I said two pages, not one page, two. Say important things three times. I said that when I enter the administration page, I will verify it. I am talking about from the login page to the administration page. (note that the login page is a separate page, which is not the same page as the administration page, which is completely separate.)
We all know that the scenario of using jsonWebToken is to manually send a request to add Authorization to the header to judge. What I want to ask is,
for example, the background management page is an entire page, and the background login page is an entire page. If it is token verification, for example, if I visit content (management page: without login) how to identify, we all know that if session, when visiting this url, For example, the address of the management page is http://localhost:3000/admin/content, on the server, you can know whether you are logged in, jump directly without login, or change the static page of the url output login page
.var Koa = require("koa");
var static = require("koa-static");//
app.use(static(
path.join( __dirname, "./static")
))
if it is token, we all know that static files are handled at the back end of the server, and static files are output directly. Even if I put a middleware at the front, I cannot get the locally stored token, because the user accesses the static file directly, not the authentication after logging in.
The problem withps: is that from the login page to the management page, when the login is successful, a token is added to the information returned by the backend to store it locally, and then jump to the management page. This is OK, but what about the user directly skipping the login page to access the management page? The server has no way to know whether he is logged in or not when he visits the static page.
what should I do? Seek ideas