1👍
One common approach to this would be using JSON Web Tokens (JWT). You will find a PHP and JS library to use JWTs on the posted site.
The concept is like this:
- Client sends login credentials (Username / Password) to Server (Make sure to use HTTPS here)
- Server verifies the credentials, creates a JWT and sends it to the client
- Client stores the JWT and sends it with each API request
- Server checks if the JWT is valid
Since the JWT is signed by the server, changes to it will be detected and the JWT will not be valid anymore.
Here is a tutorial that uses JWTs with PHP
1👍
My answer is very brief as this topic is very big and you didn’t narrow down your questios.
First if i’m doing my app with vue frontend and php server side. I will send an api post from vue with username and password to php. Once done php will already know who logged in and will send back the user model which I usually store in a vue store like vuex(this is optional). That would be the case if i’m doing a login from within the app. That means on the same server. And for security advise on this is to protect against CSRF and use api middlewares(which are functions that verify stuff before giving response and usually called on all requests or specified). You probably gonna be using a php framework and it should make this easy for you with a generated token that gets sent in api call header and verified by the server and some other ways.
Now if i’m doing a login call from outside. I would use OAuth2 and will avoid sending credentials over http request and instead use a generated client token and after verifying login on php I will send back an api token with refresh token to keep the communication alive with the server. Now you’re gonna have to use an api auth php library to achieve this, as there’s so much behind what i mentioned. To understand how oauth2 works refer to this link.