英文:
Sessions in variable vs sessions in database in golang
问题
我目前正在使用Golang开发一个Rest-API。该API包括身份验证,所以我设法将会话ID保存在一个映射中。一切都运行得很好,但现在我在思考是否应该将会话ID保存在数据库中。我在考虑安全性、内存使用、性能和行业标准等因素。
那么,最好的方法是什么呢?非常感谢。
英文:
I am currently working on a Rest-API using Golang. That API includes authentication so I manage to save the sessions id in a map. Everything is working very well, but now am wondering if I should save the sessions id in the database. I am thinking in things like security, memory usage, performance and standars used in the industry.
So which is the best approach to make it? Thank you very much
答案1
得分: 1
如果你正在创建一个RESTful API,考虑使用身份验证的Bearer令牌。你可以考虑使用JSON Web Tokens(JWT)来实现。RESTful服务希望尽可能减少(最好是没有)服务器端状态。
由于这是一个关于Go的问题,一个很好的库可以用来处理JWT和JWE是Square的go-jose库。
英文:
If you are making a RESTful API as you are, consider using authentication bearer tokens instead. You may wish to consider using JSON Web Tokens for that. A RESTful service wants to have as little (preferably none) server side state as possible.
As this is a Go question, a good library for using JWT and JWE is go-jose from Square.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论