I am looking at how to implement remember cookies in php and most webpages suggest to use a random token and change it each page load to prevent session hijacking. I asked a similar question about this recently.
my question is , if i do implement it this way, how do i know how is' trying to be remembered?' I can assign the random token to the user on creation and then look up the random token and see who it was assigned to but isnt it possible more than one user could have the same random token?
how big, in terms of characters, would the token have to be for the chances of people having the same token to be negligible
thanks experts :)