remember me in php token length

Hi

I am looking at how to implement remember cookies in php and most webpages suggest to use a random token and change it each page load to prevent session hijacking. I asked a similar question about this recently.

my question is , if i do implement it this way,  how do i know how is' trying to be remembered?' I can assign the random token to the user on creation and then look up the random token and see who it was assigned to but isnt it possible more than one user could have the same random token?

how big, in terms of characters, would the token have to be for the chances of people having the same token to be negligible

thanks experts :)
andiejeAsked:
Who is Participating?
 
Dave BaldwinConnect With a Mentor Fixer of ProblemsCommented:
You have to do a lookup in your database to make sure that your token is unique.  As you seem to understand, 'random' does not mean unique.
0
 
andiejeAuthor Commented:
so i check the token when i make it to ensure it doesnt already exist? Is that what you are saying? Makes sense to do that
0
 
Dave BaldwinFixer of ProblemsCommented:
Yes, that's what I'm saying.  I don't know of any way to 'guarantee' unique-ness.  Even if you do something like an MD5 of someone's name, there are a lot of people with the same name.
0
 
Ray PaseurCommented:
The example in this article works reasonably well.  You can generate the token and INSERT it into a SQL database.  If there is a duplicate in a UNIQUE column, MySQL will throw error numner 1062.  When this happens, you generate a new token and retry the INSERT.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html
0
 
andiejeAuthor Commented:
thank you
0
All Courses

From novice to tech pro — start learning today.