我需要通过套接字发送JWT以保护用户之间的聊天。
这样发送的安全性如何:
从本地存储登录时:
var socket = io.connect('http://127.0.0.1:3000/', {query: "token=" + localStorage.getItem('AccessToken')});
在服务器端重新接收和解码?
我也是这样找到的:
<?php
ob_start();
session_start();
include_once 'dbconnect.php';
// if session is not set this will redirect to login page
if( !isset($_SESSION['user']) ) {
header("Location: index.php");
exit;
}
$res=mysql_query("SELECT * FROM users WHERE userId=".$_SESSION['user']);
$userRow=mysql_fetch_array($res);
//Here is where the script is
if ( isset($_POST['send']) ) {
if ( ! empty($_POST['sender'])){
$name = $_POST['sender'];
}
if ( ! empty($_POST['reciever'])){
$name = $_POST['reciever'];
}
$query = "UPDATE users SET userCoins = userCoins + 1 WHERE userName='Morgan'";
$res = mysql_query($query);
if ($res) {
$error = "Success!";
} else {
$error = "Something Went Wrong!";
}
}
?>
<!DOCTYPE html>
<html>
<?php header("Access-Control-Allow-Origin: http://www.py69.esy.es"); ?>
<head>
<title>ServiceCoin</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="assets/css/bootstrap.min.css" type="text/css" />
<link rel="stylesheet" href="scripts/home/index.css" />
</head>
<body>
<ul>
<li><a href="#" class="a">ServiceCoin.com(image)</a></li>
<li><a href="logout.php?logout" class="a">Sign Out</a></li>
<li><a href="#" class="a">Contact</a></li>
<li><a href="#" class="a">Get Service Coins</a></li>
<li><a href="#" class="a">News</a></li>
<li><a href="settings.php" class="a">Settings</a></li>
<li><a href="#" class="a">Referrals</a></li>
<li><a href="service.php" class="a">Services</a></li>
<li><a href="home.php" class="a">Home</a></li>
</ul>
<br /><br />
<center>
<h3>Welcome, <?php echo $userRow['userName']; ?>. You Currently Have <span id="services"><?php echo $userRow['userCoins']; ?></span> Service Coins</h3>
<form method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" autocomplete="off">
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"><span class="glyphicons glyphicons-lock"></span></span>
<input type="text" name="sender" class="form-control" placeholder="Enter Your Wallet Key" value="<?php echo $row['userCoins']; ?>" maxlength="15" />
<span class="text-danger"><?php echo $error; ?></span>
</div>
<div class="input-group">
<span class="input-group-addon"><span class="glyphicons glyphicons-lock"></span></span>
<input type="text" name="reciever" class="form-control" placeholder="Enter The Recievers Wallet Key" value="<?php echo $row['userCoins']; ?>" maxlength="15" />
<span class="text-danger"><?php echo $error; ?></span>
</div>
</div>
<div class="form-group">
<button type="submit" class="btn btn-block btn-primary" name="send">Sign Up</button>
</div>
</form>
</center>
</body>
</html>
<?php ob_end_flush(); ?>
并且在服务器端使用middlware,但问题是,它只会在连接和重新连接时发送令牌,但是当用户登录我的应用程序时,scoket不再连接,对此有任何帮助吗?