+++ access token คืออะไรใน facebook ++++
😋 ปกติ facebook เปิดให้เว็บ (รวมทั้งแอพ) ที่เราเขียนขึ้น
สามารถใช้ระบบ login ของ facebook ได้
ทำให้เว็บนั้นได้สิทธิเข้าถึงข้อมูลส่วนตัวของ user นั้นๆ บน facebook
....
Continue Reading+++ What is access token on Facebook ++++
😋 Facebook is usually open for web (including apps) that we write up.
Facebook login system can be used
Make that web access to user's personal information on Facebook.
.
And in many sites, we must have seen.
Just have an account on Facebook, you can log in.
No need to waste time. Fill out a new subscription.
:
In this post will quote
Using Facebook Login
Behind that success, Facebook will give away access token
So that any web can manage user login
:
Before talking about access token, let me go back to the age of 2534
When "Timberners-Lee" delivered the world's first website.
It's a common thing that human beings use to be.
:
❣ but my weaknesses.... is in the heart
Hey, it's not the weaknesses of the website.
Well it uses HTTP potocol
Which is stateless. Don't remember any status.
The meaning is that Server is very short of memory. Alzheimer's disease.
When it gets request from browser
I don't remember where it came from???
Who sent it, I can't remember anymore!!!!!
:
🤔 to solve this cuddle nha technically
He will give you a server to send session id (or session token)
Which session id is something we can't read and long
It will be sent to browser. Keep this in the cookie.
.
.. Wrong is not that cookie.. but cookies are text
Server will send session id to browser
Keep the value in cookies (keep text on browser side)
:
Programming time on server side
Like PHP when using session _ start ();
Will tell browser to collect session id in text photos such as
PHPSESSID=tqb4s5q7k25234eabbvs11dp02
(session id is a random code)
:
But if it's another language, it may be seen in other words.
E.g. JSSIONID (JAVA EE), PHPSESSID (PHP), and ASPSESSIONID (Microsoft ASP).
.
😉 Even here session id... may think it's a ID code.
:
From now on when users click on what on the web page
Browser will be kind.
Secretly sending this session id to server automatically
Make the server recover from Alzheimer's.
... I remember where the request sent this... yay yay
.
So if the request sent in
It has the same session id
It's considered the same friends.
(Computer vocabulary says these request is in the same SESSION)
.
What if it's not the same session id
It's considered that request is not the same people.
:
👉 Benefits of session id
Will be used in conjunction with login / logout mechanism
1) When user name XXX comes in, there will be a session id.
2) When another user name YY does login, there will be a session id as a different ID.
3) When both users do logout, it will expire session id.
:
Question if we went to wash all the cookies in browser what would happen?
- answer for session id will be gone.
- So who secretly login is holding this web? What is that... huhu
- I have to logout automatically for new login... So sad. Haha.
(server doesn't remember us anymore
Because browser doesn't send session id)
:
Session id sounds like good
😨 but using user / password to login will have disadvantage such as
1) Easy to hacker to sneak in session
To wear sesion id (Cross-Site Request Forgery: CSRF)
... Technically, let's not talk about it. Read it on the
2) It is a burden for server to remember the session id. What rights you have and remember other information of user etc.
3) If you want to give the same user, login different devices such as
Web is fine. Mobile phone is good... It will be more difficult. (I have to copy session)
4) and other disadvantage not mentioned
:
😘 but he has a technique to solve the way.
.
Well, use what's called "acces token"
To get access token
I have to login with user / password to exchange it.
... We have to stand in the cat before we get access token.
Then we can use it instead of login
.
Keep us from feeding user / password often
And each user will get access token. Different look alike.
When it's time for user to do logout, access token will expire immediately.
:
😙 Here access token may compare like a key
Or maybe you can see it as a ticket or a pass... It's up to the imagination.
Difference from session id is
1) access token will not be kept in cookies
2) access token will collect information that can be revealed.
e.g. user _ id, rights, expiration date
(Not a burden for server to remember these information)
:
If you use access token with login mechanism, you will see the advantages like
1) Prevent hacker from using session by Cross-Site Request Forgery (CSRF)
2) Can login from mobile phone and just use the same user.
Just giving away access token... It's like Facebook.
(Not stored in browser cookies)
3) The server can leave a hassle login / logout duty... Throw it to authenticate service outside.
4) Server doesn't need to take care of user information.
:
😀 Cut back to see login mechanism with facebook user / password
The concept is as shown in the photo that I posted. (as an example of php)
Simple summary
- user time login
- It will sneak a switch to Facebook to do login instead.
- Then Facebook will throw back access token to our web
- Then user will use it as a pass. No need to login again.
:
There are many types of access token of Facebook such as
-User Access Token
- App Access Token
- Page Access Token
-Client Token
Each type has different rights. I can't ask for deep.
:
👉 session id and access token all this story
It's a sweet, fragrant hacker. I like it very much.
If they can steal, they can wear a login user.
Then hacker will get all rights like user... done here
.
Except we logout
To make session id or access token expire
Then the hacker will be out of bogs.
:
In the user corner. Just login.
Don't mind access token behind the scenes
But if it's a #programmer, you need to be extra mindful.
Because even four feet know that the philosopher knows.
The biggest giant. Big brother like Facebook.
Still missed it. Let access token out so that it's a big news.
.
👌 So, programming
Let's be mindful about access token. Don't fall off.
Be safe from hakcker to the best
Good luck to all of you.
:
:
Written by Thai programmer thai programmer
:
+++++++++++++
Reference
1) https://developers.facebook.com/docs/php/howto/example_facebook_login?locale=th_TH
2) https://developers.facebook.com/docs/facebook-login/access-tokens?locale=th_THTranslated
「alzheimer's disease mechanism」的推薦目錄:
alzheimer's disease mechanism 在 當張仲景遇上史丹佛 Facebook 的最佳解答
從一個奇特的病例談阿兹海默症(老年痴呆)
我有一對印度裔的母子病人,母親約75歲,兒子快50歲了,一年多前在另一位中醫師的推薦下來找我看診,因為不住在矽谷,只能每隔一陣子來診所看診一次。幾次下來也就熟了,和我聊了很多。據這位兒子解釋,他父親早年是矽谷的名人,為推動矽谷半導體產業的功臣之一。然而,他父親對他母親很兇,常常動手打她,那個年代對第一代移民美國的印度裔而言,是很辛苦的,所以,他母親也只好選擇默默承受。後來,他父親過世了,並沒有留下多少存款,他憑自己的努力,在科技業展現頭角,年紀輕輕就被掛名當上了白宮科技顧問。
幾年前,他母親開始生病,右眼眼壓極高,無法清楚看見東西。西醫使用很強的藥物設法來減低眼壓,效果不彰,反而引起了許多副作用,常常半夜不睡覺,偶而會突然神智不清,搞不清楚時間與空間,記憶混亂,把他當做他已經過世的父親,會破口大罵,用力打他,或者打其他幫忙的人,清醒後又完全記不得。據他表示,他母親跟他妹妹住了一陣子,他妹妹生活習慣很差,每天吃垃圾食物,把自己弄得很胖,住的公寓非常髒亂,滿屋子塵霾,而他母親也是跟他妹妹住以後才開始生病。後來,他把母親接過來跟他住,也請了人來照顧他母親,可是,每次他母親都會突然無緣無故的打看護的人,他只好放下工作,自己來照顧母親,手頭上的存款不斷下降,到現在居無定所,到處找便宜的地方住,自己的身體也出現許多問題。
斷斷續續地幫這位印度老太太看診,她身體有許多的問題,我們就不一一陳述,但是,有兩個現象讓我們覺得非常值得討論。這位老太太很容易便秘,只要飲食不注意就會幾天不排便,而當她幾天不排便時,她就會突然失神、失去正常的記憶,她會把兒子當成已故的先生、父親、或者在印度的兄弟,她會非常生氣,會打人,完全變了一個人。這個時候,如果能讓她排便,不管是用中藥或其它辦法,只要她一排便,馬上恢復正常,變回她年輕當護士時的那樣和藹可親,只是完全記不得發作時發生的任何事情。另一個現象是,老太太對空氣裡的塵霾非常敏感,只要室內灰塵多、通風管許久未清、或是有黴菌在浴室牆角等,她同樣的會突然失神、失去正常記憶、非常生氣、打人等等,清醒後也是記不得發生了什麼事。而因為這對母子一直搬來搬去,找便宜又適合的地方住,有時候住小旅館,有時侯用Airbnb找短期住宿,有時候租公寓,這個現象也就非常容易觀察出來,而且屢試不爽。
老太太的現象完全符合中醫的理論,當大腸不通暢,不乾淨的東西不斷累積在大腸裡,「沼氣」會由大腸進入肝臟,表現出「金剋木」的情況,而如果肝臟不夠健康、解毒能力不足,這個「沼氣」會沿著血脈入腦,而導致發狂、失神、失去記憶等等,在傷寒雜病論裡多有著墨。同時,肺和大腸為表裡,同屬金,當肺臟受到塵霾的侵襲,肺與大腸津液的傳輸會受到影響,這個「沼氣」也會由肺到大腸,再到肝臟,如果肝臟守不住,就會導致同樣的發狂、失神、失去記憶等等。這個現象,很多中醫師都知道,在長期臨床上也可以觀察的出來,不過,這位印度老太太的敏感度及對中藥的反應速度,可能是一般人的十倍以上,不管發作或復原,都幾乎是立即可以觀察到,連她不懂中醫的兒子都覺得這樣的「tight correlation」非常特殊,甚至自己上網研究,發現當他母親發作大怒時,按她的太衝、足臨泣等穴位,症狀會好轉。
我們回頭來看一看最近的兩篇文章(一篇是這位印度病人寄給我的,另一篇是一位物理學博士、我台大的老學長及病人寄給我的):
The New York Times: Could Alzheimer’s Stem From Infections? It Makes Sense, Experts Say (http://www.nytimes.com/…/health/alzheimers-disease-infectio…)
Scientific American: Antimicrobial Mechanism Gone Rogue May Play Role in Alzheimer's Disease (http://www.scientificamerican.com/…/antimicrobial-mechanis…/)
這兩篇文章都在討論阿兹海默症(老年痴呆)可能和大家原本想的不一樣,有可能是因為細菌、黴菌、或其它微生物(microbes)在人體裡累積,加上人體的免疫系統因為某些原因沒有適當地處理這些微生物,而直接或間接的導致了阿兹海默症。
如果我們比較這個對阿兹海默症的新想法和我這位印度老太太病人的情況,雖然細節上的連結仍不明確,我們會覺得兩者似乎指向同一個方向。而我們也不得不承認,古老的中醫理論確實很讓人驚豔。如果現代的醫學研究人員們能夠更謙虛的去了解古代人傳下來的中醫理論,先假設中醫理論是對的,願意花時間與精神往下深入研究,再想辦法連結回現代的生物化學理論,或許現代的西醫會少走很多年的冤枉路,也比較不會有每十年就有重大「昨是今非」的改變,讓全世界幾百萬個病人接受治療,十多年後才告訴他們原來的理論與治療方法是錯誤的!