Explain the principle of authentication on the site?

M

magary42015-05-14 16:05:13

PHP

magary4, 2015-05-14 16:05:13

what is in trend now for simple user authentication on the site? if we consider something simpler than OAuth2 ?
as I understand it, passing a login and a pass and receiving cookies in response - the approach has already become obsolete,
what is it rational to use now?
send each request header bearer md5(username+pass) ?

Reply

Answer the question

In order to leave comments, you need to log in

5 answer(s)

A

Alexey Volegov, 2015-05-14
@EagleMoor

Yes, there is not any movement in this direction, everything is in the old, logically correct way - it all depends on the tasks set!
anymore, but it is for authorization through a third-party / your site without providing an additional API About bearer- this is for RESTful API sites. When one backend is written for web and mobile applications. Then the web, like mobile, signs any requests with "bearer {token}". Well, yes, do not confuse "{token}" and md5(user+pass). First, you authorize the user by login + pass, then give him a unique token (essentially the same session_id, but do not store the user's status). And how you already generate it on the server is the third thing. But yes, you shouldn't do md5(login + pass) =)

S

Steely, 2015-05-14
@Steely

What's wrong with cookies?

H

Hakhagmon, 2015-05-14
@Hakhagmon

I use cookies on a large project, the flight is normal.
Oh, and don't forget about sessions.

E

Emil Revencu, 2015-05-21
@Revencu

sha256(user+pass+RANDOM)
where we get RANDOM in advance from the server
And on the server we compare the received sha256(user+pass+RANDOM) with sha256(user+pass+RANDOM) from the database
and kill RANDOM
Each time the request will change

R

Rafael™, 2015-09-09
@maxminimus

One simple basic authorization is enough - the login and password requested by the browser
This is good because it is simple and reliable If you
want more reliable - use https