发表新帖
发表新帖

Hashes or tokens for “remember me” cookies?

后端 未结
关注
3 1402
挽巷
挽巷 2021-02-08 13:24

When it comes to remember me cookies, there are 2 distinct approaches:

Hashes
The remember me cookie stores a string that can iden

3条回答
  • 我在风中等你
    我在风中等你 (楼主)
    2021-02-08 13:30

    Typically you keep the token -> user mapping secure on the server side. So ultimately your security is all based around keeping the token safe and ensuring that its lifetime is controlled (e.g. it expires and/or is only valid when given to you from the same IP as that used by the original provider of the credentials - again, just an example)

    Security of token based authentication

    Hope this helps.

    0 讨论(0)
 看不清?
提交回复
热议问题