andieje
asked on
remember me in php token length
Hi
I am looking at how to implement remember cookies in php and most webpages suggest to use a random token and change it each page load to prevent session hijacking. I asked a similar question about this recently.
my question is , if i do implement it this way, how do i know how is' trying to be remembered?' I can assign the random token to the user on creation and then look up the random token and see who it was assigned to but isnt it possible more than one user could have the same random token?
how big, in terms of characters, would the token have to be for the chances of people having the same token to be negligible
thanks experts :)
I am looking at how to implement remember cookies in php and most webpages suggest to use a random token and change it each page load to prevent session hijacking. I asked a similar question about this recently.
my question is , if i do implement it this way, how do i know how is' trying to be remembered?' I can assign the random token to the user on creation and then look up the random token and see who it was assigned to but isnt it possible more than one user could have the same random token?
how big, in terms of characters, would the token have to be for the chances of people having the same token to be negligible
thanks experts :)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes, that's what I'm saying. I don't know of any way to 'guarantee' unique-ness. Even if you do something like an MD5 of someone's name, there are a lot of people with the same name.
The example in this article works reasonably well. You can generate the token and INSERT it into a SQL database. If there is a duplicate in a UNIQUE column, MySQL will throw error numner 1062. When this happens, you generate a new token and retry the INSERT.
https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html
https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html
ASKER
thank you
ASKER