Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
Z
Z
ZaxapKramer2018-11-05 19:52:11
PHP
ZaxapKramer, 2018-11-05 19:52:11

What reliable data can be obtained from the user to further create an authorization session hash?

Good afternoon.
When authorizing a user on the site, I want to give him a Session ID, which includes hashed ones, for example:
- Login
- Password hash
- IP address
- Browser User-Agent
Write to Cookie. Next, when authenticating, create a hash at the server level by sending IP and UserAgent.
Is there any more or less "valid" (genuine) data, like login and password, that could also be included in the hash, in the Cookie? And how viable is such an idea in terms of security / adequacy?
Thank you in advance.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
I
Ivan Shumov, 2018-11-05
@ZaxapKramer

1. The session ID is primarily an auto-generated parameter that should not be based on user data. Never.
2. If you need to have some user data in quick access on the client side, you can use JWT tokens

Similar questions
V
Vladimir Karpenko2017-04-19 19:41:47
What if there are two databases in an ASP.NET MVC5 project: one is database first, the other is code first? 3Reply
R
ReDeNDeR2021-04-06 13:10:49
How to order raspberry pi in Baku? 4Reply
A
Aibot922021-04-09 16:05:43
How to stop "listening" to bot.*_handler? 2Reply
S
Simon Tis2019-10-03 19:03:22
How all the same to connect a script in header 1C? 3Reply
A
AnatoliyKarpov2021-04-16 14:24:16
How to make ul have different classes? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question