September 2017
Intermediate to advanced
244 pages
6h 44m
English
A solution is that we will use a simple token, instead of a session ID. And instead of cookies, that token will be just sent to the client and the client will always take that token in every request to identify the client. Once the client is taking the token in every request, it doesn't matter if the client is a mobile application, SPA, or anything else. We will simply identify the user based on the token.
Now the question is how to create and send back a token? This can be done manually but again, why create it if this is already available in open source and tested by the community? In fact, in the later chapters, we will use such a package, and use tokens for authentication.
Read now
Unlock full access