Z
Z
ZaxapKramer2018-11-05 19:52:11
PHP
ZaxapKramer, 2018-11-05 19:52:11

What reliable data can be obtained from the user to further create an authorization session hash?

Good afternoon.
When authorizing a user on the site, I want to give him a Session ID, which includes hashed ones, for example:
- Login
- Password hash
- IP address
- Browser User-Agent
Write to Cookie. Next, when authenticating, create a hash at the server level by sending IP and UserAgent.
Is there any more or less "valid" (genuine) data, like login and password, that could also be included in the hash, in the Cookie? And how viable is such an idea in terms of security / adequacy?
Thank you in advance.

Answer the question

In order to leave comments, you need to log in

1 answer(s)
I
Ivan Shumov, 2018-11-05
@ZaxapKramer

1. The session ID is primarily an auto-generated parameter that should not be based on user data. Never.
2. If you need to have some user data in quick access on the client side, you can use JWT tokens

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question