To achieve the so-called stateless, if you use Cookie authentication, don’t you need to re-authenticate and check the database every time you don’t need a session?
My concrete realization is
Define a key key= “random”;
A field token is placed in the user_profile table. when a user registers, a random value is assigned
When the user logs in,
String userToken= md5 (user id plus token plus key);
Addcookie (“user _ id”, user id);
Then define a login interceptor
String userId = request.getCookie(“user_id”);
String userToken= request.getCookie(“user_token”);
String token=db.getUserTokenById(userId); //here, you have to check the database every time.
String userToken2= md5 (user id plus token plus key);
Although this method is simple, it can still effectively prevent cookie forgery.
But here we have to check the database every time. Is there a better way to implement it?
Since the query is necessary for the whole transaction, it should be considered to improve the query efficiency. According to actual needs, data storage methods such as memcache and redis in the form of key-value pairs are necessary, which can not only meet the data storage requirements, but also alleviate the performance problems.