Authorization on the site through VKontakte. What to store in cookies?

S

Scuba2018-05-04 09:22:09

PHP

Scuba, 2018-05-04 09:22:09

To register on the site, I plan to use authorization through VKontakte using the authorization code flow. This is necessary to get the first name, last name, email address.
But I need the user to visit the site in a week and have already been authorized.
What to store in cookies for safe use of the site and the impossibility of substituting an account?
How to correctly organize the structure of the MySQL database for storing sessions?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

S

Scuba, 2018-05-04
@targetologru

Then this option:
I generate a hash-string by user_id + token, of the SESSION_ID type
And I also generate something of the LOGIN_TIME type I write
both parameters to the database. And when I visit the site, I compare the cookies and the database for the presence of these two data.
Is this kind of norm?

I

Ilya Beloborodov, 2018-05-04
@kowap

All as in normal authorization. When a user enters a username and password, do you check if the user exists and compare the password?
In the case of VK, at the first authorization, you save the VK user id in the database, and soap, if necessary. when re-authorizing, you check if you have this user in the database, if so, then authorize him.
Or the question is not VK, but in the authorization method?