Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Cookie token authentication login method

Tags:

authentication

php

mysql

login

login-script

There is a method that is using cookies to login users and i don't know it's name. It's setting a unique token to the cookie each time a user logs in. The token is visible and it is set in 1 cookie. There is also a second cookie, which is having a hash in it. Based on these 2 cookies we have:

  • the login system is more secure, because each 5 minutes its making a new token and changes the hash value
  • this authentication system doesn't require the script to verify users in database each page load. It does it only when it changes the token
  • this type of authentication is a persistent one

Question: what is the name of this method?

like image 802
machineaddict Avatar asked Feb 02 '12 17:02

machineaddict

People also ask

How do you use cookie-based authentication?

The entire cookie-based authentication works in the following manner: The user gives a username and password at the time of login. Once the user fills in the login form, the browser (client) sends a login request to the server. The server verifies the user by querying the user data.

Which authentication uses cookies for user authentication?

Cookie authentication uses HTTP cookies to authenticate client requests and maintain session information. It works as follows: The client sends a login request to the server.

How do I use cookie tokens?

Therefore, you need to supply the token/cookie on every request for authentication by the server. The frontend stores the token or cookie and uses it to make subsequent requests to the server until the cookie or token expires.

2 Answers

You now procedure pretty well. Name doesn't matter much.

I think you are speaking about: Remember-Me Authentication

like image 96
Somnath Muluk Avatar answered Oct 22 '22 19:10

Somnath Muluk

I think you might be looking for something like OAuth. OAuth has become a sort of "standard" when it comes to token based authentication.

Here's some literature: https://www.rfc-editor.org/rfc/rfc5849

I found section 2.3. Token Credentials particularly similar to what you were talking about...

The response contains the following REQUIRED parameters:

oauth_token

    The token identifier.

oauth_token_secret

    The token shared-secret.

For example:

HTTP/1.1 200 OK
Content-Type: application/x-www-form-urlencoded
oauth_token=j49ddk933skd9dks&oauth_token_secret=ll399dj47dskfjdk

It's also important to note that through my understanding, token based authentication is only more secure if all requests are being made through an SSL connection. If not, 3rd parties can grab and imitate the tokens. So yeah, hope this is what you're looking for.

like image 26
Rawr Avatar answered Oct 22 '22 21:10

Rawr
Sign in to Comment

Related questions

curl_exec not returning data
cpu_get_usage in php?
Finding URL redirects with HTTP headers and curl?
Properly parse a Mongo cursor to PHP
PHP treated "0" as empty?
MySQL find row through another table
array with one value converted to string? [duplicate]
Setting default timezone does not work despite timezone being valid
How to persist one object with many related objects
DateTime as optional parameter (default to "now", not null)?
Deleting child collection from parent
Should one use `if ($a != NULL)` or `if ($a !== NULL)` to control program flow?
Configuring File Names for PHPUnit
why is PHP not throwing a parse error?
Combining bit flags in a class constant PHP [duplicate]
How to quote column names with Zend_Db?
Which third party shopping-cart can easily be integrated with MODX Revolution?
localhost http 500 internal server error
Get ID of record when mysql returns duplicate error
php: forward ntlm credentials to curl

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!