Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

remember me in php token length

Posted on 2015-01-08
5
Medium Priority
?
113 Views
Last Modified: 2015-01-24
Hi

I am looking at how to implement remember cookies in php and most webpages suggest to use a random token and change it each page load to prevent session hijacking. I asked a similar question about this recently.

my question is , if i do implement it this way,  how do i know how is' trying to be remembered?' I can assign the random token to the user on creation and then look up the random token and see who it was assigned to but isnt it possible more than one user could have the same random token?

how big, in terms of characters, would the token have to be for the chances of people having the same token to be negligible

thanks experts :)
0
Comment
Question by:andieje
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 84

Accepted Solution

by:
Dave Baldwin earned 2000 total points
ID: 40538509
You have to do a lookup in your database to make sure that your token is unique.  As you seem to understand, 'random' does not mean unique.
0
 

Author Comment

by:andieje
ID: 40538963
so i check the token when i make it to ensure it doesnt already exist? Is that what you are saying? Makes sense to do that
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 40538997
Yes, that's what I'm saying.  I don't know of any way to 'guarantee' unique-ness.  Even if you do something like an MD5 of someone's name, there are a lot of people with the same name.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 40542960
The example in this article works reasonably well.  You can generate the token and INSERT it into a SQL database.  If there is a duplicate in a UNIQUE column, MySQL will throw error numner 1062.  When this happens, you generate a new token and retry the INSERT.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html
0
 

Author Closing Comment

by:andieje
ID: 40567952
thank you
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These days socially coordinated efforts have turned into a critical requirement for enterprises.
This article discusses how to implement server side field validation and display customized error messages to the client.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to count occurrences of each item in an array.
Suggested Courses

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question