Answer the question
In order to leave comments, you need to log in
A
A
alek05852014-05-01 21:42:28
alek0585, 2014-05-01 21:42:28
P token based authentication?
How does this logic work?
Let's say that I use only mysql. I create two tables, users and tokens We
authorize the user - I add one record with the user id and the token itself to tokens, let's say md5 (timestamp + login + salt).
When authenticating, I look to see if there is such a token among the tokens and use it to get the user id.
Logout - deleting a token.
And what if there is no logout? How to track the case when the token is obsolete and it's time to delete it (for example, 1 week) I
remind you of the question "WHAT TO DO WITH OLD TOKENS"
ANSWER
or this
2 answer(s)
@r0xer
@nazarpc
R
r0xer, 2014-05-01 @r0xer
You can define the maximum lifetime of the token. And at the time of user activity, this is the time to update. In general, token-based authorization is usually done to access a closed system without entering a login / password. A typical example is some external application that wants to use your access to the system, but it is not safe to pass l/p to this application.
N
Nazar Mokrinsky, 2014-05-02 @nazarpc
What prevents storing the expiration date with the token?
In general, read, for example, the OAuth2 specification - all the points related to obtaining and processing tokens are very clearly described there, it is better to use just such a generally accepted and very good approach.
Similar questions
R
M
R
S
T
todoman2022-02-10 13:46:35
Excel: How to make autocomplete from duplicate but incrementing dates?
1Reply
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question