I am writing a user rating through VC.

I receive the data, if the user is - update, if not, create.

We write all this into the user's session.

Next you need a little first-hand clarification.

As I understand it (correct, if that), the session is stored until the user closes the browser or 24 minutes if there is no activity. Therefore, I plan to write the user ah-di in encrypted form (the decryption on the server). Further, if a person comes in with cookies, we take his data from the database and create a session with them.

How to do this, I understand, but read the info and everyone writes that you need to store the session ID? What does this mean, because the session is destroyed or not? How to properly implement re-entry, so as not to make mistakes?

  • one
    The duration of the session is a value customizable - vp_arth
  • If I need a person to come in and after a week also be atorized, it turns out that you need to set the lifespan of the sessions for 2 weeks (for example) and the lifespan of the cookie is also 2 weeks. Correctly authorize it through the session or not necessarily? - Zhenya Vedenin
  • Why not just keep ah-di in cookies? - Zhenya Vedenin
  • one
    If a session cookie compromises itself - the user can re-login and get a new one. How do you invalidate your ID? - vp_arth
  • Thank you, I understand the logic. And about the shelf life - I understand correctly? (wrote above) - Zhenya Vedenin

0