Well, I want to implement a web application that uses authentication mechanisms to personalize the user interface on the website, but in the meantime I have some questions that I want to clarify. Thus, at first, users will log in with their username and password (let them now forget third-party authentication and assume that they have a corresponding registration page), and upon successful login, the server will generate a token that will be used for subsequent calls from the browser for this specific user. In the future, I try to test my understanding and ask related questions.
As far as I understand, using a token is much faster (with a lower processor intensity, if you prefer) on the server side, because now you do not need to decrypt the password that is stored on the server and compare it with that sent with the request (for example, using bcrypt ), but instead, checking is much simpler and comes down to whether the token has expired or not. As an added benefit, confidential information about the username and password is not retransmitted.
Checkpoint 1 .. We want the application to be reliable when the user voluntarily or accidentally clicks the Refresh / Reboot button so that the token can still be used after the update (and there is no need to log in again with credentials). Now itβs clear that we must either use cookies (that is, sessions), or use session storage or local storage on the client side. Is there another way? As far as I understand, the answer is no (yes, there are different options for local storage, such as web storage, web SQL database, indexed database and file access, but this is not subject). Is this right or wrong? In addition, what is the most commonly used practice for processing tokens (storage / recall) on the client side?
Checkpoint 2. . , , , , (, 7 10 ). , , , . , , , , - - (, , ). , ? - , , . ? , (. ). ( )?
(, A A1 A2 TA1, 7 , B B1 TB1, 7 . . (.. ) TA1 TA2, A A1. TB1 TA1. , A A2, (TA1), B API!)
3. , - . HTTP-, . , , , . - . , . - (.. Cpu-) . ?
4. , , , , cookie (. cookie). , ?
, , , node.js.