interface address.header: header, success: (res) => { console.log(res.data); }});Copy the code
4. After the token value is transferred to the backend in this way, the SA-Token can automatically read the token value for authentication like the traditional PC. 5. You might be wondering, do I have to write this mess for every Ajax? It’s a lot of trouble.
- Of course, you can’t write this mess for every Ajax, because it’s all wrapped up in a single function
Other solutions?
If you know anything about cookies, then you know that cookies are essentially just a special header argument
And since it’s just a header argument, we can simulate it manually to do the authentication
This is actually another solution to the cookie-free mode. If you are interested, you can read about it on Baidu
Write in the last
Open source, the author is not easy, if you like this framework trouble you conveniently point a little star oh!
-
Official documentation: sa-token.dev33.cn/
-
Gitee open Source address: gitee.com/sz6/sa-toke…
-
GitHub open Source: github.com/click33/sa-…