diff --git "a/2023/05/22/Git/\345\244\232\344\273\223\345\272\223\345\220\210\345\271\266/index.html" "b/2023/05/22/Git/\345\244\232\344\273\223\345\272\223\345\220\210\345\271\266/index.html"
index f572433..e4b35e6 100644
--- "a/2023/05/22/Git/\345\244\232\344\273\223\345\272\223\345\220\210\345\271\266/index.html"
+++ "b/2023/05/22/Git/\345\244\232\344\273\223\345\272\223\345\220\210\345\271\266/index.html"
@@ -24,7 +24,7 @@
 <meta property="og:description" content="git 多仓库合并起因一般来说，git 仓库是不用轻易改动的，但是公司的其中一个管理后台项目拆成了十个 git 仓库，最惊人的是跑项目又要新建一个 project 目录，把这十个仓库克隆到 project 里面，根目录是projec, 底下有 A，B，C…等加起来十个目录，需要放在一起才能跑，最要命的是，readme还没说明怎么跑，仓库是分开的，你还不知道有几个要clone，导致跑项目都要摸索半天">
 <meta property="og:locale" content="zh_CN">
 <meta property="article:published_time" content="2023-05-22T23:51:39.000Z">
-<meta property="article:modified_time" content="2023-05-27T05:05:25.516Z">
+<meta property="article:modified_time" content="2023-10-22T05:23:53.020Z">
 <meta property="article:tag" content="前端 JavaScript html css webpack git">
 <meta name="twitter:card" content="summary_large_image">
   
diff --git "a/2023/05/22/\350\256\276\350\256\241\346\250\241\345\274\217/1-\345\215\225\344\276\213\346\250\241\345\274\217/index.html" "b/2023/05/22/\350\256\276\350\256\241\346\250\241\345\274\217/1-\345\215\225\344\276\213\346\250\241\345\274\217/index.html"
index 603761b..6563de5 100644
--- "a/2023/05/22/\350\256\276\350\256\241\346\250\241\345\274\217/1-\345\215\225\344\276\213\346\250\241\345\274\217/index.html"
+++ "b/2023/05/22/\350\256\276\350\256\241\346\250\241\345\274\217/1-\345\215\225\344\276\213\346\250\241\345\274\217/index.html"
@@ -24,7 +24,7 @@
 <meta property="og:description" content="一、单例模式单例模式指的是无论调用多少次生成函数，都只会返回相同的实例。在这之前，你需要对闭包有些许了解. 假设我们需要创建一个可复用的弹窗，一旦有了这个弹窗，就不再重复创建 div，大概逻辑如下： 12345678let temp &#x3D; null; &#x2F;&#x2F; 单例模式的关键变量function Modal() &amp;#123;  &#x2F;&#x2F; 如果有缓存 直接返回缓存内容  if (temp) &amp;#123;">
 <meta property="og:locale" content="zh_CN">
 <meta property="article:published_time" content="2023-05-22T23:51:39.000Z">
-<meta property="article:modified_time" content="2023-05-27T05:05:25.516Z">
+<meta property="article:modified_time" content="2023-10-22T05:23:53.020Z">
 <meta property="article:tag" content="前端 JavaScript html css webpack git">
 <meta name="twitter:card" content="summary_large_image">
   
diff --git "a/2023/05/22/\350\256\276\350\256\241\346\250\241\345\274\217/2-\347\255\226\347\225\245\346\250\241\345\274\217/index.html" "b/2023/05/22/\350\256\276\350\256\241\346\250\241\345\274\217/2-\347\255\226\347\225\245\346\250\241\345\274\217/index.html"
index 03ea206..23a9f5f 100644
--- "a/2023/05/22/\350\256\276\350\256\241\346\250\241\345\274\217/2-\347\255\226\347\225\245\346\250\241\345\274\217/index.html"
+++ "b/2023/05/22/\350\256\276\350\256\241\346\250\241\345\274\217/2-\347\255\226\347\225\245\346\250\241\345\274\217/index.html"
@@ -24,7 +24,7 @@
 <meta property="og:description" content="二、策略模式笔者使用过的设计模式中，策略模式是常用的模式并且非常的实用。举一个小例子你可能会恍然大悟，原来你一直在用，只不过不知道它叫策略模式，策略模式用在那些代码结构相似但是内部逻辑不相同的场景。   现在有一个需求，要你在页面上展示今天是星期几，你会怎么做？可以试着给自己一分钟思考；时间到，第一点，我们要知道 JavaScript 的日期实例 new Date().getDay() 能够返回今">
 <meta property="og:locale" content="zh_CN">
 <meta property="article:published_time" content="2023-05-22T23:51:39.000Z">
-<meta property="article:modified_time" content="2023-05-27T05:05:25.516Z">
+<meta property="article:modified_time" content="2023-10-22T05:23:53.020Z">
 <meta property="article:tag" content="前端 JavaScript html css webpack git">
 <meta name="twitter:card" content="summary_large_image">
   
diff --git "a/2023/05/22/\350\256\276\350\256\241\346\250\241\345\274\217/3-\345\215\225\344\276\213\346\250\241\345\274\217/index.html" "b/2023/05/22/\350\256\276\350\256\241\346\250\241\345\274\217/3-\345\215\225\344\276\213\346\250\241\345\274\217/index.html"
index 0885ab7..49a1cd3 100644
--- "a/2023/05/22/\350\256\276\350\256\241\346\250\241\345\274\217/3-\345\215\225\344\276\213\346\250\241\345\274\217/index.html"
+++ "b/2023/05/22/\350\256\276\350\256\241\346\250\241\345\274\217/3-\345\215\225\344\276\213\346\250\241\345\274\217/index.html"
@@ -24,7 +24,7 @@
 <meta property="og:description" content="代理模式我们来回顾上一章策略模式留下的问题：  假设公司的绩效等级分为 A，B，C，D，E 年终奖对应的绩点为 2，1.8，1.5，1.1，0.8。假设年终基数为 base，年终奖为：年终基数 * 绩点。已知绩效等级，求员工的年终奖。  12345678910111213&#x2F;&#x2F; 绩效等级和绩点的映射关系const levelToCredit &#x3D; &amp;#123;    A: 2,    B: 1.8">
 <meta property="og:locale" content="zh_CN">
 <meta property="article:published_time" content="2023-05-22T23:51:39.000Z">
-<meta property="article:modified_time" content="2023-05-27T05:05:25.516Z">
+<meta property="article:modified_time" content="2023-10-22T05:23:53.020Z">
 <meta property="article:tag" content="前端 JavaScript html css webpack git">
 <meta name="twitter:card" content="summary_large_image">
   
diff --git "a/2023/05/22/\350\256\276\350\256\241\346\250\241\345\274\217/4-\345\217\221\345\270\203\350\256\242\351\230\205\346\250\241\345\274\217/index.html" "b/2023/05/22/\350\256\276\350\256\241\346\250\241\345\274\217/4-\345\217\221\345\270\203\350\256\242\351\230\205\346\250\241\345\274\217/index.html"
index fc5452d..08d5581 100644
--- "a/2023/05/22/\350\256\276\350\256\241\346\250\241\345\274\217/4-\345\217\221\345\270\203\350\256\242\351\230\205\346\250\241\345\274\217/index.html"
+++ "b/2023/05/22/\350\256\276\350\256\241\346\250\241\345\274\217/4-\345\217\221\345\270\203\350\256\242\351\230\205\346\250\241\345\274\217/index.html"
@@ -24,7 +24,7 @@
 <meta property="og:description" content="很多文章都把 发布订阅模式 和 观察者模式区别开来，从根本来说是同一种设计模式。抛开代码，假设我们订阅某个频道的咨询，一旦有新资讯发布，就能立即收到通知。我们只需要订阅某个事件即可。 我们经常使用的 DOM 事件，使用的就是发布订阅模式，我们逐步解析：  摘录来自: 曾探. “JavaScript设计模式与开发实践 (图灵原创)。  12345document.body.addEventListe">
 <meta property="og:locale" content="zh_CN">
 <meta property="article:published_time" content="2023-05-22T23:51:39.000Z">
-<meta property="article:modified_time" content="2023-05-27T05:05:25.516Z">
+<meta property="article:modified_time" content="2023-10-22T05:23:53.020Z">
 <meta property="article:tag" content="前端 JavaScript html css webpack git">
 <meta name="twitter:card" content="summary_large_image">
   
diff --git "a/2023/05/27/\350\256\276\350\256\241\346\250\241\345\274\217/\345\211\215\350\250\200/index.html" "b/2023/05/27/\350\256\276\350\256\241\346\250\241\345\274\217/\345\211\215\350\250\200/index.html"
index bdca31f..0f3c2e0 100644
--- "a/2023/05/27/\350\256\276\350\256\241\346\250\241\345\274\217/\345\211\215\350\250\200/index.html"
+++ "b/2023/05/27/\350\256\276\350\256\241\346\250\241\345\274\217/\345\211\215\350\250\200/index.html"
@@ -26,7 +26,7 @@
 <meta property="og:image" content="https://lxfljw.github.io/2023/05/27/%E8%AE%BE%E8%AE%A1%E6%A8%A1%E5%BC%8F/%E5%89%8D%E8%A8%80/%E4%B8%8D%E6%95%B4%E9%BD%90.jpeg">
 <meta property="og:image" content="https://lxfljw.github.io/2023/05/27/%E8%AE%BE%E8%AE%A1%E6%A8%A1%E5%BC%8F/%E5%89%8D%E8%A8%80/%E6%95%B4%E9%BD%90.jpeg">
 <meta property="article:published_time" content="2023-05-27T12:14:27.000Z">
-<meta property="article:modified_time" content="2023-05-27T05:05:25.516Z">
+<meta property="article:modified_time" content="2023-10-22T05:23:53.020Z">
 <meta property="article:tag" content="前端 JavaScript html css webpack git">
 <meta name="twitter:card" content="summary_large_image">
 <meta name="twitter:image" content="https://lxfljw.github.io/2023/05/27/%E8%AE%BE%E8%AE%A1%E6%A8%A1%E5%BC%8F/%E5%89%8D%E8%A8%80/%E4%B8%8D%E6%95%B4%E9%BD%90.jpeg">
@@ -361,6 +361,12 @@ <h1 id="为什么需要设计模式"><a href="#为什么需要设计模式" clas
                   <article class="post-prev col-6">
                     
                     
+                      <a href="/2023/10/22/%E9%89%B4%E6%9D%83/1-Session%EF%BC%8CToken%EF%BC%8CJWT%20%E5%8C%BA%E5%88%AB/" title="1.1-Session，Token，JWT 原理解析">
+                        <i class="iconfont icon-arrowleft"></i>
+                        <span class="hidden-mobile">1.1-Session，Token，JWT 原理解析</span>
+                        <span class="visible-mobile">上一篇</span>
+                      </a>
+                    
                   </article>
                   <article class="post-next col-6">
                     
diff --git "a/2023/10/22/\351\211\264\346\235\203/1-Session\357\274\214Token\357\274\214JWT \345\214\272\345\210\253/index.html" "b/2023/10/22/\351\211\264\346\235\203/1-Session\357\274\214Token\357\274\214JWT \345\214\272\345\210\253/index.html"
new file mode 100644
index 0000000..6ecd3e8
--- /dev/null
+++ "b/2023/10/22/\351\211\264\346\235\203/1-Session\357\274\214Token\357\274\214JWT \345\214\272\345\210\253/index.html"	
@@ -0,0 +1,671 @@
+
+
+<!DOCTYPE html>
+<html lang="zh-CN" data-default-color-scheme=auto>
+
+
+
+<head>
+  <meta charset="UTF-8">
+  <link rel="apple-touch-icon" sizes="76x76" href="/img/fluid.png">
+  <link rel="icon" href="/img/fluid.png">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=5.0, shrink-to-fit=no">
+  <meta http-equiv="x-ua-compatible" content="ie=edge">
+  
+  <meta name="theme-color" content="#2f4154">
+  <meta name="author" content="">
+  <meta name="keywords" content="前端 JavaScript html css webpack git">
+  
+    <meta name="description" content="一、SessionSession 是服务器端使用的一种记录客户端状态的机制，客户端通过 SessionID 来访问服务器端的资源，SessionID 一般是存在 Cookie 中的，也可以通过 URL 传递，但是不推荐这样做。Session 模式一般如下步骤：  用户未登录，输入账号密码，提交到服务器端。 服务器端验证账号密码，如果正确，生成 SessionID，将用户信息以及 SessionID">
+<meta property="og:type" content="article">
+<meta property="og:title" content="1.1-Session，Token，JWT 原理解析">
+<meta property="og:url" content="https://lxfljw.github.io/2023/10/22/%E9%89%B4%E6%9D%83/1-Session%EF%BC%8CToken%EF%BC%8CJWT%20%E5%8C%BA%E5%88%AB/index.html">
+<meta property="og:site_name" content="码上秃的个人网站">
+<meta property="og:description" content="一、SessionSession 是服务器端使用的一种记录客户端状态的机制，客户端通过 SessionID 来访问服务器端的资源，SessionID 一般是存在 Cookie 中的，也可以通过 URL 传递，但是不推荐这样做。Session 模式一般如下步骤：  用户未登录，输入账号密码，提交到服务器端。 服务器端验证账号密码，如果正确，生成 SessionID，将用户信息以及 SessionID">
+<meta property="og:locale" content="zh_CN">
+<meta property="article:published_time" content="2023-10-22T23:51:39.000Z">
+<meta property="article:modified_time" content="2023-10-22T05:23:53.020Z">
+<meta property="article:tag" content="前端 JavaScript html css webpack git">
+<meta name="twitter:card" content="summary_large_image">
+  
+  
+  
+  <title>1.1-Session，Token，JWT 原理解析 - 码上秃的个人网站</title>
+
+  <link  rel="stylesheet" href="https://lib.baomitu.com/twitter-bootstrap/4.6.1/css/bootstrap.min.css" />
+
+
+
+  <link  rel="stylesheet" href="https://lib.baomitu.com/github-markdown-css/4.0.0/github-markdown.min.css" />
+
+  <link  rel="stylesheet" href="https://lib.baomitu.com/hint.css/2.7.0/hint.min.css" />
+
+  <link  rel="stylesheet" href="https://lib.baomitu.com/fancybox/3.5.7/jquery.fancybox.min.css" />
+
+
+
+<!-- 主题依赖的图标库，不要自行修改 -->
+<!-- Do not modify the link that theme dependent icons -->
+
+<link rel="stylesheet" href="//at.alicdn.com/t/font_1749284_hj8rtnfg7um.css">
+
+
+
+<link rel="stylesheet" href="//at.alicdn.com/t/font_1736178_lbnruvf0jn.css">
+
+
+<link  rel="stylesheet" href="/css/main.css" />
+
+
+  <link id="highlight-css" rel="stylesheet" href="/css/highlight.css" />
+  
+    <link id="highlight-css-dark" rel="stylesheet" href="/css/highlight-dark.css" />
+  
+
+
+
+
+  <script id="fluid-configs">
+    var Fluid = window.Fluid || {};
+    Fluid.ctx = Object.assign({}, Fluid.ctx)
+    var CONFIG = {"hostname":"lxfljw.github.io","root":"/","version":"1.9.4","typing":{"enable":true,"typeSpeed":70,"cursorChar":"_","loop":false,"scope":[]},"anchorjs":{"enable":true,"element":"h1,h2,h3,h4,h5,h6","placement":"left","visible":"hover","icon":""},"progressbar":{"enable":true,"height_px":3,"color":"#29d","options":{"showSpinner":false,"trickleSpeed":100}},"code_language":{"enable":true,"default":"TEXT"},"copy_btn":true,"image_caption":{"enable":true},"image_zoom":{"enable":true,"img_url_replace":["",""]},"toc":{"enable":true,"placement":"right","headingSelector":"h1,h2,h3,h4,h5,h6","collapseDepth":0},"lazyload":{"enable":true,"loading_img":"/img/loading.gif","onlypost":false,"offset_factor":2},"web_analytics":{"enable":false,"follow_dnt":true,"baidu":null,"google":null,"gtag":null,"tencent":{"sid":null,"cid":null},"woyaola":null,"cnzz":null,"leancloud":{"app_id":null,"app_key":null,"server_url":null,"path":"window.location.pathname","ignore_local":false}},"search_path":"/local-search.xml"};
+
+    if (CONFIG.web_analytics.follow_dnt) {
+      var dntVal = navigator.doNotTrack || window.doNotTrack || navigator.msDoNotTrack;
+      Fluid.ctx.dnt = dntVal && (dntVal.startsWith('1') || dntVal.startsWith('yes') || dntVal.startsWith('on'));
+    }
+  </script>
+  <script  src="/js/utils.js" ></script>
+  <script  src="/js/color-schema.js" ></script>
+  
+
+
+  
+<meta name="generator" content="Hexo 6.3.0"></head>
+
+
+<body>
+  
+
+  <header>
+    
+
+<div class="header-inner" style="height: 70vh;">
+  <nav id="navbar" class="navbar fixed-top  navbar-expand-lg navbar-dark scrolling-navbar">
+  <div class="container">
+    <a class="navbar-brand" href="/">
+      <strong>码上秃</strong>
+    </a>
+
+    <button id="navbar-toggler-btn" class="navbar-toggler" type="button" data-toggle="collapse"
+            data-target="#navbarSupportedContent"
+            aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
+      <div class="animated-icon"><span></span><span></span><span></span></div>
+    </button>
+
+    <!-- Collapsible content -->
+    <div class="collapse navbar-collapse" id="navbarSupportedContent">
+      <ul class="navbar-nav ml-auto text-center">
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/">
+                <i class="iconfont icon-home-fill"></i>
+                <span>首页</span>
+              </a>
+            </li>
+          
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/archives/">
+                <i class="iconfont icon-archive-fill"></i>
+                <span>归档</span>
+              </a>
+            </li>
+          
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/categories/">
+                <i class="iconfont icon-category-fill"></i>
+                <span>分类</span>
+              </a>
+            </li>
+          
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/tags/">
+                <i class="iconfont icon-tags-fill"></i>
+                <span>标签</span>
+              </a>
+            </li>
+          
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/about/">
+                <i class="iconfont icon-user-fill"></i>
+                <span>关于</span>
+              </a>
+            </li>
+          
+        
+        
+          <li class="nav-item" id="search-btn">
+            <a class="nav-link" target="_self" href="javascript:;" data-toggle="modal" data-target="#modalSearch" aria-label="Search">
+              <i class="iconfont icon-search"></i>
+            </a>
+          </li>
+          
+        
+        
+          <li class="nav-item" id="color-toggle-btn">
+            <a class="nav-link" target="_self" href="javascript:;" aria-label="Color Toggle">
+              <i class="iconfont icon-dark" id="color-toggle-icon"></i>
+            </a>
+          </li>
+        
+      </ul>
+    </div>
+  </div>
+</nav>
+
+  
+
+<div id="banner" class="banner" parallax=true
+     style="background: url('/img/default.png') no-repeat center center; background-size: cover;">
+  <div class="full-bg-img">
+    <div class="mask flex-center" style="background-color: rgba(0, 0, 0, 0.3)">
+      <div class="banner-text text-center fade-in-up">
+        <div class="h2">
+          
+            <span id="subtitle" data-typed-text="1.1-Session，Token，JWT 原理解析"></span>
+          
+        </div>
+
+        
+          
+  <div class="mt-3">
+    
+    
+      <span class="post-meta">
+        <i class="iconfont icon-date-fill" aria-hidden="true"></i>
+        <time datetime="2023-10-22 23:51" pubdate>
+          2023年10月22日 晚上
+        </time>
+      </span>
+    
+  </div>
+
+  <div class="mt-1">
+    
+      <span class="post-meta mr-2">
+        <i class="iconfont icon-chart"></i>
+        
+          1.8k 字
+        
+      </span>
+    
+
+    
+      <span class="post-meta mr-2">
+        <i class="iconfont icon-clock-fill"></i>
+        
+        
+        
+          16 分钟
+        
+      </span>
+    
+
+    
+    
+  </div>
+
+
+        
+      </div>
+
+      
+    </div>
+  </div>
+</div>
+
+</div>
+
+  </header>
+
+  <main>
+    
+      
+
+<div class="container-fluid nopadding-x">
+  <div class="row nomargin-x">
+    <div class="side-col d-none d-lg-block col-lg-2">
+      
+
+    </div>
+
+    <div class="col-lg-8 nopadding-x-md">
+      <div class="container nopadding-x-md" id="board-ctn">
+        <div id="board">
+          <article class="post-content mx-auto">
+            <!-- SEO header -->
+            <h1 style="display: none">1.1-Session，Token，JWT 原理解析</h1>
+            
+            
+              <div class="markdown-body">
+                
+                <h1 id="一、Session"><a href="#一、Session" class="headerlink" title="一、Session"></a>一、Session</h1><p>Session 是服务器端使用的一种记录客户端状态的机制，客户端通过 SessionID 来访问服务器端的资源，SessionID 一般是存在 Cookie 中的，也可以通过 URL 传递，但是不推荐这样做。<br>Session 模式一般如下步骤：</p>
+<ol>
+<li>用户未登录，输入账号密码，提交到服务器端。</li>
+<li>服务器端验证账号密码，如果正确，生成 SessionID，将用户信息以及 SessionID 保存到服务器端，通过 Set-Cookie 请求头设置 cookie 到客户端。</li>
+<li>客户端收到响应后，保存 cookie，下次请求时，自动带上 cookie。</li>
+</ol>
+<p><strong>缺点</strong></p>
+<ol>
+<li>在遭受 DDOS 攻击时，服务器端需要保存大量的 Session 信息，会消耗大量的内存。</li>
+<li>Session 信息保存在服务器端，如果服务器宕机，会丢失所有的 Session 信息，用户需要重新登录。</li>
+<li>Session 信息保存在内存中，如果有多台服务器，用户的 Session 信息无法同步。</li>
+<li>XSS 攻击，如果用户的浏览器存在 XSS 漏洞，攻击者可以拿到用户的 Session 信息，然后伪造用户的 cookie，从而可以伪造用户的身份。</li>
+<li>CSRF 攻击，攻击者可以伪造用户的请求，从而可以拿到用户的 Session 信息，然后伪造用户的 cookie，从而可以伪造用户的身份。</li>
+</ol>
+<h1 id="二、Token"><a href="#二、Token" class="headerlink" title="二、Token"></a>二、Token</h1><p>Token 是一种客户端认证方式，客户端通过用户名密码请求服务器，服务器验证通过后，返回 Token，客户端收到 Token 后，保存到客户端，下次请求时，自动带上 Token，服务器端通过校验 Token 来验证用户身份。</p>
+<p>Token 模式一般如下步骤：</p>
+<ol>
+<li>用户未登录，输入账号密码，提交到服务器端。</li>
+<li>服务器端验证账号密码，如果正确，生成 Token，将 Token 保存到服务器端，通过 Set-Cookie 请求头设置 cookie 到客户端或者响应体返回，用户自行设置到 localStorage。</li>
+<li>客户端收到响应后，保存 cookie 或者 localStorage，下次请求时，自动带上 cookie 或者 localStorage。</li>
+<li>客户端每次请求时，通过 Authorization 请求头或者 URL 传递 Token。</li>
+<li>服务器端通过 Authorization 请求头或者 URL 传递 Token，验证 Token，如果验证通过，返回数据，如果验证失败，返回 401 状态码。</li>
+</ol>
+<p><strong>缺点</strong></p>
+<ol>
+<li>Token 需要存储到服务端，如果有多台服务器，需要同步 Token。</li>
+<li>Token 一般是不会过期的，如果 Token 被盗取，攻击者可以一直使用 Token，除非用户修改密码或者主动注销 Token。</li>
+</ol>
+<h1 id="三、JWT"><a href="#三、JWT" class="headerlink" title="三、JWT"></a>三、JWT</h1><p>JWT 是一种 Token 的实现方式，JWT 的全称是 JSON Web Token，是一种轻量级的身份认证和信息交互方式，可以在用户和服务器之间传递安全可靠的信息。<br>JWT 分为三部分，分别是 Header，Payload 和 Signature，三部分之间用 . 分割，如下所示：</p>
+<figure class="highlight apache"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><code class="hljs apache"><span class="hljs-attribute">Header</span>.Payload.Signature<br></code></pre></td></tr></table></figure>
+<p>Header 存储加密的算法，Payload 存储用户信息，Signature 是对 Header 和 Payload 的签名，用于验证数据的完整性，Payload 一般存储 userId，用于校验用户身份，Signature 是防篡改的，如果数据被篡改，Signature 会验证失败。比如用户 id 被攻击者获取，攻击者如果伪造 Signature，服务器端会验证失败，从而防止攻击者伪造用户身份。这样原来，后端无需存储 JWT，只需使用密码学原理，对签名进行校验即可安全的验证用户身份，未来服务器扩容，只要保证密钥一致即可，无需同步用户登录状态。</p>
+<p>JWT 步骤如下：</p>
+<ol>
+<li>用户未登录，输入账号密码，提交到服务器端。</li>
+<li>服务端校验账号密码，如果正确，则返回 JWT Token，客户端收到响应后，保存到 localStorage。</li>
+<li>客户端每次请求时，通过 Authorization 请求头或者 URL 传递 Token。</li>
+<li>服务器端通过 Authorization 请求头或者 URL 传递 Token，验证 Token，如果验证通过，返回数据，如果验证失败，返回 401 状态码。</li>
+<li>客户端每次请求时，需要带上 Token，服务器端通过校验 Token 来验证用户身份。</li>
+</ol>
+<p><strong>缺点</strong></p>
+<ol>
+<li>JWT 一般是不会过期的，如果 Token 被盗取，攻击者可以一直使用 Token，除非用户修改密码或者主动注销 Token。</li>
+<li>JWT 一般存储在 localStorage 中，如果用户的浏览器存在 XSS 漏洞，攻击者可以拿到用户的 JWT，然后伪造用户的身份。</li>
+</ol>
+
+                
+              </div>
+            
+            <hr/>
+            <div>
+              <div class="post-metas my-3">
+  
+    <div class="post-meta mr-3 d-flex align-items-center">
+      <i class="iconfont icon-category"></i>
+      
+
+<span class="category-chains">
+  
+  
+    
+      <span class="category-chain">
+        
+  <a href="/categories/%E9%89%B4%E6%9D%83/" class="category-chain-item">鉴权</a>
+  
+  
+
+      </span>
+    
+  
+</span>
+
+    </div>
+  
+  
+</div>
+
+
+              
+  
+
+  <div class="license-box my-3">
+    <div class="license-title">
+      <div>1.1-Session，Token，JWT 原理解析</div>
+      <div>https://lxfljw.github.io/2023/10/22/鉴权/1-Session，Token，JWT 区别/</div>
+    </div>
+    <div class="license-meta">
+      
+      
+        <div class="license-meta-item license-meta-date">
+          <div>发布于</div>
+          <div>2023年10月22日</div>
+        </div>
+      
+      
+      
+        <div class="license-meta-item">
+          <div>许可协议</div>
+          <div>
+            
+              
+              
+                <a target="_blank" href="https://creativecommons.org/licenses/by/4.0/">
+                  <span class="hint--top hint--rounded" aria-label="BY - 署名">
+                    <i class="iconfont icon-by"></i>
+                  </span>
+                </a>
+              
+            
+          </div>
+        </div>
+      
+    </div>
+    <div class="license-icon iconfont"></div>
+  </div>
+
+
+
+              
+                <div class="post-prevnext my-3">
+                  <article class="post-prev col-6">
+                    
+                    
+                  </article>
+                  <article class="post-next col-6">
+                    
+                    
+                      <a href="/2023/05/27/%E8%AE%BE%E8%AE%A1%E6%A8%A1%E5%BC%8F/%E5%89%8D%E8%A8%80/" title="设计模式-前言.md">
+                        <span class="hidden-mobile">设计模式-前言.md</span>
+                        <span class="visible-mobile">下一篇</span>
+                        <i class="iconfont icon-arrowright"></i>
+                      </a>
+                    
+                  </article>
+                </div>
+              
+            </div>
+
+            
+          </article>
+        </div>
+      </div>
+    </div>
+
+    <div class="side-col d-none d-lg-block col-lg-2">
+      
+  <aside class="sidebar" style="margin-left: -1rem">
+    <div id="toc">
+  <p class="toc-header">
+    <i class="iconfont icon-list"></i>
+    <span>目录</span>
+  </p>
+  <div class="toc-body" id="toc-body"></div>
+</div>
+
+
+
+  </aside>
+
+
+    </div>
+  </div>
+</div>
+
+
+
+
+
+  
+
+
+
+  
+
+
+
+  
+
+
+
+  
+
+
+
+  
+
+
+
+
+
+
+
+    
+
+    
+      <a id="scroll-top-button" aria-label="TOP" href="#" role="button">
+        <i class="iconfont icon-arrowup" aria-hidden="true"></i>
+      </a>
+    
+
+    
+      <div class="modal fade" id="modalSearch" tabindex="-1" role="dialog" aria-labelledby="ModalLabel"
+     aria-hidden="true">
+  <div class="modal-dialog modal-dialog-scrollable modal-lg" role="document">
+    <div class="modal-content">
+      <div class="modal-header text-center">
+        <h4 class="modal-title w-100 font-weight-bold">搜索</h4>
+        <button type="button" id="local-search-close" class="close" data-dismiss="modal" aria-label="Close">
+          <span aria-hidden="true">&times;</span>
+        </button>
+      </div>
+      <div class="modal-body mx-3">
+        <div class="md-form mb-5">
+          <input type="text" id="local-search-input" class="form-control validate">
+          <label data-error="x" data-success="v" for="local-search-input">关键词</label>
+        </div>
+        <div class="list-group" id="local-search-result"></div>
+      </div>
+    </div>
+  </div>
+</div>
+
+    
+
+    
+  </main>
+
+  <footer>
+    <div class="footer-inner">
+  
+    <div class="footer-content">
+       <a href="https://hexo.io" target="_blank" rel="nofollow noopener"><span>Hexo</span></a> <i class="iconfont icon-love"></i> <a href="https://github.com/fluid-dev/hexo-theme-fluid" target="_blank" rel="nofollow noopener"><span>Fluid</span></a> 
+    </div>
+  
+  
+  
+  
+</div>
+
+  </footer>
+
+  <!-- Scripts -->
+  
+  <script  src="https://lib.baomitu.com/nprogress/0.2.0/nprogress.min.js" ></script>
+  <link  rel="stylesheet" href="https://lib.baomitu.com/nprogress/0.2.0/nprogress.min.css" />
+
+  <script>
+    NProgress.configure({"showSpinner":false,"trickleSpeed":100})
+    NProgress.start()
+    window.addEventListener('load', function() {
+      NProgress.done();
+    })
+  </script>
+
+
+<script  src="https://lib.baomitu.com/jquery/3.6.0/jquery.min.js" ></script>
+<script  src="https://lib.baomitu.com/twitter-bootstrap/4.6.1/js/bootstrap.min.js" ></script>
+<script  src="/js/events.js" ></script>
+<script  src="/js/plugins.js" ></script>
+
+
+  <script  src="https://lib.baomitu.com/typed.js/2.0.12/typed.min.js" ></script>
+  <script>
+    (function (window, document) {
+      var typing = Fluid.plugins.typing;
+      var subtitle = document.getElementById('subtitle');
+      if (!subtitle || !typing) {
+        return;
+      }
+      var text = subtitle.getAttribute('data-typed-text');
+      
+        typing(text);
+      
+    })(window, document);
+  </script>
+
+
+
+
+  
+    <script  src="/js/img-lazyload.js" ></script>
+  
+
+
+
+
+  
+<script>
+  Fluid.utils.createScript('https://lib.baomitu.com/tocbot/4.18.2/tocbot.min.js', function() {
+    var toc = jQuery('#toc');
+    if (toc.length === 0 || !window.tocbot) { return; }
+    var boardCtn = jQuery('#board-ctn');
+    var boardTop = boardCtn.offset().top;
+
+    window.tocbot.init(Object.assign({
+      tocSelector     : '#toc-body',
+      contentSelector : '.markdown-body',
+      linkClass       : 'tocbot-link',
+      activeLinkClass : 'tocbot-active-link',
+      listClass       : 'tocbot-list',
+      isCollapsedClass: 'tocbot-is-collapsed',
+      collapsibleClass: 'tocbot-is-collapsible',
+      scrollSmooth    : true,
+      includeTitleTags: true,
+      headingsOffset  : -boardTop,
+    }, CONFIG.toc));
+    if (toc.find('.toc-list-item').length > 0) {
+      toc.css('visibility', 'visible');
+    }
+
+    Fluid.events.registerRefreshCallback(function() {
+      if ('tocbot' in window) {
+        tocbot.refresh();
+        var toc = jQuery('#toc');
+        if (toc.length === 0 || !tocbot) {
+          return;
+        }
+        if (toc.find('.toc-list-item').length > 0) {
+          toc.css('visibility', 'visible');
+        }
+      }
+    });
+  });
+</script>
+
+
+  <script src=https://lib.baomitu.com/clipboard.js/2.0.11/clipboard.min.js></script>
+
+  <script>Fluid.plugins.codeWidget();</script>
+
+
+  
+<script>
+  Fluid.utils.createScript('https://lib.baomitu.com/anchor-js/4.3.1/anchor.min.js', function() {
+    window.anchors.options = {
+      placement: CONFIG.anchorjs.placement,
+      visible  : CONFIG.anchorjs.visible
+    };
+    if (CONFIG.anchorjs.icon) {
+      window.anchors.options.icon = CONFIG.anchorjs.icon;
+    }
+    var el = (CONFIG.anchorjs.element || 'h1,h2,h3,h4,h5,h6').split(',');
+    var res = [];
+    for (var item of el) {
+      res.push('.markdown-body > ' + item.trim());
+    }
+    if (CONFIG.anchorjs.placement === 'left') {
+      window.anchors.options.class = 'anchorjs-link-left';
+    }
+    window.anchors.add(res.join(', '));
+
+    Fluid.events.registerRefreshCallback(function() {
+      if ('anchors' in window) {
+        anchors.removeAll();
+        var el = (CONFIG.anchorjs.element || 'h1,h2,h3,h4,h5,h6').split(',');
+        var res = [];
+        for (var item of el) {
+          res.push('.markdown-body > ' + item.trim());
+        }
+        if (CONFIG.anchorjs.placement === 'left') {
+          anchors.options.class = 'anchorjs-link-left';
+        }
+        anchors.add(res.join(', '));
+      }
+    });
+  });
+</script>
+
+
+  
+<script>
+  Fluid.utils.createScript('https://lib.baomitu.com/fancybox/3.5.7/jquery.fancybox.min.js', function() {
+    Fluid.plugins.fancyBox();
+  });
+</script>
+
+
+  <script>Fluid.plugins.imageCaption();</script>
+
+  <script  src="/js/local-search.js" ></script>
+
+
+
+
+
+<!-- 主题的启动项，将它保持在最底部 -->
+<!-- the boot of the theme, keep it at the bottom -->
+<script  src="/js/boot.js" ></script>
+
+
+  
+
+  <noscript>
+    <div class="noscript-warning">博客在允许 JavaScript 运行的环境下浏览效果更佳</div>
+  </noscript>
+</body>
+</html>
diff --git a/archives/2023/05/index.html b/archives/2023/05/index.html
index c53ac83..98a7071 100644
--- a/archives/2023/05/index.html
+++ b/archives/2023/05/index.html
@@ -214,7 +214,7 @@
                 
 
 <div class="list-group">
-  <p class="h4">共计 6 篇文章</p>
+  <p class="h4">共计 7 篇文章</p>
   <hr>
   
   
diff --git a/archives/2023/10/index.html b/archives/2023/10/index.html
new file mode 100644
index 0000000..c2ae67a
--- /dev/null
+++ b/archives/2023/10/index.html
@@ -0,0 +1,352 @@
+
+
+<!DOCTYPE html>
+<html lang="zh-CN" data-default-color-scheme=auto>
+
+
+
+<head>
+  <meta charset="UTF-8">
+  <link rel="apple-touch-icon" sizes="76x76" href="/img/fluid.png">
+  <link rel="icon" href="/img/fluid.png">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=5.0, shrink-to-fit=no">
+  <meta http-equiv="x-ua-compatible" content="ie=edge">
+  
+  <meta name="theme-color" content="#2f4154">
+  <meta name="author" content="">
+  <meta name="keywords" content="前端 JavaScript html css webpack git">
+  
+    <meta property="og:type" content="website">
+<meta property="og:title" content="归档">
+<meta property="og:url" content="https://lxfljw.github.io/archives/2023/10/index.html">
+<meta property="og:site_name" content="码上秃的个人网站">
+<meta property="og:locale" content="zh_CN">
+<meta property="article:tag" content="前端 JavaScript html css webpack git">
+<meta name="twitter:card" content="summary_large_image">
+  
+  
+  
+  <title>归档 - 码上秃的个人网站</title>
+
+  <link  rel="stylesheet" href="https://lib.baomitu.com/twitter-bootstrap/4.6.1/css/bootstrap.min.css" />
+
+
+
+
+
+<!-- 主题依赖的图标库，不要自行修改 -->
+<!-- Do not modify the link that theme dependent icons -->
+
+<link rel="stylesheet" href="//at.alicdn.com/t/font_1749284_hj8rtnfg7um.css">
+
+
+
+<link rel="stylesheet" href="//at.alicdn.com/t/font_1736178_lbnruvf0jn.css">
+
+
+<link  rel="stylesheet" href="/css/main.css" />
+
+
+  <link id="highlight-css" rel="stylesheet" href="/css/highlight.css" />
+  
+    <link id="highlight-css-dark" rel="stylesheet" href="/css/highlight-dark.css" />
+  
+
+
+
+
+  <script id="fluid-configs">
+    var Fluid = window.Fluid || {};
+    Fluid.ctx = Object.assign({}, Fluid.ctx)
+    var CONFIG = {"hostname":"lxfljw.github.io","root":"/","version":"1.9.4","typing":{"enable":true,"typeSpeed":70,"cursorChar":"_","loop":false,"scope":[]},"anchorjs":{"enable":true,"element":"h1,h2,h3,h4,h5,h6","placement":"left","visible":"hover","icon":""},"progressbar":{"enable":true,"height_px":3,"color":"#29d","options":{"showSpinner":false,"trickleSpeed":100}},"code_language":{"enable":true,"default":"TEXT"},"copy_btn":true,"image_caption":{"enable":true},"image_zoom":{"enable":true,"img_url_replace":["",""]},"toc":{"enable":true,"placement":"right","headingSelector":"h1,h2,h3,h4,h5,h6","collapseDepth":0},"lazyload":{"enable":true,"loading_img":"/img/loading.gif","onlypost":false,"offset_factor":2},"web_analytics":{"enable":false,"follow_dnt":true,"baidu":null,"google":null,"gtag":null,"tencent":{"sid":null,"cid":null},"woyaola":null,"cnzz":null,"leancloud":{"app_id":null,"app_key":null,"server_url":null,"path":"window.location.pathname","ignore_local":false}},"search_path":"/local-search.xml"};
+
+    if (CONFIG.web_analytics.follow_dnt) {
+      var dntVal = navigator.doNotTrack || window.doNotTrack || navigator.msDoNotTrack;
+      Fluid.ctx.dnt = dntVal && (dntVal.startsWith('1') || dntVal.startsWith('yes') || dntVal.startsWith('on'));
+    }
+  </script>
+  <script  src="/js/utils.js" ></script>
+  <script  src="/js/color-schema.js" ></script>
+  
+
+
+  
+<meta name="generator" content="Hexo 6.3.0"></head>
+
+
+<body>
+  
+
+  <header>
+    
+
+<div class="header-inner" style="height: 60vh;">
+  <nav id="navbar" class="navbar fixed-top  navbar-expand-lg navbar-dark scrolling-navbar">
+  <div class="container">
+    <a class="navbar-brand" href="/">
+      <strong>码上秃</strong>
+    </a>
+
+    <button id="navbar-toggler-btn" class="navbar-toggler" type="button" data-toggle="collapse"
+            data-target="#navbarSupportedContent"
+            aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
+      <div class="animated-icon"><span></span><span></span><span></span></div>
+    </button>
+
+    <!-- Collapsible content -->
+    <div class="collapse navbar-collapse" id="navbarSupportedContent">
+      <ul class="navbar-nav ml-auto text-center">
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/">
+                <i class="iconfont icon-home-fill"></i>
+                <span>首页</span>
+              </a>
+            </li>
+          
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/archives/">
+                <i class="iconfont icon-archive-fill"></i>
+                <span>归档</span>
+              </a>
+            </li>
+          
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/categories/">
+                <i class="iconfont icon-category-fill"></i>
+                <span>分类</span>
+              </a>
+            </li>
+          
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/tags/">
+                <i class="iconfont icon-tags-fill"></i>
+                <span>标签</span>
+              </a>
+            </li>
+          
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/about/">
+                <i class="iconfont icon-user-fill"></i>
+                <span>关于</span>
+              </a>
+            </li>
+          
+        
+        
+          <li class="nav-item" id="search-btn">
+            <a class="nav-link" target="_self" href="javascript:;" data-toggle="modal" data-target="#modalSearch" aria-label="Search">
+              <i class="iconfont icon-search"></i>
+            </a>
+          </li>
+          
+        
+        
+          <li class="nav-item" id="color-toggle-btn">
+            <a class="nav-link" target="_self" href="javascript:;" aria-label="Color Toggle">
+              <i class="iconfont icon-dark" id="color-toggle-icon"></i>
+            </a>
+          </li>
+        
+      </ul>
+    </div>
+  </div>
+</nav>
+
+  
+
+<div id="banner" class="banner" parallax=true
+     style="background: url('/img/default.png') no-repeat center center; background-size: cover;">
+  <div class="full-bg-img">
+    <div class="mask flex-center" style="background-color: rgba(0, 0, 0, 0.3)">
+      <div class="banner-text text-center fade-in-up">
+        <div class="h2">
+          
+            <span id="subtitle" data-typed-text="归档"></span>
+          
+        </div>
+
+        
+      </div>
+
+      
+    </div>
+  </div>
+</div>
+
+</div>
+
+  </header>
+
+  <main>
+    
+      <div class="container nopadding-x-md">
+        <div id="board"
+          >
+          
+          <div class="container">
+            <div class="row">
+              <div class="col-12 col-md-10 m-auto">
+                
+
+<div class="list-group">
+  <p class="h4">共计 7 篇文章</p>
+  <hr>
+  
+  
+    
+      
+      <p class="h5">2023</p>
+    
+    <a href="/2023/10/22/%E9%89%B4%E6%9D%83/1-Session%EF%BC%8CToken%EF%BC%8CJWT%20%E5%8C%BA%E5%88%AB/" class="list-group-item list-group-item-action">
+      <time>10-22</time>
+      <div class="list-group-item-title">1.1-Session，Token，JWT 原理解析</div>
+    </a>
+  
+</div>
+
+
+
+
+
+              </div>
+            </div>
+          </div>
+        </div>
+      </div>
+    
+
+    
+      <a id="scroll-top-button" aria-label="TOP" href="#" role="button">
+        <i class="iconfont icon-arrowup" aria-hidden="true"></i>
+      </a>
+    
+
+    
+      <div class="modal fade" id="modalSearch" tabindex="-1" role="dialog" aria-labelledby="ModalLabel"
+     aria-hidden="true">
+  <div class="modal-dialog modal-dialog-scrollable modal-lg" role="document">
+    <div class="modal-content">
+      <div class="modal-header text-center">
+        <h4 class="modal-title w-100 font-weight-bold">搜索</h4>
+        <button type="button" id="local-search-close" class="close" data-dismiss="modal" aria-label="Close">
+          <span aria-hidden="true">&times;</span>
+        </button>
+      </div>
+      <div class="modal-body mx-3">
+        <div class="md-form mb-5">
+          <input type="text" id="local-search-input" class="form-control validate">
+          <label data-error="x" data-success="v" for="local-search-input">关键词</label>
+        </div>
+        <div class="list-group" id="local-search-result"></div>
+      </div>
+    </div>
+  </div>
+</div>
+
+    
+
+    
+  </main>
+
+  <footer>
+    <div class="footer-inner">
+  
+    <div class="footer-content">
+       <a href="https://hexo.io" target="_blank" rel="nofollow noopener"><span>Hexo</span></a> <i class="iconfont icon-love"></i> <a href="https://github.com/fluid-dev/hexo-theme-fluid" target="_blank" rel="nofollow noopener"><span>Fluid</span></a> 
+    </div>
+  
+  
+  
+  
+</div>
+
+  </footer>
+
+  <!-- Scripts -->
+  
+  <script  src="https://lib.baomitu.com/nprogress/0.2.0/nprogress.min.js" ></script>
+  <link  rel="stylesheet" href="https://lib.baomitu.com/nprogress/0.2.0/nprogress.min.css" />
+
+  <script>
+    NProgress.configure({"showSpinner":false,"trickleSpeed":100})
+    NProgress.start()
+    window.addEventListener('load', function() {
+      NProgress.done();
+    })
+  </script>
+
+
+<script  src="https://lib.baomitu.com/jquery/3.6.0/jquery.min.js" ></script>
+<script  src="https://lib.baomitu.com/twitter-bootstrap/4.6.1/js/bootstrap.min.js" ></script>
+<script  src="/js/events.js" ></script>
+<script  src="/js/plugins.js" ></script>
+
+
+  <script  src="https://lib.baomitu.com/typed.js/2.0.12/typed.min.js" ></script>
+  <script>
+    (function (window, document) {
+      var typing = Fluid.plugins.typing;
+      var subtitle = document.getElementById('subtitle');
+      if (!subtitle || !typing) {
+        return;
+      }
+      var text = subtitle.getAttribute('data-typed-text');
+      
+        typing(text);
+      
+    })(window, document);
+  </script>
+
+
+
+
+  
+    <script  src="/js/img-lazyload.js" ></script>
+  
+
+
+
+
+  <script  src="/js/local-search.js" ></script>
+
+
+
+
+
+<!-- 主题的启动项，将它保持在最底部 -->
+<!-- the boot of the theme, keep it at the bottom -->
+<script  src="/js/boot.js" ></script>
+
+
+  
+
+  <noscript>
+    <div class="noscript-warning">博客在允许 JavaScript 运行的环境下浏览效果更佳</div>
+  </noscript>
+</body>
+</html>
diff --git a/archives/2023/index.html b/archives/2023/index.html
index 561534c..85d8bd1 100644
--- a/archives/2023/index.html
+++ b/archives/2023/index.html
@@ -214,7 +214,7 @@
                 
 
 <div class="list-group">
-  <p class="h4">共计 6 篇文章</p>
+  <p class="h4">共计 7 篇文章</p>
   <hr>
   
   
@@ -222,6 +222,12 @@
       
       <p class="h5">2023</p>
     
+    <a href="/2023/10/22/%E9%89%B4%E6%9D%83/1-Session%EF%BC%8CToken%EF%BC%8CJWT%20%E5%8C%BA%E5%88%AB/" class="list-group-item list-group-item-action">
+      <time>10-22</time>
+      <div class="list-group-item-title">1.1-Session，Token，JWT 原理解析</div>
+    </a>
+  
+    
     <a href="/2023/05/27/%E8%AE%BE%E8%AE%A1%E6%A8%A1%E5%BC%8F/%E5%89%8D%E8%A8%80/" class="list-group-item list-group-item-action">
       <time>05-27</time>
       <div class="list-group-item-title">设计模式-前言.md</div>
diff --git a/archives/index.html b/archives/index.html
index 6d6ffd1..fbd1b57 100644
--- a/archives/index.html
+++ b/archives/index.html
@@ -214,7 +214,7 @@
                 
 
 <div class="list-group">
-  <p class="h4">共计 6 篇文章</p>
+  <p class="h4">共计 7 篇文章</p>
   <hr>
   
   
@@ -222,6 +222,12 @@
       
       <p class="h5">2023</p>
     
+    <a href="/2023/10/22/%E9%89%B4%E6%9D%83/1-Session%EF%BC%8CToken%EF%BC%8CJWT%20%E5%8C%BA%E5%88%AB/" class="list-group-item list-group-item-action">
+      <time>10-22</time>
+      <div class="list-group-item-title">1.1-Session，Token，JWT 原理解析</div>
+    </a>
+  
+    
     <a href="/2023/05/27/%E8%AE%BE%E8%AE%A1%E6%A8%A1%E5%BC%8F/%E5%89%8D%E8%A8%80/" class="list-group-item list-group-item-action">
       <time>05-27</time>
       <div class="list-group-item-title">设计模式-前言.md</div>
diff --git a/categories/index.html b/categories/index.html
index f116b4c..409c8b0 100644
--- a/categories/index.html
+++ b/categories/index.html
@@ -340,6 +340,48 @@
       </div>
     </div>
   
+    
+    
+    
+    <div class="category row nomargin-x">
+      <a class="category-item collapsed
+          list-group-item category-item-action col-10 col-md-11 col-xm-11" title="鉴权"
+        id="heading-1abcfdd7b6287cba4b363080f08a1261" role="tab" data-toggle="collapse" href="#collapse-1abcfdd7b6287cba4b363080f08a1261"
+        aria-expanded="false"
+      >
+        鉴权
+        <span class="list-group-count"></span>
+        <i class="iconfont icon-arrowright"></i>
+      </a>
+      
+        <a href="/categories/%E9%89%B4%E6%9D%83/" class="category-count col-2 col-md-1 col-xm-1">
+          <i class="iconfont icon-articles"></i>
+          <span>1</span>
+        </a>
+      
+      <div class="category-collapse collapse " id="collapse-1abcfdd7b6287cba4b363080f08a1261"
+           role="tabpanel" aria-labelledby="heading-1abcfdd7b6287cba4b363080f08a1261">
+        
+        
+          
+  <div class="category-post-list">
+    
+    
+      
+      
+        <a href="/2023/10/22/%E9%89%B4%E6%9D%83/1-Session%EF%BC%8CToken%EF%BC%8CJWT%20%E5%8C%BA%E5%88%AB/" title="1.1-Session，Token，JWT 原理解析"
+           class="list-group-item list-group-item-action
+           ">
+          <span class="category-post">1.1-Session，Token，JWT 原理解析</span>
+        </a>
+      
+    
+  </div>
+
+        
+      </div>
+    </div>
+  
 </div>
 
 
diff --git "a/categories/\351\211\264\346\235\203/index.html" "b/categories/\351\211\264\346\235\203/index.html"
new file mode 100644
index 0000000..75c0504
--- /dev/null
+++ "b/categories/\351\211\264\346\235\203/index.html"
@@ -0,0 +1,352 @@
+
+
+<!DOCTYPE html>
+<html lang="zh-CN" data-default-color-scheme=auto>
+
+
+
+<head>
+  <meta charset="UTF-8">
+  <link rel="apple-touch-icon" sizes="76x76" href="/img/fluid.png">
+  <link rel="icon" href="/img/fluid.png">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=5.0, shrink-to-fit=no">
+  <meta http-equiv="x-ua-compatible" content="ie=edge">
+  
+  <meta name="theme-color" content="#2f4154">
+  <meta name="author" content="">
+  <meta name="keywords" content="前端 JavaScript html css webpack git">
+  
+    <meta property="og:type" content="website">
+<meta property="og:title" content="分类 - 鉴权">
+<meta property="og:url" content="https://lxfljw.github.io/categories/%E9%89%B4%E6%9D%83/index.html">
+<meta property="og:site_name" content="码上秃的个人网站">
+<meta property="og:locale" content="zh_CN">
+<meta property="article:tag" content="前端 JavaScript html css webpack git">
+<meta name="twitter:card" content="summary_large_image">
+  
+  
+  
+  <title>分类 - 鉴权 - 码上秃的个人网站</title>
+
+  <link  rel="stylesheet" href="https://lib.baomitu.com/twitter-bootstrap/4.6.1/css/bootstrap.min.css" />
+
+
+
+
+
+<!-- 主题依赖的图标库，不要自行修改 -->
+<!-- Do not modify the link that theme dependent icons -->
+
+<link rel="stylesheet" href="//at.alicdn.com/t/font_1749284_hj8rtnfg7um.css">
+
+
+
+<link rel="stylesheet" href="//at.alicdn.com/t/font_1736178_lbnruvf0jn.css">
+
+
+<link  rel="stylesheet" href="/css/main.css" />
+
+
+  <link id="highlight-css" rel="stylesheet" href="/css/highlight.css" />
+  
+    <link id="highlight-css-dark" rel="stylesheet" href="/css/highlight-dark.css" />
+  
+
+
+
+
+  <script id="fluid-configs">
+    var Fluid = window.Fluid || {};
+    Fluid.ctx = Object.assign({}, Fluid.ctx)
+    var CONFIG = {"hostname":"lxfljw.github.io","root":"/","version":"1.9.4","typing":{"enable":true,"typeSpeed":70,"cursorChar":"_","loop":false,"scope":[]},"anchorjs":{"enable":true,"element":"h1,h2,h3,h4,h5,h6","placement":"left","visible":"hover","icon":""},"progressbar":{"enable":true,"height_px":3,"color":"#29d","options":{"showSpinner":false,"trickleSpeed":100}},"code_language":{"enable":true,"default":"TEXT"},"copy_btn":true,"image_caption":{"enable":true},"image_zoom":{"enable":true,"img_url_replace":["",""]},"toc":{"enable":true,"placement":"right","headingSelector":"h1,h2,h3,h4,h5,h6","collapseDepth":0},"lazyload":{"enable":true,"loading_img":"/img/loading.gif","onlypost":false,"offset_factor":2},"web_analytics":{"enable":false,"follow_dnt":true,"baidu":null,"google":null,"gtag":null,"tencent":{"sid":null,"cid":null},"woyaola":null,"cnzz":null,"leancloud":{"app_id":null,"app_key":null,"server_url":null,"path":"window.location.pathname","ignore_local":false}},"search_path":"/local-search.xml"};
+
+    if (CONFIG.web_analytics.follow_dnt) {
+      var dntVal = navigator.doNotTrack || window.doNotTrack || navigator.msDoNotTrack;
+      Fluid.ctx.dnt = dntVal && (dntVal.startsWith('1') || dntVal.startsWith('yes') || dntVal.startsWith('on'));
+    }
+  </script>
+  <script  src="/js/utils.js" ></script>
+  <script  src="/js/color-schema.js" ></script>
+  
+
+
+  
+<meta name="generator" content="Hexo 6.3.0"></head>
+
+
+<body>
+  
+
+  <header>
+    
+
+<div class="header-inner" style="height: 60vh;">
+  <nav id="navbar" class="navbar fixed-top  navbar-expand-lg navbar-dark scrolling-navbar">
+  <div class="container">
+    <a class="navbar-brand" href="/">
+      <strong>码上秃</strong>
+    </a>
+
+    <button id="navbar-toggler-btn" class="navbar-toggler" type="button" data-toggle="collapse"
+            data-target="#navbarSupportedContent"
+            aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
+      <div class="animated-icon"><span></span><span></span><span></span></div>
+    </button>
+
+    <!-- Collapsible content -->
+    <div class="collapse navbar-collapse" id="navbarSupportedContent">
+      <ul class="navbar-nav ml-auto text-center">
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/">
+                <i class="iconfont icon-home-fill"></i>
+                <span>首页</span>
+              </a>
+            </li>
+          
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/archives/">
+                <i class="iconfont icon-archive-fill"></i>
+                <span>归档</span>
+              </a>
+            </li>
+          
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/categories/">
+                <i class="iconfont icon-category-fill"></i>
+                <span>分类</span>
+              </a>
+            </li>
+          
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/tags/">
+                <i class="iconfont icon-tags-fill"></i>
+                <span>标签</span>
+              </a>
+            </li>
+          
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/about/">
+                <i class="iconfont icon-user-fill"></i>
+                <span>关于</span>
+              </a>
+            </li>
+          
+        
+        
+          <li class="nav-item" id="search-btn">
+            <a class="nav-link" target="_self" href="javascript:;" data-toggle="modal" data-target="#modalSearch" aria-label="Search">
+              <i class="iconfont icon-search"></i>
+            </a>
+          </li>
+          
+        
+        
+          <li class="nav-item" id="color-toggle-btn">
+            <a class="nav-link" target="_self" href="javascript:;" aria-label="Color Toggle">
+              <i class="iconfont icon-dark" id="color-toggle-icon"></i>
+            </a>
+          </li>
+        
+      </ul>
+    </div>
+  </div>
+</nav>
+
+  
+
+<div id="banner" class="banner" parallax=true
+     style="background: url('/img/default.png') no-repeat center center; background-size: cover;">
+  <div class="full-bg-img">
+    <div class="mask flex-center" style="background-color: rgba(0, 0, 0, 0.3)">
+      <div class="banner-text text-center fade-in-up">
+        <div class="h2">
+          
+            <span id="subtitle" data-typed-text="分类 - 鉴权"></span>
+          
+        </div>
+
+        
+      </div>
+
+      
+    </div>
+  </div>
+</div>
+
+</div>
+
+  </header>
+
+  <main>
+    
+      <div class="container nopadding-x-md">
+        <div id="board"
+          >
+          
+          <div class="container">
+            <div class="row">
+              <div class="col-12 col-md-10 m-auto">
+                
+
+<div class="list-group">
+  <p class="h4">共计 1 篇文章</p>
+  <hr>
+  
+  
+    
+      
+      <p class="h5">2023</p>
+    
+    <a href="/2023/10/22/%E9%89%B4%E6%9D%83/1-Session%EF%BC%8CToken%EF%BC%8CJWT%20%E5%8C%BA%E5%88%AB/" class="list-group-item list-group-item-action">
+      <time>10-22</time>
+      <div class="list-group-item-title">1.1-Session，Token，JWT 原理解析</div>
+    </a>
+  
+</div>
+
+
+
+
+
+              </div>
+            </div>
+          </div>
+        </div>
+      </div>
+    
+
+    
+      <a id="scroll-top-button" aria-label="TOP" href="#" role="button">
+        <i class="iconfont icon-arrowup" aria-hidden="true"></i>
+      </a>
+    
+
+    
+      <div class="modal fade" id="modalSearch" tabindex="-1" role="dialog" aria-labelledby="ModalLabel"
+     aria-hidden="true">
+  <div class="modal-dialog modal-dialog-scrollable modal-lg" role="document">
+    <div class="modal-content">
+      <div class="modal-header text-center">
+        <h4 class="modal-title w-100 font-weight-bold">搜索</h4>
+        <button type="button" id="local-search-close" class="close" data-dismiss="modal" aria-label="Close">
+          <span aria-hidden="true">&times;</span>
+        </button>
+      </div>
+      <div class="modal-body mx-3">
+        <div class="md-form mb-5">
+          <input type="text" id="local-search-input" class="form-control validate">
+          <label data-error="x" data-success="v" for="local-search-input">关键词</label>
+        </div>
+        <div class="list-group" id="local-search-result"></div>
+      </div>
+    </div>
+  </div>
+</div>
+
+    
+
+    
+  </main>
+
+  <footer>
+    <div class="footer-inner">
+  
+    <div class="footer-content">
+       <a href="https://hexo.io" target="_blank" rel="nofollow noopener"><span>Hexo</span></a> <i class="iconfont icon-love"></i> <a href="https://github.com/fluid-dev/hexo-theme-fluid" target="_blank" rel="nofollow noopener"><span>Fluid</span></a> 
+    </div>
+  
+  
+  
+  
+</div>
+
+  </footer>
+
+  <!-- Scripts -->
+  
+  <script  src="https://lib.baomitu.com/nprogress/0.2.0/nprogress.min.js" ></script>
+  <link  rel="stylesheet" href="https://lib.baomitu.com/nprogress/0.2.0/nprogress.min.css" />
+
+  <script>
+    NProgress.configure({"showSpinner":false,"trickleSpeed":100})
+    NProgress.start()
+    window.addEventListener('load', function() {
+      NProgress.done();
+    })
+  </script>
+
+
+<script  src="https://lib.baomitu.com/jquery/3.6.0/jquery.min.js" ></script>
+<script  src="https://lib.baomitu.com/twitter-bootstrap/4.6.1/js/bootstrap.min.js" ></script>
+<script  src="/js/events.js" ></script>
+<script  src="/js/plugins.js" ></script>
+
+
+  <script  src="https://lib.baomitu.com/typed.js/2.0.12/typed.min.js" ></script>
+  <script>
+    (function (window, document) {
+      var typing = Fluid.plugins.typing;
+      var subtitle = document.getElementById('subtitle');
+      if (!subtitle || !typing) {
+        return;
+      }
+      var text = subtitle.getAttribute('data-typed-text');
+      
+        typing(text);
+      
+    })(window, document);
+  </script>
+
+
+
+
+  
+    <script  src="/js/img-lazyload.js" ></script>
+  
+
+
+
+
+  <script  src="/js/local-search.js" ></script>
+
+
+
+
+
+<!-- 主题的启动项，将它保持在最底部 -->
+<!-- the boot of the theme, keep it at the bottom -->
+<script  src="/js/boot.js" ></script>
+
+
+  
+
+  <noscript>
+    <div class="noscript-warning">博客在允许 JavaScript 运行的环境下浏览效果更佳</div>
+  </noscript>
+</body>
+</html>
diff --git a/css/highlight-dark.css b/css/highlight-dark.css
index 9cae4a7..13d6ac8 100644
--- a/css/highlight-dark.css
+++ b/css/highlight-dark.css
@@ -1 +1,62 @@
-pre code.hljs{display:block;overflow-x:auto;padding:1em}code.hljs{padding:3px 5px}.hljs{color:#ddd;background:#303030}.hljs-keyword,.hljs-link,.hljs-literal,.hljs-section,.hljs-selector-tag{color:#fff}.hljs-addition,.hljs-attribute,.hljs-built_in,.hljs-bullet,.hljs-name,.hljs-string,.hljs-symbol,.hljs-template-tag,.hljs-template-variable,.hljs-title,.hljs-type,.hljs-variable{color:#d88}.hljs-comment,.hljs-deletion,.hljs-meta,.hljs-quote{color:#979797}.hljs-doctag,.hljs-keyword,.hljs-literal,.hljs-name,.hljs-section,.hljs-selector-tag,.hljs-strong,.hljs-title,.hljs-type{font-weight:700}.hljs-emphasis{font-style:italic}
+pre code.hljs {
+  display: block;
+  overflow-x: auto;
+  padding: 1em
+}
+code.hljs {
+  padding: 3px 5px
+}
+/*
+
+Dark style from softwaremaniacs.org (c) Ivan Sagalaev <Maniac@SoftwareManiacs.Org>
+
+*/
+.hljs {
+  color: #ddd;
+  background: #303030
+}
+.hljs-keyword,
+.hljs-selector-tag,
+.hljs-literal,
+.hljs-section,
+.hljs-link {
+  color: white
+}
+.hljs-subst {
+  /* default */
+  
+}
+.hljs-string,
+.hljs-title,
+.hljs-name,
+.hljs-type,
+.hljs-attribute,
+.hljs-symbol,
+.hljs-bullet,
+.hljs-built_in,
+.hljs-addition,
+.hljs-variable,
+.hljs-template-tag,
+.hljs-template-variable {
+  color: #d88
+}
+.hljs-comment,
+.hljs-quote,
+.hljs-deletion,
+.hljs-meta {
+  color: #979797
+}
+.hljs-keyword,
+.hljs-selector-tag,
+.hljs-literal,
+.hljs-title,
+.hljs-section,
+.hljs-doctag,
+.hljs-type,
+.hljs-name,
+.hljs-strong {
+  font-weight: bold
+}
+.hljs-emphasis {
+  font-style: italic
+}
diff --git a/css/highlight.css b/css/highlight.css
index 96af284..acd5468 100644
--- a/css/highlight.css
+++ b/css/highlight.css
@@ -1,4 +1,12 @@
-pre code.hljs{display:block;overflow-x:auto;padding:1em}code.hljs{padding:3px 5px}/*!
+pre code.hljs {
+  display: block;
+  overflow-x: auto;
+  padding: 1em
+}
+code.hljs {
+  padding: 3px 5px
+}
+/*!
   Theme: GitHub
   Description: Light theme as seen on github.com
   Author: github.com
@@ -7,4 +15,104 @@ pre code.hljs{display:block;overflow-x:auto;padding:1em}code.hljs{padding:3px 5p
 
   Outdated base version: https://github.com/primer/github-syntax-light
   Current colors taken from GitHub's CSS
-*/.hljs{color:#24292e;background:#fff}.hljs-doctag,.hljs-keyword,.hljs-meta .hljs-keyword,.hljs-template-tag,.hljs-template-variable,.hljs-type,.hljs-variable.language_{color:#d73a49}.hljs-title,.hljs-title.class_,.hljs-title.class_.inherited__,.hljs-title.function_{color:#6f42c1}.hljs-attr,.hljs-attribute,.hljs-literal,.hljs-meta,.hljs-number,.hljs-operator,.hljs-selector-attr,.hljs-selector-class,.hljs-selector-id,.hljs-variable{color:#005cc5}.hljs-meta .hljs-string,.hljs-regexp,.hljs-string{color:#032f62}.hljs-built_in,.hljs-symbol{color:#e36209}.hljs-code,.hljs-comment,.hljs-formula{color:#6a737d}.hljs-name,.hljs-quote,.hljs-selector-pseudo,.hljs-selector-tag{color:#22863a}.hljs-subst{color:#24292e}.hljs-section{color:#005cc5;font-weight:700}.hljs-bullet{color:#735c0f}.hljs-emphasis{color:#24292e;font-style:italic}.hljs-strong{color:#24292e;font-weight:700}.hljs-addition{color:#22863a;background-color:#f0fff4}.hljs-deletion{color:#b31d28;background-color:#ffeef0}
+*/
+.hljs {
+  color: #24292e;
+  background: #ffffff
+}
+.hljs-doctag,
+.hljs-keyword,
+.hljs-meta .hljs-keyword,
+.hljs-template-tag,
+.hljs-template-variable,
+.hljs-type,
+.hljs-variable.language_ {
+  /* prettylights-syntax-keyword */
+  color: #d73a49
+}
+.hljs-title,
+.hljs-title.class_,
+.hljs-title.class_.inherited__,
+.hljs-title.function_ {
+  /* prettylights-syntax-entity */
+  color: #6f42c1
+}
+.hljs-attr,
+.hljs-attribute,
+.hljs-literal,
+.hljs-meta,
+.hljs-number,
+.hljs-operator,
+.hljs-variable,
+.hljs-selector-attr,
+.hljs-selector-class,
+.hljs-selector-id {
+  /* prettylights-syntax-constant */
+  color: #005cc5
+}
+.hljs-regexp,
+.hljs-string,
+.hljs-meta .hljs-string {
+  /* prettylights-syntax-string */
+  color: #032f62
+}
+.hljs-built_in,
+.hljs-symbol {
+  /* prettylights-syntax-variable */
+  color: #e36209
+}
+.hljs-comment,
+.hljs-code,
+.hljs-formula {
+  /* prettylights-syntax-comment */
+  color: #6a737d
+}
+.hljs-name,
+.hljs-quote,
+.hljs-selector-tag,
+.hljs-selector-pseudo {
+  /* prettylights-syntax-entity-tag */
+  color: #22863a
+}
+.hljs-subst {
+  /* prettylights-syntax-storage-modifier-import */
+  color: #24292e
+}
+.hljs-section {
+  /* prettylights-syntax-markup-heading */
+  color: #005cc5;
+  font-weight: bold
+}
+.hljs-bullet {
+  /* prettylights-syntax-markup-list */
+  color: #735c0f
+}
+.hljs-emphasis {
+  /* prettylights-syntax-markup-italic */
+  color: #24292e;
+  font-style: italic
+}
+.hljs-strong {
+  /* prettylights-syntax-markup-bold */
+  color: #24292e;
+  font-weight: bold
+}
+.hljs-addition {
+  /* prettylights-syntax-markup-inserted */
+  color: #22863a;
+  background-color: #f0fff4
+}
+.hljs-deletion {
+  /* prettylights-syntax-markup-deleted */
+  color: #b31d28;
+  background-color: #ffeef0
+}
+.hljs-char.escape_,
+.hljs-link,
+.hljs-params,
+.hljs-property,
+.hljs-punctuation,
+.hljs-tag {
+  /* purposely ignored */
+  
+}
diff --git a/index.html b/index.html
index 9344791..516f018 100644
--- a/index.html
+++ b/index.html
@@ -218,6 +218,60 @@
                 
 
 
+  <div class="row mx-auto index-card">
+    
+    
+    <article class="col-12 col-md-12 mx-auto index-info">
+      <h1 class="index-header">
+        
+        <a href="/2023/10/22/%E9%89%B4%E6%9D%83/1-Session%EF%BC%8CToken%EF%BC%8CJWT%20%E5%8C%BA%E5%88%AB/" target="_self">
+          1.1-Session，Token，JWT 原理解析
+        </a>
+      </h1>
+
+      
+      <a class="index-excerpt index-excerpt__noimg" href="/2023/10/22/%E9%89%B4%E6%9D%83/1-Session%EF%BC%8CToken%EF%BC%8CJWT%20%E5%8C%BA%E5%88%AB/" target="_self">
+        <div>
+          一、SessionSession 是服务器端使用的一种记录客户端状态的机制，客户端通过 SessionID 来访问服务器端的资源，SessionID 一般是存在 Cookie 中的，也可以通过 URL 传递，但是不推荐这样做。Session 模式一般如下步骤：  用户未登录，输入账号密码，提交到服务器端。 服务器端验证账号密码，如果正确，生成 SessionID，将用户信息以及 SessionID
+        </div>
+      </a>
+
+      <div class="index-btm post-metas">
+        
+          <div class="post-meta mr-3">
+            <i class="iconfont icon-date"></i>
+            <time datetime="2023-10-22 23:51" pubdate>
+              2023-10-22
+            </time>
+          </div>
+        
+        
+          <div class="post-meta mr-3 d-flex align-items-center">
+            <i class="iconfont icon-category"></i>
+            
+
+<span class="category-chains">
+  
+  
+    
+      <span class="category-chain">
+        
+  <a href="/categories/%E9%89%B4%E6%9D%83/" class="category-chain-item">鉴权</a>
+  
+  
+
+      </span>
+    
+  
+</span>
+
+          </div>
+        
+        
+      </div>
+    </article>
+  </div>
+
   <div class="row mx-auto index-card">
     
     
diff --git a/local-search.xml b/local-search.xml
index e83e364..1e3253a 100644
--- a/local-search.xml
+++ b/local-search.xml
@@ -3,6 +3,25 @@
   
   
   
+  <entry>
+    <title>1.1-Session，Token，JWT 原理解析</title>
+    <link href="/2023/10/22/%E9%89%B4%E6%9D%83/1-Session%EF%BC%8CToken%EF%BC%8CJWT%20%E5%8C%BA%E5%88%AB/"/>
+    <url>/2023/10/22/%E9%89%B4%E6%9D%83/1-Session%EF%BC%8CToken%EF%BC%8CJWT%20%E5%8C%BA%E5%88%AB/</url>
+    
+    <content type="html"><![CDATA[<h1 id="一、Session"><a href="#一、Session" class="headerlink" title="一、Session"></a>一、Session</h1><p>Session 是服务器端使用的一种记录客户端状态的机制，客户端通过 SessionID 来访问服务器端的资源，SessionID 一般是存在 Cookie 中的，也可以通过 URL 传递，但是不推荐这样做。<br>Session 模式一般如下步骤：</p><ol><li>用户未登录，输入账号密码，提交到服务器端。</li><li>服务器端验证账号密码，如果正确，生成 SessionID，将用户信息以及 SessionID 保存到服务器端，通过 Set-Cookie 请求头设置 cookie 到客户端。</li><li>客户端收到响应后，保存 cookie，下次请求时，自动带上 cookie。</li></ol><p><strong>缺点</strong></p><ol><li>在遭受 DDOS 攻击时，服务器端需要保存大量的 Session 信息，会消耗大量的内存。</li><li>Session 信息保存在服务器端，如果服务器宕机，会丢失所有的 Session 信息，用户需要重新登录。</li><li>Session 信息保存在内存中，如果有多台服务器，用户的 Session 信息无法同步。</li><li>XSS 攻击，如果用户的浏览器存在 XSS 漏洞，攻击者可以拿到用户的 Session 信息，然后伪造用户的 cookie，从而可以伪造用户的身份。</li><li>CSRF 攻击，攻击者可以伪造用户的请求，从而可以拿到用户的 Session 信息，然后伪造用户的 cookie，从而可以伪造用户的身份。</li></ol><h1 id="二、Token"><a href="#二、Token" class="headerlink" title="二、Token"></a>二、Token</h1><p>Token 是一种客户端认证方式，客户端通过用户名密码请求服务器，服务器验证通过后，返回 Token，客户端收到 Token 后，保存到客户端，下次请求时，自动带上 Token，服务器端通过校验 Token 来验证用户身份。</p><p>Token 模式一般如下步骤：</p><ol><li>用户未登录，输入账号密码，提交到服务器端。</li><li>服务器端验证账号密码，如果正确，生成 Token，将 Token 保存到服务器端，通过 Set-Cookie 请求头设置 cookie 到客户端或者响应体返回，用户自行设置到 localStorage。</li><li>客户端收到响应后，保存 cookie 或者 localStorage，下次请求时，自动带上 cookie 或者 localStorage。</li><li>客户端每次请求时，通过 Authorization 请求头或者 URL 传递 Token。</li><li>服务器端通过 Authorization 请求头或者 URL 传递 Token，验证 Token，如果验证通过，返回数据，如果验证失败，返回 401 状态码。</li></ol><p><strong>缺点</strong></p><ol><li>Token 需要存储到服务端，如果有多台服务器，需要同步 Token。</li><li>Token 一般是不会过期的，如果 Token 被盗取，攻击者可以一直使用 Token，除非用户修改密码或者主动注销 Token。</li></ol><h1 id="三、JWT"><a href="#三、JWT" class="headerlink" title="三、JWT"></a>三、JWT</h1><p>JWT 是一种 Token 的实现方式，JWT 的全称是 JSON Web Token，是一种轻量级的身份认证和信息交互方式，可以在用户和服务器之间传递安全可靠的信息。<br>JWT 分为三部分，分别是 Header，Payload 和 Signature，三部分之间用 . 分割，如下所示：</p><figure class="highlight apache"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><code class="hljs apache"><span class="hljs-attribute">Header</span>.Payload.Signature<br></code></pre></td></tr></table></figure><p>Header 存储加密的算法，Payload 存储用户信息，Signature 是对 Header 和 Payload 的签名，用于验证数据的完整性，Payload 一般存储 userId，用于校验用户身份，Signature 是防篡改的，如果数据被篡改，Signature 会验证失败。比如用户 id 被攻击者获取，攻击者如果伪造 Signature，服务器端会验证失败，从而防止攻击者伪造用户身份。这样原来，后端无需存储 JWT，只需使用密码学原理，对签名进行校验即可安全的验证用户身份，未来服务器扩容，只要保证密钥一致即可，无需同步用户登录状态。</p><p>JWT 步骤如下：</p><ol><li>用户未登录，输入账号密码，提交到服务器端。</li><li>服务端校验账号密码，如果正确，则返回 JWT Token，客户端收到响应后，保存到 localStorage。</li><li>客户端每次请求时，通过 Authorization 请求头或者 URL 传递 Token。</li><li>服务器端通过 Authorization 请求头或者 URL 传递 Token，验证 Token，如果验证通过，返回数据，如果验证失败，返回 401 状态码。</li><li>客户端每次请求时，需要带上 Token，服务器端通过校验 Token 来验证用户身份。</li></ol><p><strong>缺点</strong></p><ol><li>JWT 一般是不会过期的，如果 Token 被盗取，攻击者可以一直使用 Token，除非用户修改密码或者主动注销 Token。</li><li>JWT 一般存储在 localStorage 中，如果用户的浏览器存在 XSS 漏洞，攻击者可以拿到用户的 JWT，然后伪造用户的身份。</li></ol>]]></content>
+    
+    
+    <categories>
+      
+      <category>鉴权</category>
+      
+    </categories>
+    
+    
+  </entry>
+  
+  
+  
   <entry>
     <title>设计模式-前言.md</title>
     <link href="/2023/05/27/%E8%AE%BE%E8%AE%A1%E6%A8%A1%E5%BC%8F/%E5%89%8D%E8%A8%80/"/>
