2

My python app lets people upload files on a Third-party platform.

They need to ask my server for a token for the platform to verify

It looks like:

enter image description here

when people upload files they post to the platform

<form method="post" action="http://upload.qiniu.com/"
 enctype="multipart/form-data">
  <input name="key" type="hidden" value="<resource_key>">
  <input name="x:<custom_name>" type="hidden" value="<custom_value>">
  <input name="token" type="hidden" value="<upload_token>">
  <input name="file" type="file" />
  <input name="crc32" type="hidden" />
  <input name="accept" type="hidden" />
</form>

I wonder if it's ok to ask for the token each time someone tries to upload files, or just let people get the token when they login, set the token into the cookie and make its lifetime as long as the cookie's? Thanks.

Community
  • 1
  • 1
Windsooon
  • 6,864
  • 4
  • 31
  • 50

1 Answers1

0

It is normal practice to store client access tokens as cookies for returning users.

This and also this SO post also back this idea up.

Community
  • 1
  • 1
Alexander McFarlane
  • 10,643
  • 9
  • 59
  • 100
  • Another way is each time when someone tries to upload files,use ajax to get token from the server.Which way is better?Thanks – Windsooon Jun 12 '15 at 05:00