Answer the question
In order to leave comments, you need to log in
How to store tokens from API VKontakte?
Users are authorized on my site through VK and there is a certain set of permissions for using the functionality of the site.
I write these tokens to the database, there are three fields there:
user_id, secret, token
secret - this is a hash that is generated during authorization.
In cookies I write user_id and secret. When opening the site, I look for them in the database, and if we find them, we take the token for work.
Do I save enough data in cookies for safe work and can I store tokens in the database in the usual way or do I need to encrypt them somehow?
Answer the question
In order to leave comments, you need to log in
It is at least strange to store user_id and secret from VK in cookies of your site.
Perhaps it is worth using the standard authorization mechanisms provided by the framework, and store the data already in the database and associate with the user.
You don't need to encrypt anything, at least the token - you still have to send requests to VK using it.
secret, as far as I remember, changes every time during authorization, it makes no sense to store
it, I store user_id and token, but the latter can also change sometimes
so that there is no SQL injection, use PDO,
no need to encrypt
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question