Answer the question
In order to leave comments, you need to log in
D
D
Denis2015-11-06 09:58:51
Denis, 2015-11-06 09:58:51
Do I need to verify the token in the database?
Greetings gentlemen! I have a couple of small questions in terms of security, or rather its strengthening. After successful authentication, the user is assigned a token to the session, which is substituted in all forms and verified on the server. Does it make sense to record the token in the database and verify it there as well with each request? So I sit and think: if you put such an additional measure on one side of the scale, and on the other - torments the database with every request, is the game worth the candle? And in general, does it make sense to use a token after successful authorization if the work is done over SSL? It may be enough just to check: there is a session or not?
1 answer(s)
@Deonisius
S
Sergej, 2015-11-06 @Deonisius
There is no point in storing it in a database.
Using a token has never harmed anyone =)
Something like this is quite enough:
$csrf = $this->get('form.csrf_provider');
$token = $request->get('csrf_token');
// $data - какие либо шифрованные данные, к примеру email
if ($csrf->isCsrfTokenValid($data, $token)) {
//...
}
Similar questions
G
N
D
Dmitry2015-05-19 23:34:41
A book on C-C++ where is the description of the language with analogies?
5Reply
J
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question