Answer the question
In order to leave comments, you need to log in
E
E
Evgeny Konkin2015-08-20 15:06:31
Evgeny Konkin, 2015-08-20 15:06:31
Authorization on the site! How is it better?
Hi all!
I have a user registration / authorization on the site! I use password_hash during registration, during authorization I check password_verify, then I write the user's login and password to the session, and on each page I just check if there are session variables login and password, then I open access to ...
Everything works fine, but it seems to me that this is somehow not right, just check for the existence of session variables, you can probably do some more "complicated / secure" user identification on each page, I thought just pulling the password hash from the database and do a password check on each page - password_verify, but I think there will be no load on the server, with a large visit to the site (I hope in the future!)))). Maybe someone knows how best to identify the user at each transition from page to page?
That's probably it! I think the question was clearly explained, tell me who is in the subject! Thanks ))
2 answer(s)
@konnn
D
Dmitry Entelis, 2015-08-20 @konnn
Imho standard solution:
When authorizing a user by login-password, we generate some long string (token), write it to the database, + write it to cookies.
With each user request, we take this token from the cookie and check if there is one.
If desired, you can tighten the lifetime, check ip, etc., etc.
Similar questions
A
Arbil2020-01-04 15:46:38
Is there a function in Python that will display the number of elements?
4Reply
I
Ivan Yakushenko2017-08-14 13:16:01
Does Kivy have functionality for working with geolocation?
4Reply
U
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question