How to properly store sessions for authorization?

O

Ockonal2015-01-14 23:21:07

PHP

Ockonal, 2015-01-14 23:21:07

Hello, I am writing in php, I need to fasten the authorization. All done, the data is stored in the session. Accordingly, immediately after closing the browser, the session falls off and you need to log in again.
This fatfree has a session mapper that stores everything in the mongodb database, which turned out to be very convenient. Each session in this mapper is assigned a token (csrf) which is set in a cookie along with the PHPSESSID.
How can I restore the session correctly? I can extend the life of this csrf token and, at the start of the session, look for it in the database. If I find it, what should I do? Pull out the session id from the database and set it to the current session?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

M

Mykola, 2015-01-15
@Ockonal

cookie?
Author. on the site -> set the cookie -> set the session = then work with the session.
Login to the site -> check the session, no? -> check the cookie, is there? -> compare hashes with hashes from the database, do they match? -> we update cookies -> we set session = further we work with session.