As the title clarifies why is the auth key introduced in Yii2? What're it's main usages and how it is useful in authentication?
正如标题所阐明的,为什么在Yii2中引入了auth键?它的主要用途是什么?它在身份验证中有什么用处?
2 个解决方案
#1
42
The main use is to authenticate the user by cookie. When you choose to be remembered at Login, this is how you are remembered. The system has to identify and login you somehow. It can either save your username and password in a cookie (that would be unsafe) or it can remember you by other means. This is one of the means. After you login into your Yii application take a look at the _identity cookie that it creates, You will see that the auth_key is part of the cookie.
主要用途是通过cookie对用户进行身份验证。当您选择在登录时被记住,这就是您被记住的方式。系统必须以某种方式识别和登录您。它可以将您的用户名和密码保存在cookie中(这会不安全),也可以通过其他方式记住您。这是一种方法。登录到Yii应用程序后,查看它创建的_identity cookie,您将看到auth_key是该cookie的一部分。
The cookie actually remembers the $id the $authKey and the $duration, an id\auth_key combination is safer to remember then a username/password one.
cookie实际上记住了$id $authKey和$duration, id\auth_key组合比记住用户名/密码更安全。
#2
0
As explained previously, you only need to implement getAuthKey()
and validateAuthKey()
if your application uses cookie-based login feature. In this case, you may use the following code to generate an auth
key for each user and store it in the user table:
如前所述,如果应用程序使用基于cookie的登录特性,那么只需实现getAuthKey()和validateAuthKey()。在本例中,您可以使用以下代码为每个用户生成一个auth密钥,并将其存储在用户表中:
More details can be found in official documentation: https://www.yiiframework.com/doc/guide/2.0/en/security-authentication
更多细节可以在官方文档中找到:https://www.yiiframework.com/doc/guide/2.0/en/security-authentication
#1
42
The main use is to authenticate the user by cookie. When you choose to be remembered at Login, this is how you are remembered. The system has to identify and login you somehow. It can either save your username and password in a cookie (that would be unsafe) or it can remember you by other means. This is one of the means. After you login into your Yii application take a look at the _identity cookie that it creates, You will see that the auth_key is part of the cookie.
主要用途是通过cookie对用户进行身份验证。当您选择在登录时被记住,这就是您被记住的方式。系统必须以某种方式识别和登录您。它可以将您的用户名和密码保存在cookie中(这会不安全),也可以通过其他方式记住您。这是一种方法。登录到Yii应用程序后,查看它创建的_identity cookie,您将看到auth_key是该cookie的一部分。
The cookie actually remembers the $id the $authKey and the $duration, an id\auth_key combination is safer to remember then a username/password one.
cookie实际上记住了$id $authKey和$duration, id\auth_key组合比记住用户名/密码更安全。
#2
0
As explained previously, you only need to implement getAuthKey()
and validateAuthKey()
if your application uses cookie-based login feature. In this case, you may use the following code to generate an auth
key for each user and store it in the user table:
如前所述,如果应用程序使用基于cookie的登录特性,那么只需实现getAuthKey()和validateAuthKey()。在本例中,您可以使用以下代码为每个用户生成一个auth密钥,并将其存储在用户表中:
More details can be found in official documentation: https://www.yiiframework.com/doc/guide/2.0/en/security-authentication
更多细节可以在官方文档中找到:https://www.yiiframework.com/doc/guide/2.0/en/security-authentication