I want to set the expiration time of token to 24 hours, so I add a time string to token, such as 2018-09-06:
$token=md5(date("y-m-d", time()) . $model . $path . "&-sharp^@*");
but there is a problem. When I log in to the system at 11: 59 p.m. on 2018-09-06, it will be 2018-09-07 in a minute, that is, the token will fail only one minute after this login, which certainly does not meet the requirements, so is there a problem with my understanding of token? How to set the token failure time correctly?
and how does the front end get the token when the current end invokes the back-end interface? I understand that the backend generates the token and writes the token into the cookie, and then the front end directly calls the data in the cookie, but in that case, does the front end have to call the token file before calling the interface?