Token needs to check the database to verify whether the token is valid, while JWT does not need to check the database or does not need to check the database. It is verified directly on the server side and does not need to check the database. Because the user's information and encrypted information have been generated in the second part of the payload and the third part of the visa, it only needs to be verified on the server side, and the verification is also implemented by JWT itself. TOKEN concept: Token is a credential for accessing resources. ?
Token authentication process:?
1. The user enters the username and password and sends them to the server. ?
2. The server verifies the username and password. If correct, it returns a signed token (the token can be thought of as a long string), and the browser client gets the token. ?
3. In each subsequent request, the browser will send the token as an http header to the server. The server will verify whether the signature is valid. If it is valid, the authentication will be successful and the data required by the client can be returned. Features: The feature of this method is that the client's token retains a large amount of information, and the server does not store this information.
?JWT concept:
?JWT is the abbreviation of json web token. It encrypts user information into the token, and the server does not save any user information. The server verifies the correctness of the token by using the saved key. As long as it is correct, the verification is passed. ?
Composition: ?
WT contains three parts: Header, Payload and Signature. The token is generated from three parts, and the three parts are separated by ".".