Answer the question
In order to leave comments, you need to log in
J
J
JackShcherbakov2018-02-05 23:20:09
JackShcherbakov, 2018-02-05 23:20:09
Is the approach to remembering the user on the site through cookies correct?
Hello! The site implemented the functionality of remembering the user. The algorithm is as follows:
If the "remember me" checkbox is pressed, and if the login and password are correct, then:
1. Save the login and password with the set cookie function, having previously hashed the password with the passwordhash function
2. On subsequent requests, the password from the cookie will be checked with the password from the database the password-verify function.
How correct is this? Is it possible to do so?
Thanks in advance!
2 answer(s)
@xmoonlight
X
xmoonlight, 2018-02-05 @xmoonlight
The token is stored in a browser cookie based on device and credentials.
token is just one hash, it is stored in the database for the client device.
The link is this: UserID (login + pass) -> client (device) -> token
So that one user can log in with one password on different devices and see where his sessions are currently logged in.
If the token is stolen and used on another device, it will no longer be valid.
Login and password - are needed only when logging into the account, or when the token is empty or not valid. First, you need to check a pair of login and password, and if authorization is successful, generate a new token.
Similar questions
V
S
X
A
Alexander Kudryashkin2020-04-30 15:32:28
Calculate the sum of elements in a quantity field / PHP?
2Reply
M
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question