Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
Daniil Sukhikh2018-04-28 05:52:19
PHP
Daniil Sukhikh, 2018-04-28 05:52:19

How to save session in cookies?

Now, when I authorize, a session is created that is equal to the user ID, then I display the user's data in his personal account through this id. But even during authorization, cookies are created that are also equal to the user id.
If there is a session when entering the site, then everything is OK, we continue to work on the site, if not, we check the cookies, if they exist, then we create a session equal to the cookies (there id).
Is it correct?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
S
serginhold, 2018-04-28
@danchiksux

You put the bolt on security by making authorization by cookie which is equal to the user's id.
Let's say I go to your site, go to the browser settings and set your cookie, let's say id = 1, and so I went to your site as an administrator, or just under some other user. The question is only in the selection of id.
Therefore, if you want to make such an authorization, you need to have a login token that is not related to the user in any way.
The user entered a login/password, if everything is ok, create some kind of rubbish, like
token = md5(salt . rand() . id) // this part is your fantasy :)
save it both in the user's cookie and in the database.
When a user visits the site, you take this cookie and check against the value in the database for that user. Everything.

Report
S
Stalker_RED, 2018-04-28
@Stalker_RED

Not right.
Better not play with security if you don't understand how it works. Use the default sessionid and nothing else needs to be written in the cookie.
php.net/manual/en/session.examples.basic.php

Report
D
Daniil Sukhikh, 2018-04-28
@danchiksux

I did the authorization like this:

<?php 
require '../libs/bd.php';
require '../libs/session.php';
$date = $_POST;
$errors = [];
if (isset($date['log_b'])) {
  if ($date['login'] == "") {
    $errors[] = 'Ошибка: Вы не ввели логин!';
  } else {
    $p_login = $date['login'];
    $ack = mysqli_query($connection, "SELECT * FROM `users` WHERE email = '$p_login'");
    $user = mysqli_fetch_assoc($ack);
  }
  if ($date['pass'] == "") {
    $errors[] = 'Ошибка: Вы не ввели пароль!';
  } else {
    $passh = password_verify($date['pass'], $user['password']);
  }

  if ($passh == false) {
    $errors[] = 'Ошибка: Вы ввели не верный логин или пароль!';
  }

  function generatePassword($length = 8){
  $chars = 'abdefhiknrstyzABDEFGHKNQRSTYZ23456789';
  $numChars = strlen($chars);
  $string = '';
  for ($i = 0; $i < $length; $i++) {
    $string .= substr($chars, rand(1, $numChars) - 1, 1);
  }
  return $string;
}

  if (empty($errors)) {
    $uuid = password_hash(generatePassword(8), PASSWORD_DEFAULT);
    setcookie("Auth", $uuid, time()+60*60*24*365*100 , "/");
    mysqli_query($connection, "UPDATE `users` SET `uuid`='$uuid'");
    $id = $user['id'];
    $_SESSION['Auth'] = $id;
    echo "Успешно";
  } else {
    echo array_shift($errors);
  }
}
?>

Similar questions
S
sinout2017-04-05 02:08:24
Does it make sense to use Immutable along with React? 4Reply
N
Nicholas Hephaestus2022-01-24 20:18:11
Why does the space bar and other keys not work in TeamViewer? 4Reply
C
Calius2014-05-30 13:19:16
What to choose for a modern knowledge base (knowledge) for a small team? 6Reply
P
PRIZ63rus2014-06-03 08:49:19
How to forward VPN through Juniper srx router to Qnap NAS? 3Reply
D
DeeZ2018-12-05 10:25:08
Why is initramfs built without modules? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question