Why should authentication token information be put in HTTP header? When did this kind of authentication become popular?

search "token" what you see in header" is mostly 2017-2018. Didn"t you use cookie for authentication information in the past? If because cookie is not secure, cookie can set same-site to prevent CSRF attacks and httpOnly to prevent cookie hijacking attacks. If users prohibit cookie, is it not the kind of prompt that "this website needs to open cookie"?

Apr.07,2021
Under the separation of the front and rear ends of

, the server can't get you cookie,. What's the use of putting cookie? you can only bring it to the interface


through header or url. Personally, I think it's the same to put url cookie header . At most, it just looks safer. Where to put
is mainly designed to cooperate with the authentication architecture of the background.


.

you mean JWT ? It is recommended to take a look at the design ideas of JWT to expand your knowledge.

JWT is a product born under the design advocacy of server-side no session


token put header for delivery and cookie for storage. Once the front and rear ends are separated, cookie is just a storage mechanism, while token is a verification mechanism.

MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1ea0aeb-1af8.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1ea0aeb-1af8.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?