对于登录 GET 还是 POST?
我想知道我使用哪种 HTTP 方法来开发登录 API,GET 还是 POST?.我已经使用 post 方法在 PHP 中开发了我的登录 API,但是我的老板说,为什么你使用 POST 方法而不是 GET 方法.
I want to know which HTTP method i use for developing a login API, GET or POST ?. I have developed my login API in PHP using post method, but my BOSS say that, why you use POST method instead of GET method.
推荐答案
始终POST
,并且最好使用 SSL(如:https://...
).因为 GET
中的参数出于缓存的原因被存储在所有地方.
Always POST
, and preferably with SSL (as in: https://...
). Because the parameters in GET
get stored all over the place for caching reasons.
所以,如果你的老板需要一个理由:安全.
So, if you boss needs a reason: security.
有一个与 REST 相关的原因:GET
查询首先应该被积极缓存,因为它们不会改变数据的服务器状态.POST
请求应该永远不会被缓存,因为改变了服务器的状态并且(不像 PUT
请求),不期望调用多个 POST
请求返回相同的响应并使服务器保持相同的状态.
There is a REST-related reason: the GET
queries first of all are expected to be aggressively cached, because they do not alter the server state of data. The POST
requests instead are expected to never be cached, because the alter the state of server and (unlike PUT
request), there is no expectation for calling multiple POST
request to return the same response and leave the server in the same state.
例如:如果您发送 5 个登录请求,失败,第 6 个可以返回您的 IP 已被阻止 30 分钟" 作为响应.
For example: if you send 5 login request, that fail, the 6th one can return "your IP has been blocked for 30 min" as a response.
相关文章