Which type of login methods should be used where multiple servers are being used for the same site and request may go to any server for the same user?
option:
- cookie-based login
- session-based login
- JWT based login
- 2FA based login
login-auth question as a frontend javascript developer,,,
201 Views Asked by Haque At
1
There are 1 best solutions below
Related Questions in JAVASCRIPT
- Pass multiple account variables to single parameter
- Cannot find InvalidCastException in C# Application
- Upgrading separate Project Collection Database to new TFS Version
- How to add asp.net mvc5 to visual studio express 2012 edition?
- How to deploy Windows app with SQL Server database?
- The merge tool is not showing when call Workspace.ResolveConflict method in TFS 2012
- Toggle groups based on a parameter
- SQL server 2008 with 2012 Data tools
- Accessing parent parameters from child package SSIS 2012
- How to add parameters in the comments of a method in Visual Studio after it has been generated?
Related Questions in AUTHENTICATION
- Pass multiple account variables to single parameter
- Cannot find InvalidCastException in C# Application
- Upgrading separate Project Collection Database to new TFS Version
- How to add asp.net mvc5 to visual studio express 2012 edition?
- How to deploy Windows app with SQL Server database?
- The merge tool is not showing when call Workspace.ResolveConflict method in TFS 2012
- Toggle groups based on a parameter
- SQL server 2008 with 2012 Data tools
- Accessing parent parameters from child package SSIS 2012
- How to add parameters in the comments of a method in Visual Studio after it has been generated?
Related Questions in SESSION-COOKIES
- Pass multiple account variables to single parameter
- Cannot find InvalidCastException in C# Application
- Upgrading separate Project Collection Database to new TFS Version
- How to add asp.net mvc5 to visual studio express 2012 edition?
- How to deploy Windows app with SQL Server database?
- The merge tool is not showing when call Workspace.ResolveConflict method in TFS 2012
- Toggle groups based on a parameter
- SQL server 2008 with 2012 Data tools
- Accessing parent parameters from child package SSIS 2012
- How to add parameters in the comments of a method in Visual Studio after it has been generated?
Related Questions in JWT
- Pass multiple account variables to single parameter
- Cannot find InvalidCastException in C# Application
- Upgrading separate Project Collection Database to new TFS Version
- How to add asp.net mvc5 to visual studio express 2012 edition?
- How to deploy Windows app with SQL Server database?
- The merge tool is not showing when call Workspace.ResolveConflict method in TFS 2012
- Toggle groups based on a parameter
- SQL server 2008 with 2012 Data tools
- Accessing parent parameters from child package SSIS 2012
- How to add parameters in the comments of a method in Visual Studio after it has been generated?
Related Questions in GOOGLE-2FA
- Pass multiple account variables to single parameter
- Cannot find InvalidCastException in C# Application
- Upgrading separate Project Collection Database to new TFS Version
- How to add asp.net mvc5 to visual studio express 2012 edition?
- How to deploy Windows app with SQL Server database?
- The merge tool is not showing when call Workspace.ResolveConflict method in TFS 2012
- Toggle groups based on a parameter
- SQL server 2008 with 2012 Data tools
- Accessing parent parameters from child package SSIS 2012
- How to add parameters in the comments of a method in Visual Studio after it has been generated?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
a) cookie based login
bad option, cookie just another type of session, so see session
b) session based login
bad option, just cookie with less life time (when the user close window session's killed, cookie not). you need a center session cache server to know if somebody's authed or not. and this cache server is in reach of all your servers, so they can judge if this session, and plus if servers in different domain, you need to set cookie for manydomians at the same time (this only work for subdomains, you cannot set cookie of another top level domain, of course there are workarounds, like an api to set cookie or javascript read cookie from this domian and use in that domain). this way (cookie/session) is easy to understand but you see the center will cause delay, and setting cookies or proxy cookies with javascript very tedious
c) JWT based login
prefered, you just need to use the same key for all the servers, got the token and know who he is
d) 2FA based login
this is for security, not for auth in apis, the password always change, and you need another device to know the current pass, you can security other methods with 2FA if you like. I think maybe you mean OAuth
e) OAuth
an better and standarized method than cookie, but often this auth server only take care of auth and don't meddle too much other things into it, for your apis take a token from user and ask the auth server who he is