Solved

remember me in php token length

Posted on 2015-01-08
5
88 Views
Last Modified: 2015-01-24
Hi

I am looking at how to implement remember cookies in php and most webpages suggest to use a random token and change it each page load to prevent session hijacking. I asked a similar question about this recently.

my question is , if i do implement it this way,  how do i know how is' trying to be remembered?' I can assign the random token to the user on creation and then look up the random token and see who it was assigned to but isnt it possible more than one user could have the same random token?

how big, in terms of characters, would the token have to be for the chances of people having the same token to be negligible

thanks experts :)
0
Comment
Question by:andieje
  • 2
  • 2
5 Comments
 
LVL 82

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 40538509
You have to do a lookup in your database to make sure that your token is unique.  As you seem to understand, 'random' does not mean unique.
0
 

Author Comment

by:andieje
ID: 40538963
so i check the token when i make it to ensure it doesnt already exist? Is that what you are saying? Makes sense to do that
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 40538997
Yes, that's what I'm saying.  I don't know of any way to 'guarantee' unique-ness.  Even if you do something like an MD5 of someone's name, there are a lot of people with the same name.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 40542960
The example in this article works reasonably well.  You can generate the token and INSERT it into a SQL database.  If there is a duplicate in a UNIQUE column, MySQL will throw error numner 1062.  When this happens, you generate a new token and retry the INSERT.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html
0
 

Author Closing Comment

by:andieje
ID: 40567952
thank you
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

This article will explain how to display the first page of your Microsoft Word documents (e.g. .doc, .docx, etc...) as images in a web page programatically. I have scoured the web on a way to do this unsuccessfully. The goal is to produce something …
Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now