Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
I
I
Ivan Vasilich2020-01-05 14:28:41
PHP
Ivan Vasilich, 2020-01-05 14:28:41

How often to change hash when authenticating in php?

Good afternoon,
Please tell me I have authorization and authentication in one method

function login(string $email, string $pass, bool $isHash=false) {
   
    #code...
}

and also in the database
user_password // in which the hash of the password for authorization is
stored user_hash // in which the generated hash for authentication is stored The
question is, if it is possible to change the authentication hash after some time, for example, after 7 days, in the database or should be always static.
or should it not exist at all and use the password hash to save it in cookies
and is it possible to use _SESSION to store these hashes (what will happen if 1000 people store their hashes in the session)
thanks in advance.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
A
Anton Shamanov, 2020-01-05
@SilenceOfWinter

no matter how the data is stored, they are still physically located in files, it is more logical to store the hash in the database and not more than a day (although, of course, everything here depends on its type and length).

CREATE TABLE IF NOT EXISTS `users` (
  `id` int(11) UNSIGNED NOT NULL AUTO_INCREMENT,
  `email` varchar(255) NOT NULL,
  `login` varchar(255) NOT NULL,
  `password` varchar(255) NOT NULL,
  `last_login` int(11) UNSIGNED,
  PRIMARY KEY  (`id`),
  UNIQUE KEY `login` (`login`),
  UNIQUE KEY `email` (`email`)
) ENGINE=InnoDB  DEFAULT CHARSET=utf8;

CREATE TABLE IF NOT EXISTS `user_tokens` (
  `id` int(11) UNSIGNED NOT NULL AUTO_INCREMENT,
  `user_id` int(11) UNSIGNED NOT NULL,
  `user_agent` varchar(255) NOT NULL,
  `token` varchar(255) NOT NULL,
  `created` int(11) UNSIGNED NOT NULL,
  `expires` int(11) UNSIGNED NOT NULL,
  PRIMARY KEY  (`id`),
  UNIQUE KEY `token` (`token`),
  KEY `fk_user_id` (`user_id`),
  KEY `expires` (`expires`)
) ENGINE=InnoDB  DEFAULT CHARSET=utf8;

ALTER TABLE `user_tokens`
  ADD CONSTRAINT `user_tokens_ibfk_1` FOREIGN KEY (`user_id`) REFERENCES `users` (`id`) ON DELETE CASCADE;

Report
X
xmoonlight, 2020-01-05
@xmoonlight

1. Client authorization token - must be stored on the client (in cookies).
2. The lifetime of the client authorization token is 3-5 days.
3. Change/update of the client's authorization token - "transparent" for the end user.
(It was all just about a specific web browser without being tied to a user account.)
And a user authorization token (after entering a login and password) is issued only after successful client authorization.
For successful authorization, it is checked that the browser (client) is authorized, and the user login with password is correct.

Similar questions
W
WWK_12021-05-06 22:06:05
Is it possible and how to set up Prettier? 1Reply
J
Junior Bee2015-07-07 13:05:09
Add style to javascript variable? 3Reply
O
Oleg2021-05-16 19:59:03
Why does the DHCP server write that the address has been issued, but the client does not receive it? 2Reply
P
pashabomber2017-06-27 12:11:33
How to fix a block only when scrolled to it? 5Reply
A
Alexey Nikolaev2017-07-04 20:52:42
How to remove push effect from input button in IE? 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question