Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Sign in with Twitter, and stay signed in (PHP)

Tags:

php

cookies

session

oauth

twitter

I'm creating a site where users will need to register to participate. I'm on a deadline, and I don't really want to write an entire user registration / login system, so I'm thinking I'll let the Twitter API handle it. I've registered an application with Twitter and I've got the proper PHP code to allow users to sign in and allow access to my application. The thing is, I don't want users to have to log in every time they visit the site, I'd like to implement a "stay signed in" option, I'm just having trouble figuring out how to do it.

I could simply store the oauth_token and oauth_token_secret in a cookie and simply read the cookie every time someone visits the site. The existence (or absence) of those cookie values will determine whether or not the person is authorized with twitter. Of course, this is a simple approach, and bad things could happen if users decided to mess with the cookie.

Another approach would be to store only the oauth_token in the cookie, and save both the oauth_token and oauth_token_secret in my database. When the user visits, I check for the cookie value and if it's present, I check the database for a matching value and fetch the secret token, but things could still go wrong if the user ever gets ahold of someone else's oauth_token key.

The final option would be to store both the token and token_secret in the database and generate a unique random value, perhaps do some arbitrary operations on it to further obscure it, maybe md5() it, and store THAT value in the cookie and also in the database.

Of course, I really know nothing about this kind of thing, which is why I opted to not write my own user system. Basically I just don't want the user to have to sign in every time (or even to have to click the "Sign in with Twitter" link every time). If they're already signed in and have already approved my application to access their account, I want them to be able to visit the site and have it remember them. What would be the best way to do this?

like image 446
HaLo2FrEeEk Avatar asked Mar 31 '11 20:03

HaLo2FrEeEk

1 Answers

The "stay logged in" part could be handled by you. You get the user to login via twitter the first time and then set a cookie. In future you check to see if a cookie is set and if so use that to auto-login the user and failing that offer twitter for login.

You don't need to force twitter to do the stay-logged in part.

like image 200
paullb Avatar answered Oct 11 '22 07:10

paullb
Sign in to Comment

Related questions

How to convert US date format to MYSQL format in INSERT query
PHP Command Line php.ini path error
How to use DOMDocument to add script to HTML5
Ordered dropDownList using relations?
PHP better practice to build a multi language site
Display Paragraph's text with Diagonal Indent
Retrieve Entire Email (headers + all body parts) with PHP
Design pattern for users
How to query mongo in php?
PHP doesn't load extensions specified in php.ini, but loads with dl()
PHP PDO extension not working on IIS
execute bash script from php without waiting
ping to check for real email addresses
Gettext placeholders
find the root word of a word
Matching all substrings inside parentheses but those starting with blacklisted word
Is @package required with PHP 5.3 namespaces?
How would you save a contenteditable div's content in a database with a PHP form?
Images rotate automatically
How to check if string is a valid XML element name?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!