Correct user authorization on go/php?

4

4sadly2019-12-17 22:05:33

PHP

4sadly, 2019-12-17 22:05:33

I want to authorize on the site, what would be the best way to do it? I came up with 2 options:
1 option:
give the content to php (nginx) and update the server on go via the websocket, but then how to bind the connection to a specific user, because then everyone can simply send a request to the server and bind their connection itself even to another user
Option 2:
give content to go (your server) and the same way?
As I understand it, when authorizing, you need to take the data from the form and check the login / password in the database, create a session
, and when the user is already authorized, the server itself will bind its connection.
Am I doing everything right?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

X

xmoonlight, 2019-12-17
@4sadly

By token, after authorization:
1. Access token (for a specific session!) - issued after entering a login and password in PHP and valid authentication.
2. For any request for a socket, we check the presence of a valid token of a specific session for access.
Session ID and access token - stored in cookies and sent in http headers when making requests to the server.