This article explains the standard JWT claims, shows how to add custom claims with Java code, and compares single‑token and double‑token renewal approaches, including practical examples such as WeChat web authorization and Redis‑based token storage.
This article explains the technical principles behind QR code login, covering QR code basics, token‑based authentication, the step‑by‑step workflow between mobile and PC, and security considerations for implementing a reliable cross‑device sign‑in system.
This article explains why API idempotency is crucial in real‑world systems, outlines which operations need it, discusses the trade‑offs of adding idempotency, and presents four practical implementation patterns—including unique primary keys, optimistic locking, anti‑duplicate tokens, and downstream sequence numbers—complete with SpringBoot code examples.
This article explains the principles, structure, and workflow of token‑based authentication—including access and refresh tokens, JWT, CSRF attacks, same‑origin policy, cross‑origin solutions, and common encryption algorithms—highlighting their advantages, limitations, and practical usage in modern web and mobile applications.
This article explains three practical techniques—CSRF token validation, read‑only cookie verification, and duplicate‑submission prevention—illustrated with complete PHP code examples, to help developers protect their web applications from cross‑site request forgery attacks.
This article explains the concepts, formats, common problems, and testing applications of cookies, sessions, and tokens, helping readers grasp how these mechanisms work together to manage authentication and state in web applications.
This article explains the fundamentals of authentication and authorization, the role of credentials, the differences between cookies and sessions, various token types including access and refresh tokens, and the principles, usage, and security considerations of JSON Web Tokens (JWT).
This article explains the fundamentals of authentication and authorization, the role of credentials, how cookies and sessions manage state, the differences between tokens, JWT and traditional session mechanisms, and practical considerations and best practices for secure implementation in web applications.
This article explains the complete user login process, including mobile verification, token generation, token expiration policies, request‑rate limiting with Redis, anonymous request handling, blacklist management, and provides full Java Spring code examples for implementing these backend authentication mechanisms.
This article explains a comprehensive backend user login flow, covering token generation, expiration policies, request validation, logout handling, anonymous access strategies, rate‑limiting with authorized tokens, path‑regex filtering, blacklist management, and includes a Spring‑Redis implementation example.
This article explains the concepts and differences between Single Sign-On (SSO) and OAuth2.0, describing their token-based authentication flows, typical implementations such as CAS, the four OAuth2.0 grant types, and how they can be used to achieve seamless login across applications.
This article provides an in‑depth overview of authentication, authorization, and permission control concepts and compares ten common front‑end authentication techniques—including HTTP Basic Auth, Session‑Cookie, Token, JWT, SSO, OAuth 2.0, QR‑code login and one‑click login—detailing their workflows, advantages, drawbacks, and typical usage scenarios.
This article explains the concepts, relationships, and practical implementations of authentication, authorization, and access control, and compares ten common frontend authentication methods—including HTTP Basic, Session‑Cookie, Token, JWT, SSO, OAuth, and QR‑code login—detailing their workflows, advantages, disadvantages, and suitable scenarios.
This article reviews four widely used authentication mechanisms—HTTP Basic authentication, session‑cookie based authentication, token (JWT) authentication, and OAuth 2.0—explaining their workflows, security characteristics, and providing Node.js/Express code examples for each.
This guide explains the JWT format, standard and custom claims, signature algorithms, and presents practical single‑token and double‑token renewal schemes—including a WeChat OAuth example—along with a complete PHP implementation using the tinywan/jwt library.
This article introduces ten widely used frontend authentication techniques—including HTTP Basic Auth, Session‑Cookie, Token, JWT, SSO, OAuth 2.0, QR‑code login, one‑click login, and more—explaining their scenarios, advantages, and security considerations.
This article provides an in‑depth guide to authentication, authorization, and access control, covering basic HTTP authentication, session‑cookie mechanisms, token‑based approaches, JWT structure, single sign‑on (SSO), OAuth 2.0 flows, unique login enforcement, QR‑code login, and one‑click mobile login, with practical code examples and diagrams.
This article explains the concept of idempotency, why it is needed for HTTP interfaces, the impact on system design, and presents several practical backend solutions—including database unique keys, optimistic locking, anti‑repeat tokens, and downstream sequence numbers—accompanied by complete Spring Boot code examples using Redis for token management.
This article explains why HTTP is a stateless protocol, introduces authentication and authorization concepts, and compares cookies, sessions, and token-based mechanisms such as JWT, detailing their characteristics, workflows, and security considerations for modern web applications.
This guide explains what a DAO is, why it matters, and provides a step‑by‑step roadmap—including naming, mission statements, community platforms, and the essential smart‑contract and token tools—to successfully create and run a decentralized autonomous organization.
This article explains the concept of idempotency in computing and HTTP, why it is essential for APIs, the impact on system design, which RESTful methods are idempotent, and presents four practical implementation strategies—including database primary keys, optimistic locking, anti‑repeat tokens, and downstream sequence numbers—accompanied by complete Spring Boot code examples and testing procedures.
This article explains the concept of idempotency in distributed systems, why it is crucial for scenarios like payments and order submission, and presents practical solutions such as database unique keys, optimistic locking, the Post/Redirect/Get pattern, and anti‑repeat token mechanisms, complete with code examples.
This article provides an in‑depth overview of JSON Web Tokens (JWT), explaining their structure, authentication workflow, advantages such as statelessness and CSRF protection, drawbacks like revocation difficulty, and presents practical solutions including blacklist, secret rotation, short‑lived tokens and refresh‑token strategies.
This article explains how to migrate from the deprecated Spring Security OAuth to Spring Authorization Server, covering Java 8 compatibility, extended grant types, Redis token storage, token formatting enhancements, custom authorization code handling, and resource server improvements, all demonstrated on the PIG microservice platform.
This article explains how the PIG microservice platform v3.5 adds official Spring Authorization Server support, covering background, Java compatibility, Maven dependency configuration, extended grant types, Redis token storage, token formatting and enhancement, and customized resource server introspection for a seamless OAuth2 migration.
The article details the architecture, challenges, and solutions of ByteDance's wallet asset platform that unified reward issuance, display, and usage across eight applications during the 2022 Spring Festival, covering high‑traffic order processing, token‑based asynchronous settlement, budget control, stability mechanisms, and future evolution.
This article explains what JSON Web Token (JWT) is, its underlying mechanism and data structure, compares it with traditional session authentication, and demonstrates how JWT can be used for cross‑domain single sign‑on, access/refresh token handling, and secure API authentication.
This article explains what JSON Web Tokens are, how they are composed of a header, payload, and signature, demonstrates creating and encoding each part with Base64 and Node.js, and discusses the security purpose of signatures and appropriate use cases for JWTs in web applications.
This article explains the lightweight JWT specification, demonstrates how to build a token with header, payload, and signature using Base64 encoding and Node.js, and discusses its security properties, verification process, and suitable use cases for web authentication.
This article explains the lightweight JWT specification, walks through its three-part structure (header, payload, signature), shows how to encode and sign a token with Node.js, and demonstrates using a JWT‑based link to perform a friend‑request operation without requiring the recipient to log in.
This article compares cookies, server-side sessions, and JWT tokens, explaining their mechanisms, advantages, drawbacks, and best-use scenarios for web authentication, load‑balanced environments, and mobile applications, while also addressing security concerns such as CSRF and token storage.
This article explains how to secure API communication with tokens, timestamps, cryptographic signatures, duplicate‑submission prevention, and practical Spring Boot code examples, offering a comprehensive guide for protecting data exchange between services.
This article explains the fundamentals of web session management, compares server‑side, cookie‑based, and token‑based storage methods, discusses authentication versus authorization, and outlines security considerations and best‑practice recommendations for managing user sessions in modern web applications.
This article explains the concepts of token, timestamp, and sign, describes how they are used together to secure API calls, shows how to prevent duplicate submissions, and provides complete Spring Boot code examples—including Redis configuration, interceptors, utilities, and ThreadLocal handling—for building a robust backend authentication system.
This article explores the challenges of cross‑domain login state sharing, compares JWT, session‑cookie, and SSO solutions such as CAS and OAuth, details their structures, security considerations, and provides a step‑by‑step guide to building a simple SSO demo with code snippets and diagrams.
This article explains the complete user login process, token generation and validation, token expiration policies, logout handling, and two approaches for anonymous requests—authorized tokens with rate limiting and path‑based regex rules—illustrated with diagrams and Java/Redis code examples.
This article presents a comprehensive, practical design for an ultra‑large‑scale user center, covering microservice architecture, API separation, token generation with graceful degradation, data‑sharding strategies, password encryption, asynchronous processing, and detailed monitoring to ensure high availability, performance, and security.
This article presents a comprehensive set of design practices for building a highly available, high‑performance, and secure user‑center system that can handle hundreds of millions of users, covering service architecture, API design, token degradation, data sharding, security, asynchronous processing, and monitoring.
This article explains how to achieve reliable API idempotency in Spring Boot applications by using Redis for token storage, defining a custom @AutoIdempotent annotation, configuring an interceptor to enforce token checks, and providing complete Java code examples and testing steps.
This article explains the fundamentals of authentication, authorization, and credentials, compares cookies, sessions, and tokens, details token types such as access and refresh tokens, introduces JWT principles and usage, and discusses security considerations and distributed session‑sharing strategies for modern web applications.
This article explains the fundamentals of authentication, authorization, and credentials, compares cookies, sessions, and token‑based approaches, discusses token and JWT structures, outlines common authentication patterns, and provides practical guidance on their use and pitfalls in distributed systems.
QR code login lets users authenticate on a PC by scanning a code with a pre‑logged‑in mobile app, using a token‑based system that verifies identity without transmitting passwords, and involves QR generation, status polling, temporary tokens, and final confirmation to securely log in.
This article explains the stateless nature of HTTP, the session and cookie mechanisms for single‑system login, the challenges of multi‑system environments, and provides a detailed overview of Single Sign‑On (SSO) concepts, token flow, and step‑by‑step Java code examples for client and server implementations.
This article examines common security flaws in basic web login forms, demonstrates how plain‑text passwords can be intercepted, and presents practical countermeasures such as client‑side encryption, hashing, captchas, tokens, and digital signatures to protect credentials and data integrity.
This article examines common security vulnerabilities in web login processes, illustrating how plain HTTP exposes credentials, evaluating symmetric and asymmetric encryption, token-based authentication, and digital signatures, and proposes layered protection strategies such as MD5 hashing, CAPTCHA, and token mechanisms to safeguard user data.
This article explains the core concepts of authentication and authorization in Java web applications, distinguishes between credentials, cookies, sessions, access tokens, refresh tokens, and JWTs, and compares their security, storage, and usage scenarios to help developers choose the right mechanism for their projects.
This article examines common security vulnerabilities in web login processes, demonstrates how plain‑text passwords can be intercepted over HTTP/HTTPS, evaluates symmetric and asymmetric encryption, discusses the limitations of MD5, and proposes token‑based and digital‑signature solutions to protect credentials and data integrity.
This article examines common security flaws in basic HTML login forms, demonstrates how plaintext passwords can be intercepted over HTTP, evaluates symmetric and asymmetric encryption, discusses the limitations of HTTPS, and proposes practical safeguards such as MD5 hashing, token-based authentication, captchas, and digital signatures to protect user credentials.
This article explains the JSON Web Token (JWT) format, its three parts—header, payload, and signature—how to create and verify tokens with Node.js, and why JWTs are useful for stateless authentication, single‑sign‑on, and reducing server‑side session storage.
This article analyzes various token‑based authentication methods across multiple client scenarios, categorizes tokens into password, session, and API types, compares their natural and controllable attributes, outlines hierarchical relationships, and offers design guidelines to improve security, privacy, and usability in multi‑client systems.
This article explains the stateless nature of HTTP, how session and cookie mechanisms enable login state in a single web system, the challenges of multi‑system environments, and provides a step‑by‑step guide with code examples for building a Java‑based Single Sign‑On solution, including token generation, validation, and logout handling.
This article explains the stateless nature of HTTP, introduces session and cookie mechanisms for single‑system login, discusses the challenges of multi‑system applications, and provides a step‑by‑step guide with Java code to implement Single Sign‑On (SSO) including login, token verification, global and local sessions, and coordinated logout.
This article explains the principle of single sign‑on and compares three implementation techniques—parent‑domain cookies, a dedicated authentication centre, and cross‑domain LocalStorage—detailing their mechanisms, advantages, limitations, and providing sample code for the LocalStorage approach.
This article analyses various client‑side authentication scenarios, classifies token types such as password, session, and API tokens, compares their cost, risk, and controllable attributes, and proposes a layered token architecture to improve security, privacy, and usability across multiple platforms.
This article compares the mechanisms of Cookie, Session, and JWT token for user authentication, explaining their histories, workflows, scalability challenges, security trade‑offs, and best‑practice scenarios such as single sign‑on, mobile access, and CSRF protection.
This article explains the evolution from cookies to server‑side sessions and finally to JWT tokens, compares their mechanisms, discusses scalability and security challenges such as CSRF, and provides guidance on when to choose each authentication method.
This article analyzes various client scenarios in multi‑client systems, classifies authentication tokens into password, session, and interface categories, compares their natural and controllable attributes, and proposes a layered token hierarchy to improve security, privacy, and usability across web, mobile, and API platforms.
This article explains the underlying principles of QR code login, detailing how the system identifies users, proves their identity through token‑based authentication, and manages the state transitions from scanning to confirmation, while also covering the role of QR code generation and temporary tokens.
This article analyzes various authentication token types, their usage scenarios across web, mobile, and API clients, compares their natural and controllable attributes, proposes a hierarchical token model, and offers security guidelines for designing a robust multi‑client identity verification system.
The article explains the concept of idempotency, distinguishes it from duplicate submissions, outlines typical use cases such as network retries and form resubmissions, and presents various backend solutions—including unique indexes, deduplication tables, pessimistic and optimistic locks, distributed locks, and token‑based approaches—complete with SQL examples.
This article explains the underlying principles of QR code login, detailing how token‑based authentication, QR code generation, and state transitions enable secure, password‑less login across PC, web, and mobile platforms.
This article analyzes various client scenarios, classifies authentication tokens, compares their natural and controllable attributes, and proposes a hierarchical token architecture that balances security, privacy, and usability across web, mobile, and API platforms.
This guide explains what CSRF attacks are, outlines common defense strategies such as captchas, referer checks, and token validation, and provides a complete Spring Boot implementation—including custom annotations, token storage with Guava or Redis, an interceptor, configuration, and a token‑generation endpoint—complete with testing steps.
This article explains the principles behind QR codes, how they are used for secure login by transmitting identity and proof through token‑based authentication, and walks through each step of the QR‑code login flow from generation to confirmation.
This article explains the concept of idempotency, why it is essential for HTTP interfaces, the impact on system design, and presents several practical implementation strategies—including unique primary keys, optimistic locking, anti‑repeat tokens, and downstream sequence numbers—accompanied by a complete Spring Boot example with Redis integration and test code.
This article explains how to protect API data exchange by using access tokens, timestamps, MD5 signatures, Redis caching, and a custom @NotRepeatSubmit annotation to prevent replay attacks and duplicate submissions in a Spring Boot backend.
This tutorial explains the concept of idempotency, why it is needed for reliable APIs, the impact on system design, and provides four implementation strategies—including a detailed SpringBoot example that uses Redis tokens, Lua scripts, and unit tests—to ensure that repeated requests produce the same result without side effects.
This article explains the concept of idempotency, why it is needed for HTTP interfaces, its impact on system design, and presents four practical backend solutions—including database primary keys, optimistic locking, anti‑repeat tokens, and downstream sequence numbers—followed by a complete SpringBoot example with Maven dependencies, Redis configuration, token utility code, controller, application starter, and test cases.
This article explains the fundamental differences between JSON Web Tokens (JWT) and OAuth 2.0, outlines their structures, roles, and grant types, compares implementation effort and risk, and provides guidance on choosing the right approach for various API security scenarios.
This article explains three practical Single Sign‑On implementations—parent‑domain cookies, a dedicated authentication center, and cross‑domain LocalStorage—detailing their mechanisms, advantages, limitations, and code examples for secure token sharing across multiple web applications.
Idempotency ensures that repeated API calls produce the same effect as a single call, preventing duplicate submissions, token misuse, and inconsistent data; this guide explains the concept, its importance, HTTP definitions, impact on systems, and presents four practical implementation methods—unique keys, optimistic locking, token‑based guards, and sequence numbers—with full SpringBoot and Redis code examples.
This article explains how Single Sign‑On works in browser‑server applications, compares three implementation methods—parent‑domain cookies, a dedicated authentication center, and cross‑domain LocalStorage with iframe/postMessage—and provides sample code for the latter technique.
This article analyzes token-based identity authentication in multi‑client information systems, classifies various token types, compares their natural and controllable attributes, proposes a four‑layer hierarchy, and discusses practical usage scenarios and design principles to improve security and privacy.
This article explains the concept of idempotency, why it is needed for reliable API design, compares HTTP method idempotence, and presents four practical backend solutions—including unique primary keys, optimistic locking, anti‑repeat tokens, and downstream sequence numbers—accompanied by Spring Boot and Redis code examples.
This article analyzes various client scenarios in modern information systems, categorizes authentication tokens, compares their natural and controllable attributes, proposes a hierarchical token model, and outlines best‑practice principles to achieve secure, privacy‑preserving identity verification across web, mobile, and API platforms.
This article explains the concept of idempotency and presents practical techniques—such as unique indexes, token validation, pessimistic and optimistic locking, distributed locks, and API design—to guarantee that repeated requests in a high‑traffic e‑commerce system produce a single consistent outcome.
This article explores various techniques to achieve API idempotency in high‑concurrency environments, including token mechanisms, deduplication tables, Redis SETNX keys, state‑machine checks, and both optimistic and pessimistic locking, highlighting their workflows, advantages, and trade‑offs.
This article explains three practical SSO implementation methods—using a parent‑domain cookie, deploying an authentication center, and leveraging LocalStorage with iframe/postMessage—to share session IDs or tokens across multiple web applications, discussing their advantages, limitations, and code examples.
This article explains how to use JWT tokens in a Java backend to prevent duplicate form submissions, covering the problem of repeated clicks, two mitigation approaches, detailed token generation utilities, session handling methods, and practical code examples for creating, validating, and managing tokens.
This article explains the fundamental concepts of authentication and authorization, the role of credentials, how cookies and sessions manage state, the differences between tokens and JWTs, common security mechanisms, and practical considerations for implementing them in web applications.
This article explains the concept of API idempotency, presents common solutions such as unique indexes, token mechanisms, and distributed locks, and provides a complete Spring Boot implementation using Redis to generate, store, and validate tokens via custom annotations, interceptors, and service classes, including testing and performance verification.
This article traces the evolution from early stateless web browsing to modern token‑based authentication, explaining how session management challenges led to centralized stores, their drawbacks, and how signed tokens using HMAC‑SHA256 provide a scalable, secure, and truly stateless alternative.
This article explains the concept of API idempotency, reviews common solutions, and provides a complete Spring Boot implementation using a Redis‑based token mechanism, custom @ApiIdempotent annotation, interceptor, and supporting services, along with testing and important concurrency considerations.
This article explains three practical methods for achieving Single Sign‑On in web systems—using a parent‑domain cookie, deploying a dedicated authentication center, and leveraging front‑end LocalStorage with iframe postMessage—to share session or token information across multiple domains.
This article explains why session management is needed, compares cookies, sessions and JWT, describes JWT's structure and workflow, and provides a complete Node.js/Koa implementation with code examples and a discussion of its advantages and drawbacks.
This article explains the concept of API idempotency, outlines common solutions, and provides a complete Spring Boot implementation using Redis and a token mechanism, including custom annotation, interceptor, utility classes, and testing procedures to ensure safe, single‑execution requests.
This article details Red Pulse's journey of integrating the NEO blockchain, the security vulnerabilities it faced—from token theft and credential‑stuffing attacks to sophisticated social‑engineering exploits—and the comprehensive technical measures, monitoring tools, and mitigation strategies it implemented to protect its platform and users.
This article compares traditional cookie‑session authentication with JWT, explains JWT’s three‑part structure, shows how to generate and verify tokens in Java, and discusses security benefits, pitfalls, and practical considerations for modern web and mobile applications.
This article explains how to achieve API idempotency in a Spring Boot application by generating unique tokens, storing them in Redis, and using a custom @ApiIdempotent annotation with an interceptor to prevent duplicate requests, including code examples, configuration, and testing procedures.
This article explains the stateless nature of HTTP, session and cookie mechanisms, the challenges of multi‑system authentication, and then details the concept, workflow, token handling, and step‑by‑step Java code for building a basic Single Sign‑On solution with login and logout support.
This article walks through practical methods for securing internal API calls—starting with simple token checks, then enhancing security with IP whitelisting, salted signatures, and timestamped requests—while weighing trade‑offs like HTTPS overhead and time synchronization.
This guide shows how to wrap a service‑account token into a kubeconfig file, configure a cluster entry, credentials, and context on the master node, then use the generated kubeconfig to log into the Kubernetes dashboard, with an optional full‑access version.
This article explains practical methods for protecting API data exchange—including token usage, timestamp validation, signature generation, duplicate‑submission prevention, and ThreadLocal context—provides implementation details with Spring Boot, Redis, and Java code examples, and discusses related security considerations such as DoS attacks.
The article traces the history of web session handling, explains the scalability and security challenges of server‑side sessions, and introduces stateless token‑based authentication using signed HMAC‑SHA256 tokens as a modern solution for scalable, secure web applications.
This article explains practical API security techniques for protecting data exchange with third‑party systems, covering token generation and storage, timestamp validation to mitigate DoS attacks, MD5‑based request signing with nonce, preventing duplicate submissions using Redis, and illustrates the concepts with comprehensive Java code examples.
This article explains common API security mechanisms such as token, timestamp, signature, and anti‑replay techniques, demonstrates how to prevent duplicate submissions, and provides complete Java Spring Boot code examples including interceptors, Redis configuration, and utility classes for secure API design.
This article explains the end‑to‑end implementation of QR‑code login, covering how a web page requests a QR image, how the server stores a UUID in Redis, how a mobile app scans the code and validates the user, and how the browser finally receives a token to complete authentication.
This article explains the QR code login process, detailing how a web page requests a QR code, how the mobile app scans it, exchanges tokens via Redis, and ultimately authenticates the user across web and mobile platforms.
The article traces the history of web session handling from simple document browsing to the challenges of storing session IDs in clustered servers, and explains how token‑based authentication using signed tokens like HMAC‑SHA256 provides a stateless, scalable, and more secure alternative for modern web and mobile applications.
This guide explains how to use Laravel Passport to implement OAuth2 authentication for API endpoints, covering installation, database migrations, token generation, client management, scope definition, route protection, JavaScript integration, event handling, and testing with detailed code examples.
