What is the proper way to store state between client and server (php + node)?

A

Alexander Pankov2021-06-10 15:18:10

PHP

Alexander Pankov, 2021-06-10 15:18:10

Hello

I'm developing a store: backend on php7.4 front on node.js (nuxt)
on php wrote api, while everything related to GET requests,
the application on vue sends requests to url with backend and receives data
, everything is OK

now the task is to write POST \ PUT \ DELETE methods
for business logic are saving goods in the basket, creating an order, authorization and registration.

I want to know how to do it correctly, give links to articles or repositories, lessons?
I understand that we need a state flag (like a session or cookies), but in the case of api this is not used, so we need some kind of token that is always added to requests, but how to organize it all - there is no general picture in my head yet, I read about OAuth2. 0 and do not understand if I need it? about JWT tokens, tell me there, at least I’m looking, and please push
me Thank you in advance for any answers

, now I want to make an order basket for an unauthorized user, I can’t understand what to generate, at what moment and how to store and transfer, protect and update this same token ?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

T

ThunderCat, 2021-06-10
@PankovAlxndr

I understand that a status flag is needed

No, flags are about something else, this is about a boolean state, and you need a key / token.

but in the case of api this is not used

Fuck? Used, just called differently, well, the exchange method can be different - headers, parameters, body ...

I can't figure out what to generate

For an unauthorized person, just some random hash as a key is enough, if you do not store any important data about this user, more seriously - bearer in headers is, in principle, very normal.

V

Vladimir Korotenko, 2021-06-10
@firedragon

Put xautthirity in the headers and run requests with this short token