Home >Backend Development >PHP Tutorial >Cookie login principle

Cookie login principle

WBOY
WBOYOriginal
2016-10-19 10:40:491213browse

If you log in, save the username and password to cookies. How to save them better? Log in directly through cookies without a session, log in the account information of cookies, and generate a new session

Reply content:

If you log in, save the username and password to cookies. How to save them better? Log in directly through cookies without a session, log in the account information of cookies, and generate a new session

For security reasons, it is best not to save passwords in cookies. Here is an idea: when the user logs in for the first time, after successfully verifying the username and password, an authorization token is generated, and then the token is saved in cookies for next time. Read the token for verification.

Why not try jsonwebtoken and save it in cookie as well

I think it can be saved as username|IP. In this way, when logging in automatically, first take out the first value and compare it with the username, and then compare it with the IP. The same IP will log in automatically. If it is different, it will not automatically

Cookie information is stored on the client (such as a browser), while session information is stored on the server. Only the sessionid is stored in the cookie, and the sessionid is passed to the server through the cookie. Cookies generally only store insensitive information such as user names

  • Sensitive information should not be stored in cookies

  • If you want to use cookies to log in, you can try to store user id token time in the cookie md5 (user id + token time + custom key)

  • The client uses the above information to verify the identity and validity period of the cookie and generate a session

  • This is the legendary automatic login principle..

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn