What data to write in cookies after authorization? The password, I believe, is not safe to store, but what identifier can I use to identify the user?
- For example, having a session with a certain hash =) hash login + password ... a lot of things can be stored, the main thing is that these data do not allow you to get the original password. - Vladimir Klykov
- Than the standard mechanism of sessions did not suit? Why bother to put a password in cookies? - dev_null
- I confess, once I also sinned with this ... I put the user's login in Kuku, encrypted with a hash of IP, User Agent and the current date. The encryption agorithm was self-made, by the way - the replacement cipher according to the table of hashes of the same symbols ... Still that hellish mixture. !!! DO NOT REPEAT IT AT HOME !!! - David Manjula
- 2Possible duplicate question: What exactly identifies a site visitor? - andreymal
- (I added there ↑ paragraph specifically about php) - andreymal
|
1 answer
Use session . Then in the client there will be only a radically generated string, and all the data will be on the server. And there you can shove anything at all - login, password, user ID, some settings ... Yes, whatever your heart desires)
David Manjula David Manjula
328 one 7
- But the session is only valid for 15 minutes, and I need long-term storage. - Yaroslav Yasinitsky
- Session is not 15 minutes, but before the page closes) If you need long-term storage, better save to the database with reference to the user ID. Then even if the user exits, then, when logged in again, will receive the data) - David Manjula
|