Before a summary

  1. The applet side haswx.loginTo obtaincode, and the back end passes throughcodeIn return forsession_key;
  2. The applet side haswx.getUserInfoObtaining user information

At the beginning of the login process, the front end obtains the code through wx.login, and then obtains the user’s relevant information through wx. getUserinfo, which is passed to the back end together. The back end performs SHA1 verification, but each time the login, the first verification fails, resulting in unsuccessful login. A second login is required.

The design of the interface itself is to obtain the SESSION_KEY and UNIONID through code for verification. If the database exists, the current user login will be carried out directly. If the database does not exist, the user information will be verified successfully through SHA1, and the user data will be decrypted to obtain the user data and login will be carried out automatically after registration.

Problem analysis

Small program documentation, I looked carefully, did not find that there is a description of the order of the two interface calls, after many unsuccessful tests found:

  1. Applet callwx.loginThe time,Will not beIn the WeChat small program on its own server generatedsession_key;
  2. session_keyThere is an expiration time, the specific expiration time of the small program document is that the more frequent the use of small programs, the longer the expiration time;
  3. codeThere is an expiration time, expiration time 5 minutes;
  4. Each callwx.loginTo get tocodeNot the same, but ifsession_keyNo expiration, then the backend fetches through the interfacesession_keyAnd the last timecodePick up tosession_keyConsistent;
  5. Small program side passeswx.getUserInfoThe information obtained, relevantsignatureDepends on thewx.loginProduced by thesession_keyEncrypt;

Login, then Wx. getUserInfo to get the user data, pass it to the back end, ask for SESSION_KEY, then verify the user data and auto-register it. But in reality, it’s the first point.

In other words, when the small program side calls WX.getUserInfo to get user information, it uses the SESSION_KEY generated by the last server request. When the data is sent to the back end together, it gets the data through code, but the SESSION_KEY of the last time has expired. The new SESSION_KEY will be returned, which will cause the validation to fail.

So in general, the backend should first get the session_key and unionID from the code of the wx.login interface. If the unionID detects that the current user does not exist, cache the session_key and unionID. Then tell the front end to request and register binding through the WX.GetUserInfo interface to the back end.