reactjs - How to manage authentication on a Django-React webapp?
问题描述
I'm an undergrad student and am thinking of creating a webapp of the following structure: A React frontend hosted on Firebase that converses with a Django-API backend hosted on Heroku and uses MongoDB/Firebase Storage as database (MongoDB for now).
This app requires a user to log in and then perform some actions (for example like Twitter). I'm handling login using this method. The login is working smoothly. However the problems arise when I want login state to persist across sessions.
One way I could come up with was storing the token as a cookie/in LocalStorage and sending that to the Django API every time an action is performed. But that seems to be vulnerable to XSS.
Is there a safer way to do this or should I drop the session persistence altogether?
解决方案
推荐阅读
- accordion - Bootstrap手风琴(点击按钮,手风琴的所有其他部分应关闭并隐藏在显示中)
- c# - 如何在同一个应用程序中触发天蓝色功能
- r - 将表列表更改为 R 中的 data.frame
- algorithm - 如何检查流网络是否包含唯一的最大流量?
- javascript - 什么是创建动态更新 N 个 HTML 输出的 N 个文本字段输入的非天真或优雅的方式?
- c++ - 在特定的儿童情况下未能渗透到 MIN 二元堆
- angular - @angular-redux/store:如何为 redux store 编写单元测试?
- css - React Web 导航栏树形菜单激活
- python - 如何将字符串添加到列表的每个值,然后使该字符串的值向上计数?
- vue.js - 带有 scss prependData @import 的 Vue cli 页面未导入到所有页面