How to verify whether the front-end request data is legal in the project with the front-end separated from the back-end

  java, question

Recently, I was studying Vue and fell in love with the separation of front and rear ends, but I don’t know how to realize it in several places.

  1. Is there a better solution for users to log in to a session as before (if the api server and the server hosting the front page are not the same and the domain name is different, what should I do and is there a way to do it once and for all)

  2. For example, the user has already logged in, but the user modifies post data by himself, for example, changing 10 to 100. How does the backend judge whether this data has been changed

Hope that under the guidance of, after all, no one to take self-study

If the backend is distributed (e.g. cloud server), it is recommended to use token authentication method in oauth2.0. If it is only developed, cookie can be used.
Oauth login process is as follows:

  1. New token table, field token, user _ id, login _ at, expire _ at

  2. The user logs in using the account password

  3. After successful login, a record is inserted in the data table token, all tokens before the user are deleted or set to expire, and the token is returned to the front end.

  4. When ajax is used in the front end, header is added.Authorization=token

  5. The backend reads the Authorization in the request header and compares it with the database. if it exists and has not expired, it will be regarded as a legal user, otherwise it will return an error.