Solved

remember me in php token length

Posted on 2015-01-08
5
90 Views
Last Modified: 2015-01-24
Hi

I am looking at how to implement remember cookies in php and most webpages suggest to use a random token and change it each page load to prevent session hijacking. I asked a similar question about this recently.

my question is , if i do implement it this way,  how do i know how is' trying to be remembered?' I can assign the random token to the user on creation and then look up the random token and see who it was assigned to but isnt it possible more than one user could have the same random token?

how big, in terms of characters, would the token have to be for the chances of people having the same token to be negligible

thanks experts :)
0
Comment
Question by:andieje
  • 2
  • 2
5 Comments
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 40538509
You have to do a lookup in your database to make sure that your token is unique.  As you seem to understand, 'random' does not mean unique.
0
 

Author Comment

by:andieje
ID: 40538963
so i check the token when i make it to ensure it doesnt already exist? Is that what you are saying? Makes sense to do that
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40538997
Yes, that's what I'm saying.  I don't know of any way to 'guarantee' unique-ness.  Even if you do something like an MD5 of someone's name, there are a lot of people with the same name.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 40542960
The example in this article works reasonably well.  You can generate the token and INSERT it into a SQL database.  If there is a duplicate in a UNIQUE column, MySQL will throw error numner 1062.  When this happens, you generate a new token and retry the INSERT.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html
0
 

Author Closing Comment

by:andieje
ID: 40567952
thank you
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Both Easy and Powerful How easy is PHP? http://lmgtfy.com?q=how+easy+is+php (http://lmgtfy.com?q=how+easy+is+php)  Very easy.  It has been described as "a programming language even my grandmother can use." How powerful is PHP?  http://en.wikiped…
I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now