Best aproach to store Remember Me data |
Am i right - that selector - is just an unique ID (and we must use selector to add a little bit secrecy about amount of users)
selector are a unique ID that get's randomized so that your software don't suffer for a timing attack. And how many users are logged in. Code: CREATE TABLE `auth` ( how to generate selector to exclude potential hash collision? Use one of the functions inside the article. If they do collide (12 chars) it's not likely that a random 64 chars will collide too. So the users will be kicked out. If you are paranoid, you will need to query the database. My main question is - do i need to generate a new selector and hashedValidator, each time a user logs in and add a new entry in database. Each time a user clicks "Remember me" and open your site after they have closed the browser/sessions have been deleted by CI/server. Sure there are people who never closes their browser, but I keep mine static and the server have always timed out before 14 days (cookie). So i mean if the same user logs in using different browsers - in cookies he will get a different cookies (that have different selector and hashedValidator) Yes, he will get a different selector and token. do i need to make only one entry for user (in firefox and chrome user will get the same values in selector and hashedValidator cookies) Different Maybe you can get a few hints from my code. It's not tailored for CI, but it's using Paragonie examples. https://github.com/jreklund/php4dvd/blob...ss.php#L73 https://github.com/jreklund/php4dvd/blob...nc.php#L19 And here are the official version from them: https://github.com/psecio/gatekeeper/blo...mberMe.php |
Messages In This Thread |
Best aproach to store Remember Me data - by glorsh66 - 12-18-2017, 09:33 AM
RE: Best aproach to store Remember Me data - by jreklund - 12-18-2017, 11:51 AM
RE: Best aproach to store Remember Me data - by glorsh66 - 12-19-2017, 02:41 AM
RE: Best aproach to store Remember Me data - by InsiteFX - 12-19-2017, 03:45 AM
RE: Best aproach to store Remember Me data - by jreklund - 12-19-2017, 08:56 AM
RE: Best aproach to store Remember Me data - by glorsh66 - 12-20-2017, 04:43 AM
|