0

This is more of a engineering/structural question. I am building a login system in ReactJs, what I have done so far is authenticated user by taking his credentials, I generate a unique token (let's say a random string) as soon as a user credentials are verified and pass the same to ReactJs, now I have a couple of question:

1) How do I validate that token that is pass to my backed in every API calls after login is a valid token? I am using axios to make a API request.(as of now I generate a session at back-end, but that doesn't work as axios doesn't set PHP session ID in API header, if PHP session is not passes in header PHP is not able to identify if the API call is made by the same session/user)
2) Is there another way to validate if the token passes is a valid one and process the request if valid.

Thanks in advance.

adarsh723
  • 135
  • 2
  • 3
  • 12
  • I think you are looking for: [Attach Authorization header for all axios requests](https://stackoverflow.com/questions/43051291/attach-authorization-header-for-all-axios-requests) – Jigar Shah Nov 03 '17 at 04:25

1 Answers1

1

If you add

axios.defaults.withCredentials = true;

right after you include axios, your sessions should start working.

dave
  • 62,300
  • 5
  • 72
  • 93
  • axios.defaults.withCredentials = true; axios.post(url, querystring.stringify(data)).then((response) => { console.log(response); }).catch(error => { }); Give me an error: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. – adarsh723 Nov 03 '17 at 04:43