Reputation: 3953
PHP: JWT based authentication
Thinking about JWT token based authentication in PHP, I realise that when used in building an API it will be impossible to load the same page in different tabs of the same browser, as each request to the server will require the token to authenticate the user which the new tab does not have.
The project I am currently working on does not require me to use cookies, authentication is supposed to be purely token based.
Am I missing something or is that the way it ought to work?
PS: I am 2 days old in JWT authentication
Upvotes: 2
Views: 1030
Answers (2)
Reputation: 698
If you are unable to share the token via some other mechanism such as local storage or a cookie which can be exchanged for a token then yes, that is correct.
Keep in mind though that localStorage has to be manually deleted so it's probably not the best mechanism for this.
Upvotes: 1
Reputation: 3164
This is supposed to be done using cookie+token. If you store your token in cookie, you can use it in other tabs according to the valid domain. It is still token based authentication, you should just pay attention to cookie security.
Upvotes: 1
Related Questions
- How to generate JWT in PHP
- How to create a valid JWT in PHP using RSA256
- Implementation JWT on Application (Understanding concept of JWT)
- JWT Authentication / Laravel
- JWT and PHP: Validating a passed token (Lcobucci\JWT)
- Call PHP API with JWT authentication
- PHP authentication with JWT
- jwt server side authentication with php
- Laravel API Authentication with JWT
- Best way to implement JWT?