Shulou(Shulou.com)06/02 Report--

This article is about how to solve the security verification problem of thinkphp in the process of app interface development. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

For the interface we have written, if you can access it directly without security authentication, it will cause great security risks to our website. Some hack may directly use your interface to operate the database, and the consequences are incalculable.

So how can effective security verification be carried out?

Here, the access_token mechanism in Wechat development is adopted, which allows the app front-end developer to obtain the token by submitting appid and appsecert. The server caches the token for 7200 seconds. If the client requests token directly every time, the token will reset every time.

Therefore, it is recommended that the client cache as well. The client can determine whether the local token exists. If it exists, the client can directly use token as a parameter to access our api. The server judges the validity of the token and returns it accordingly. If the cached token of the client fails, it will directly request to obtain the token. This is probably the way of thinking. The complete reference code is provided below. If there is a better method, you can also leave a message.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.