How to make cookies to remember the user. As I understand:
At the request of the user, we set cookies to him, which is for example (login + salt + time ()) and hash it in SHA-512 and put this record in the database and on each page compare the values of cookies and values in the database and select the user from the database for this hash. I understand correctly?
nameisusselesinfo nameisusselesinfo
70 one five
- How is it going? I have the same task until I decided how to do it. - EmErIx_007 Feb. 5:03 pm
|
1 answer
For security reasons, I would have tied the hash to the IP address from which the request is sent and maybe to the user agent. That is, when checking the hash, the IP from which the request came is also checked. Plus, it is necessary to take into account the possibility of login from several devices at once, that is, there may be several hashes for one user. And even more details are here https://david-m.livejournal.com/1267236.html
Shtinov Anton Shtinov Anton
one
|