http://blog.caoxudong.info/ some bolgs
http://blog.caoxudong.info/blog/2015/05/28/stateless_web_system_authentication_design_again/