How to remember password login in php to make it safe
大家讲道理
大家讲道理 2017-06-23 09:11:09
0
4
865

The general method is to store the account and password in the cookie, but this is not safe. Is there a safe way?

大家讲道理
大家讲道理

光阴似箭催人老,日月如移越少年。

reply all(4)
伊谢尔伦
  1. First, after successful login, a MD5 hash value token (32-bit or 64-bit) is randomly generated;

  2. Then, store this token in the current user’s table, and then add a token field and last_login_time field to this user;

  3. Return this token to the browser’s cookie to store, and set a maximum duration, such as 30 days;

The main function of these three processes is that last_login_time can check the expiration time. After the expiration time is up, the token will be updated. In addition, as long as the user successfully logs in through this token, the token will be updated, so as to ensure as much security as possible.

Every time the user visits the website, check whether there is a token in the cookie. If there is a token, go to the database to query the data. If found, the login will be successful directly, which saves the user name and password verification and login stage.

The whole idea is this, you can also let the front end store the token in localstorage

仅有的幸福

Use jwt token to save the token in the browser.

You can read the following two articles for details

jwt-vs-oauth-authentication , jwt

学霸

Don’t use cookies to save account passwords, save a flag to remember the login, and finally combine it with the time of the last login and the generated key to form an encrypted string. Then save it in cookie.
Then check whether there is this cookie every time you log in. If there is, decrypt it. This string can then be solved for verification. If it is normal, just log in directly.

我想大声告诉你

Cookie stores the password locally, and session stores the password on the server. Relatively speaking, session is relatively safe. But cookies are very safe if they are handled well.

Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template