最初,我正在使用基本网址认证,认证用户,设计如下:
I was successfully able to authenticate a user, but the session remained logged in forever. There was no way to destroy the user s session. In fact, when I added the user_signed_in? method of devise within my create method, it would always return true even when logging out via json. So I came to conclusion that there is no way to end a session using basic http authentication. All you could really do is check if the user is already signed in and send a status code as json back to the client.
因此,我尝试了经认证的象征性路线,使你能够开出一个会议,以证明身份,然后销毁一届会议,删除该认证标语,用户必须再次签字,以便查阅需要认证的网页。
下降的原因在于,你必须用这一非常漫长的姿态进入每个需要认证的网页,这似乎不可取。 我祝愿在座的这两个世界都取得最佳成就,你们可以在网上浏览器上与你站在一起。
Im not sure if everything I am saying is accurate, but it seems in line with this post:
他说,在该职位上,认证“比http:// basic accreditation更安全,因为钥匙可以过期”。 我假定他指的是,一旦你在使用基本认证时被捆绑,你就会被永远搁置起来,而对被证明的人的认证可以到期,迫使用户再次签字。 这种准确的解释吗?
感谢反应